Active Directory  «Prev  Next»
Lesson 9

Active Directory Role Conclusion

  1. Describe the role of Active Directory in Windows
  2. Describe which Internet standards and technologies supported by Active Directory
  3. Describe the naming conventions in Active Directory that you must consider when establishing a Windows 2000 network
  4. Describe the logical structure of Active Directory
  5. Define the role of domains
  6. Define the role of organizational units (OUs)
  7. Define the relationship between trees and forests

Active Directory: Embracing Key Internet Standards and Technologies

Active Directory (AD) is a robust directory service that supports a wide range of internet standards and technologies, enabling seamless integration with various platforms and systems. By adopting these standards and technologies, Active Directory ensures interoperability, enhanced functionality, and simplified administration. Some of the most significant internet standards and technologies supported by Active Directory include:
  1. LDAP (Lightweight Directory Access Protocol): LDAP is an application protocol used for querying and modifying directory services over an IP network. Active Directory fully supports LDAP, enabling clients to access and manipulate the AD directory, as well as facilitating integration with other LDAP-compliant systems.
  2. DNS (Domain Name System): Active Directory relies on DNS to resolve domain names into IP addresses and vice versa, facilitating resource location and access within the network. AD uses DNS for domain controller location, service records, and client name resolution. This integration ensures seamless communication between different components of the Active Directory infrastructure.
  3. Kerberos: Active Directory incorporates the Kerberos authentication protocol to provide secure and efficient authentication within the network. Kerberos relies on time-stamped tickets to establish trust between clients and services, ensuring strong protection against eavesdropping and replay attacks.
  4. X.500 Directory Services: Active Directory is built upon the X.500 standard, which defines the structure and attributes of directory services. While AD does not implement the full X.500 protocol suite, it incorporates key concepts such as the hierarchical organization of objects and the use of Distinguished Names (DNs) to uniquely identify objects within the directory.
  5. SSL/TLS (Secure Sockets Layer/Transport Layer Security): Active Directory supports SSL/TLS protocols for securing LDAP communications (LDAPS). By encrypting the data transmitted between clients and the directory server, SSL/TLS ensures the confidentiality and integrity of sensitive information.
  6. SMB (Server Message Block): Active Directory leverages the SMB protocol for file and printer sharing, as well as for inter-process communication between systems. SMB enables seamless access to resources and services within the network, facilitating collaboration and data exchange.
  7. IPv6 (Internet Protocol version 6): Active Directory supports IPv6, the latest version of the Internet Protocol, which provides an expanded address space and improved security features. This support ensures that AD can function in both IPv4 and IPv6 environments, facilitating smooth transitions as organizations adopt the newer protocol.

Active Directory supports a wide range of key internet standards and technologies, such as LDAP, DNS, Kerberos, X.500, SSL/TLS, SMB, and IPv6. By embracing these protocols, AD ensures interoperability, streamlined administration, and enhanced security, making it a powerful and versatile directory service for organizations of all sizes.

Active Directory Terms

Here are some terms from this module that may have been new to you:
  1. Site: A site is one or more IP subnets connected by a high-speed link. Site
  2. Namespace: The namespace encompasses the forests, trees and domains that create the logical structure of the network. Objects within the namespace are identified in several different ways.
  3. Distinguished name: Every object in Active Directory has a distinguished name. The distinguished name identifies the domain where the object is located, in addition to the complete path by which the object is reached.
  4. Relative distinguished name: The relative distinguished name of an object is the part of the distinguished name that is an attribute of the object.
  5. User principal name: The user principal name of a user object is composed of the user's logon name and the DNS name of the domain where the user object resides.
  6. Globally unique identifier: The globally unique identifier (GUID) is a 128-bit number that is guaranteed to be unique. Windows 2000 assigns a GUID to objects when they are created.
  7. Domain: The basic administrative unit in a Windows 2000 network.
  8. Mixed-mode domain: Windows 2000 Server and Windows Server 2003 Active Directory can be deployed in mixed mode, which allows for Windows NT 4.0 Server BDCs. In fact, when you upgrade to Windows 2000 Server, you first upgrade the primary domain controller (PDC), and it's automatically acting in mixed mode.
  9. Native-mode domain: A domain in which all domain controllers are running Windows 2000 (no - NT 4.0 - domain controllers).
  10. Organizational unit: An organizational unit (OU) is a container object that you use to organize objects within a domain. An OU contains objects, such as user accounts, groups, computers, printers, and other OUs.
In the next module, you will learn the details of the physical structure of the Active Directory.

Best Practices for Active Directory

  1. Backup Active Directory database every week or at least backup once within tombstone period.
  2. Create an isolated AD Site that is assigned to a subnet not associated with any user, workstation or server subnet. Place a domain controller from each domain on this site and set the replication interval to 7 days.
    a) This Active Directory site may be used to authoritatively restore any accidently deleted object without restoring from backups,
    b) Since replication interval is high, there is possibility that you will be aware of accidently deleted objects before they get replicated to isolated Active Directory site.

Active Directory - Quiz

Click the Quiz link below to test your comprehension of the role and organization of the Active Directory.
Active Directory - Quiz