Menu
Basic Functions of Microsoft Active Directory by Manolis Skoras

Active Directory is a distributed directory service included with Microsoft Windows Server operating systems. Active Directory enables centralized, secure management of an entire network, which might span a building, a city, or multiple locations throughout the world.

Active Directory is a distributed directory service

Let's analyze a basic part of Active Directory: domains. A domain is a logical collection and a security boundary at the same time. For example, every domain has a name like "Microsoft.com". Domains also have what we call a name space; "Microsoft.com" would be a good example. A "tree" is one or more domains that share a common name space. So, one might have "support.microsoft.com" or "train.support.microsoft.com".

Now, what happens within this tree is that is an automatic trust relationship with the other domains within the tree and subsequently within the "forest", which is a collection of trees that share common configuration and schema (all the objects and all the object attributes that you can use inside your network -remember, only one schema per forest!). This trust relationship allows the user to go beyond the domain boundaries for certain functions if the other domain gives the permission to access it.

Active Directory is built on servers called domain controllers. These are servers that hold a local domain database (Active Directory), where all the user and computer accounts reside. This directory service also authenticates users and responds to queries every time members in the domain perform a search. So when someone searches for a printer or another user, or when one asks to connect to another server in the network, they are actually "talking" to the domain controller and perform searches in the active directory database.

A few domain controllers have an additional role called Global Catalog which allows the server to be the domain's actual index. The Global Catalog is the server that hosts a subset of information from other domains in the forest - when someones searches for something that is on another domain, it can be found it a lot faster through this server.

No Active Directory can exist without the Domain Name Servers (DNS). All network services depend on DNS. Most people think that it only performs name resolution ("pinging" a name and returning the IP address), but DNS does a lot more. DNS helps clients find domain controllers and Global Catalog servers. Furthermore, DNS always gives you nearest resources first, so if your computer asks where the domain controller is, the answer will contain all the domain controllers sorted from the nearest to the furthest.

In order to have an effective domain, more than one domain controller must be used. This is done for redundancy and load balancing. If one goes down, you need to make sure that someone is authenticating the clients. In turn, when all of them are working, you need to use them all at the same time equally. In terms of replication itself, what is replicated is all the domain information that we have crated inside the Active Directory: user accounts, computer accounts, group objects, policies and the structure of the Active Directory.

When you want to make a change to the Active Directory, you can connect to any domain controller you like. All domain controllers can accept any kind of change, which is a big improvement from the past. Replication is performed regularly, so changes made to one domain controller are automatically replicated to the others.

Another important thing you should be familiar with is that the Active Directory database is divided into what Microsoft calls partitions. A partition is a logical boundary or a specific type of information. Partitions are categorized into "domain partitions", "configuration partitions", "schema partitions" and "application partitions".

A domain partition contains all the objects in the directory for a domain. A configuration partition contains the configuration information for the Active Directory and the applications that are replicated throughout the entire forest. The schema partition has all the object types and their attributes. An application partition holds the specific application data as required by the application.


Manolis Skoras is a Cisco, Microsoft and HP Certified Trainer and systems-network engineer. Recently he created a site with How to study For MCITP practice test, to help his students and people around the world to better understand the material they will be tested on, thus having greater success rates. Check [certify4sure.com site can't be reached].


Learn more at amazon.com

More Windows Administration Information:
• Hands-On Microsoft Windows Server 2008 Administration
• Video - Microsoft Remote Desktop - Part Two
• PC Technician's Guide to Providing Telephone Support
• Hard Disk Management
• Introduction to DOS
• Configuring Windows as a NTP (Network Time Protocol) Server
• Tweaks to Speed Up Internet Streaming Video
• The Different Types of Virtualization
• A Day in the Life of a System Administrator
• Microsoft Licensing Explained