A directory is really just an easy way to look things up. There are directories everywhere. When you look up a number in your phone book, you are using a directory. When you organize the files and folders on your computer, you are also using a directory. Like these, the Active Directory is a collection of information—in this case, a collection of information about the resources available on a Windows Server 2003 network.
The Need for Directory Services
The traditional method for keeping up with the enormous amount of information about network resources is to store it in separate directories that are typically managed from within the application or operating system component that uses the information. A perfect example of this lies just a few years back in versions of Windows prior to Windows 2000. On a typical Windows NT 4.0–based network, for example, you might find several directories of information scattered across servers on a network. Users and access-controls lists were kept within a directory called the Security Accounts Manager (SAM) database. Exchange Server mailboxes and their user associations were stored in the Exchange directory. Other services and applications maintained their own directo ries. Although there was some interaction between these directories, they were largely separate.
Directories were most often developed for a particular application. Developers of these directories had no real incentive to provide integration with other systems. However, administrators and users who were faced with ever-increasing amounts of work did have a real need for all these separate databases to be able to work together and be managed as a single unit.
What Directory Services Bring to the Table
Directory services go beyond the functionality of scattered, proprietary directories by providing a unified source of information. Active Directory is not the first directory ser vice. In fact, there are several directory services and standards used on networks today. These include (but are not limited to):
■ X.500 and the Directory Access Protocol (DAP) X.500 is an Internet Stan dards Organization (ISO) specification that defines how global directories should be structured. X.500 specifies the use of DAP to provide communication between clients and directory servers.
■ Lightweight Directory Access Protocol (LDAP) LDAP was developed in response to criticism that DAP was just too complicated for use on most directory service implementations. LDAP has quickly become the standard directory proto col used on the Internet.
■ Novell Directory Services (NDS) NDS is the directory service used for Novell Netware networks and complies with the X.500 standard.
■ Active Directory Active Directory is integral to Windows 2000– and Windows Server 2003–based networks. It was designed to comply with the LDAP standard.
See Also For more technical information on the X.500, DAP, and LDAP standards (and any other Internet standards), go to www.ietf.org, the official site of the Internet Engineering Task Force (IETF). Run a keyword search using the terms “X.500,” “DAP,” or “LDAP.”
For a complex network, a directory service should provide an efficient way to manage, find, and access all the resources on a network—resources such as computers, users, printers, shared folders, and many others. A good directory service implementation should provide a number of core benefits:
■ Centralization The idea behind centralization is to reduce the number of direc tories on a network. Bringing information about all network resources into a cen tralized directory provides a single point of management, easing the administration of resources and allowing you to more effectively delegate admin istrative tasks. It also provides a single point of entry for network users (or their computers or applications) when searching for resources.
■ Scalability A directory service should also be able to accommodate the growth of a network without incurring significant additional overhead. This means that there needs to be a way of breaking up (or partitioning) the directory database so that it does not grow too large to be usable, while still maintaining the benefits of centralization.
■ Standardization A directory service should also provide access to its informa tion through open standards. This ensures that other applications can make use of resources in Active Directory (and publish their own resources there) rather than having to maintain their own directories.
■ Extensible A directory service should also provide a way for administrators and applications to extend the information contained in the directory to meet an orga nization’s needs.
■ Separation of physical network A directory service should make the physical network topology transparent to users and administrators. A resource should be identified and accessed without any knowledge required of how or where it is connected to the network.
■ Security A directory service would be very useful to a malicious attacker because it would contain detailed information about the organization. Therefore, a directory service must provide a secure means to store, manage, retrieve, and publish information about network resources.
How Active Directory Addresses the Issue
Active Directory is designed to meet all of the needs of a directory service outlined in the previous section.
■ Active Directory is centralized, providing a single database of network resources that is easy to search and administer.
■ Active Directory is scalable because it allows the database to be partitioned and distributed across the domains that make up the network, yet still be managed as a single directory.
■ Active Directory is standardized because it is made accessible through LDAP, an open Internet standard overseen by the IETF.
■ Active Directory is extensible, allowing developers to use the directory to store information for their own applications.
■ Active Directory is secure, since it is tightly integrated with Windows Server 2003 security.
■ Active Directory abstracts the logical organization of the network and identifica tion of network resources from the physical structure of the network.
Exam Tip It is important to remember how Active Directory fits into Windows Server 2003. Active Directory is both a database of information about network resources and a service run by a domain controller that provides access to that database.