Active Directory  «Prev  Next»
Lesson 3 Active Directory supported technologies
Objective Define the technologies supported by Active Directory.

Active Directory Supported Technologies

Active Directory is specifically designed to interact with and manage other directories, regardless of their location or underlying operating systems. To accomplish this, Active Directory provides extensive support for existing standards and protocols .
To interact with and manage other directories, regardless of their location or their underlying operating systems, Active Directory provides extensive support for existing standards and protocols. It also provides application programming interfaces[1] (APIs) that facilitate communication with these other directories. Thus, unlike Windows NT 4.0 which did not support LDAP standards, Windows 2000 can interact with Netware's NDS and other LDAP compatible directory services. Microsoft includes a tool for migrating an NDS directory tree to a Windows 2000 domain; and other migration tools can be easily developed by third parties using the provided APIs.

Directory Service for Windows Server

Active Directory is the directory service for the Windows Server 2003 operating system and DNS is the primary name resolution service for Windows Server 2003. DNS is a core component of Windows Server 2003 TCP/IP networking. Strictly speaking, DNS is not a component of Active Directory. However, knowledge of how Active Directory depends on DNS is necessary to understand how Active Directory components are able to perform their assigned operations. DNS is used by Active Directory for domain controller location and DNS naming is leveraged by Active Directory for domain naming. Because Active Directory depends on DNS for domain controller location and DNS influences Active Directory domain naming, DNS is discussed in this technical reference subject as a component of the Windows Server 2003 directory service solution.


Why support these standards?

Supporting these Internet standards provides several benefits:
DNS dynamic update protocol enables corporations to achieve a global naming structure that is compatible with standard Internet DNS conventions. LDAP maximizes the interoperability between applications and directory services and facilitates directory interoperability through synchronization. Kerberos v5 and X.509 certificate integration with Active Directory gives corporations the flexibility to mix and match the security that they deploy-in both Internet and intranet environments depending on their needs. In the next lesson, you will learn about Active Directory naming conventions.

How Objects Are Stored and Identified

Data stored within Active Directory is presented to the user in a hierarchical fashion similar to the way data is stored in a filesystem. Each entry is referred to as an object. At the structural level, there are two types of objects: 1) containers and 2) non-containers. Noncontainer objects are also known as leaf nodes. One or more containers branch off in a hierarchical fashion from a root container.
Each container may contain leaf nodes or other containers. As the name implies, however, a leaf node may not contain any other objects. Although the data in Active Directory is presented hierarchically, it is actually stored in flat database rows and columns. The directory information tree (DIT) file is an Extensible Storage Engine (ESE) database file. This answers the question
Does Active Directory use JET or ESE database technology?

ESE is a JET technology
Consider the parent-child relationships of the containers and leaves in Figure 2-3. The root of this tree has two children, Finance and Sales. Both of these are containers of other objects. Sales has two children of its own, Pre-Sales and Post-Sales. Only the Pre- Sales container is shown as containing additional child objects. The Pre-Sales container holds user, group, and computer objects as an example.

Figure 2-3 : Hierarchy of Objects
Figure 2-3 : Hierarchy of Objects

[1]Application programming interfaces: A set of routines used by a program to request and carry out lower level services performed by another component, such as the computer's operating system or a network service.

SEMrush Software