Home > Articles > Operating Systems, Server > Microsoft Servers

Understanding Active Directory, Part I

  • Print
  • + Share This
Active Directory is one of the new breed of metadirectories, so it is integral to the Windows 2000 Server operating system's infrastructure, security, and maintenance. This article covers the basics.
From the author of

This series of articles examines the directory services known collectively as the Active Directory. This is one of the new breed of metadirectories, and so it is integral to the Windows 2000 Server operating system's infrastructure, security, and maintenance.

After reading this series, you should have a working knowledge of the following Active Directory concepts:

  • The role of directory services—the function of the Active Directory and an identification of some of its important features for system administrators.

  • Active Directory logical structure components—the role of domains, domain trees, forests, and organizational units.

  • Active Directory physical structure components—the role of sites and domain controllers.

  • Active Directory schema—how the Active Directory schema defines object classes and attributes.

  • Open standards support and naming conventions—the Active Directory's use of open standards such as DNS and LDAP, together with its employment of the most common naming conventions to ensure interoperability.

  • Migration and Application Programming Interfaces—the support provided for the migration and/or integration of the Active Directory with other directory services such as Novell's NDS and API options available for both third-party application development and administrative scripting.

  • The Global Catalog and replication services—the new Global Catalog feature and the directory replication services.

  • Security and trust relationships—the role played by domains, trees, and forests with respect to security and trust relationships.

  • Administrative Delegation—how the Active Directory structure lends itself to very granular resource management and the delegation of system administration authority.

Directory Services

The Windows 2000 Active Directory is Microsoft's consolidation of the major enterprise-wide directory services within a single, replicable data store and administrative interface.

A directory is a listing that helps organize and locate things. The index of this book is one example. As the reader of the index, you become the directory service provider that scans the entries, locates the page number(s) for a given topic, and turns to the identified page.

In computing terms, the two components of a directory are the data store and the services that act on that data. In Windows 2000, a directory is simply a store of objects, within which those objects can be located anywhere in the enterprise; and can include applications, databases, printers, users, and other workstations or servers. A directory service performs many functions that act on that store: replication, security rule enforcement, data distribution, and much more.


An object is a representation of real things such as a user, a data file, a printer, or a software application. All objects have named attributes that describe the item. Thus, an attribute of a printer might be its location, its manufacturer, or its type. A container is a special class that has both a namespace and attributes. It does not represent anything real or concrete, but instead holds one or more objects. A tree is simply a hierarchy of objects and containers. As discussed later, the domain tree is a special form of tree that defines a domain directory hierarchy. The endpoint of any tree branch is an object; the branch is typically viewed as a container for multiple objects. Think of a tree as the relationship of objects and their path from the root. For example, the user container holds the objects associated with all users on a computer system. Subbranches hold the objects associated with an individual user.

  • + Share This
  • 🔖 Save To Your Account