- Evolution of Directory Services
- Active Directory Development
- Active Directory Structure
- Active Directory Components
- Domain Trusts
- Organizational Units
- Groups in an Active Directory Environment
- Active Directory Replication
- DNS in Active Directory
- Active Directory Security
- Active Directory Changes in Windows .NET Server 2003
- Best Practices
Active Directory Development
Introduced with Windows 2000, Active Directory has achieved wide industry recognition and acceptance and has proven itself in reliability, scalability, and performance. The introduction of Active Directory served to address some limitations in the NT 4.0 domain structure design and also allowed for future Microsoft products to tie into a common interface.
Limitations of NT 4.0 Domains
Windows NT 4.0 domains, while possessing enhanced security over previous Windows Workgroup models, have several functional shortcomings that have limited their use as enterprise directories. The Windows NT domain is basically a flat namespace that stores very little information about a user beyond the basic username, password, and so on. In addition, further organization of users beyond the domain level is essentially not possible.
In addition, a typical NT 4.0 domain has basically two types of users: full-blown administrators and standard users. In a nutshell, you were either a super administrator of the domain or just a simple network user. This kept delegation of administration simple but didn't provide for the type of granular security required by many larger organizations. These organizations needed administrative tasks to be subdivided and strictly defined, and Windows NT domains did not provide these capabilities. To get around this problem, many organizations set up multiple resource and user domains, dividing them by geographical location and/or political subdivision. The resulting special administrative issues could confuse even a seasoned NT guru. Often, one individual had several user accounts in multiple domains with multiple passwords. Needless to say, this drawback has been addressed in the granular administrative design within Active Directory.
Connectivity between NT 4.0 domains was accomplished through the manual setup of one- or two-way trusts. The trusts were not transitive, however, which means that if Domain A trusts Domain B, and Domain B trusts Domain C, Domain A does not trust Domain C unless you specifically create a trust between Domain A and Domain C. The problem with this model was that multiple domain trusts between several domains started to look like a "spaghetti" domain structure similar to the trust configuration shown in Figure 4.1.Figure 4.1 Spaghetti domain structure in Windows NT4.
This type of domain structure, as any NT 4.0 administrator can attest, becomes frustratingly difficult to administer and troubleshoot, as new administrators must determine what is meant by "trusted" and "trusting" domains and even veterans have a hard time visualizing their trust relationships from memory.
In addition to the complicated trust schemes, the Windows NT primary domain controller (PDC) is a single point of failure within an NT domain. If the PDC went down for whatever reason, it severely impacted domain functionality.
Large organizations were likewise limited by the object limitations of NT 4.0 domains, which could not scale higher than 44,000 objects in any one domain.
These limitations were aggressively addressed with the development of Windows 2000 and Active Directory. Windows .NET Server 2003 expands upon the functionality of Windows 2000 and takes the administrative capabilities of Active Directory even further, as Chapters 19 to 25 will cover in Part VI of this book.
Microsoft Adoption of Internet Standards
Since the early development of Windows 2000, Microsoft has strived to make all its products embrace the Internet. Standards that before had been options or previously incompatible were subsequently woven into the software as primary methods of communication and operability. All applications and operating systems became TCP/IP compliant, and proprietary protocols such as NetBEUI were phased out.
With the introduction of Windows .NET Server 2003, the Internet readiness of the Microsoft environment reaches new levels of functionality. The .NET Services initiative stipulates use of the Internet, and .NET Server is specifically designed around Internet integration.