After completing this article, you will be able to describe the Active Directory Domain Services role in Windows Server 2008 and its function and benefits. You will also develop an understating of the components of an Active Directory environment, including forests, sites, domains, domain trees, and organizational units (OUs).
In this article we will discuss how to design the physical and logical structure of an Active Directory network and delve into Active Directory’s naming standards and their importance to a well-functioning Active Directory environment. Finally, you will understand and assess Active Directory domain and functional levels based on the needs of an organization’s network environment as well as the trust models used by Active Directory and the role that Active Directory trusts play in resources accessibility across multiple organizations.
Introducing Active Directory Domain Services
The Active Directory Domain Services (AD DS) service in Windows Server 2008 provides a centralized authentication service for Microsoft networks. Some of the benefits of Active Directory DS include a hierarchical organizational structure, multimaster authentication to create fault tolerance and redundancy, a single point of access to network resources, and the ability to create trust relationships with external networks running previous versions of Active Directory and even UNIX.
Windows Server 2008 includes a number of new features to improve Active Directory. Including the introduction of the Read-only Domain controller (RODS), fine-grained password policies, an improved graphical user interface (GUI), improved auditing of Active Directory modification and deletions, the ability to start and stop Active Directory as a service without needing to completely restart the domain controller for maintenance, and the introduction of Server Core, a minimal installation of Windows Server 2008 that has a greatly reduced attack footprint relative to a full install of the server operating system.
Identifying Functions and Benefits of Active Directory
Microsoft introduced the Active Directory service in Windows Server 2000 to provide the main repository for information about network users, computers, services, and other resources on a Microsoft networks. Although subsequent versions of Active Directory in Windows Server 2003 and Windows Server 2008 have introduced new functionality and security features, the basic premises of the service remains the same to provide a centralized authentication and authorization repository for large and small organizations alike.
A directory service allows businesses to define, manage, access, and secure network resources, including files, printers, people, and applications. Without the efficiency of a directory services, businesses would have difficulty keeping up with demands for fast-paced data exchange. As corporate networks continue to grow in complexity and importance, businesses require more and more from the networks that facilitate this automation.
Functions of Active Directory Domain Services
In Windows Server 2008, Microsoft provides two separate roles that can provide directory services:
- Active Directory Domain Services (AD DS) provides the full-fledged directory service that was referred to as Active Directory in Windows Server 2003 and Windows 2000.
- Active Directory Lightweight Directory Services (AD DS) provides a lightweight, flexible directory platform that can be used by Active Directory developers without incurring the overhead of the full-fledged Active Directory DS directory service. For example, an application developer might use AD LDS to provide a directory of employee photographs that integrate with AD DS, without actually needing to store hundreds of thousands of graphics files throughout the company.
A Windows Server 2008 computer that has been configured with the Active Directory DS role is referred to as a domain controller (DC). A domain controller is a server that stores the Active Directory database and authenticates users with the network during logon. Each domain controller actively participates in storing, modifying, and maintaining the Active Directory database information that is stored on each domain controller in a file called ntds.dit.
Active Directory is a multimaster database, which means that administrators can update the ntds.dit from any domain controller. The process of keeping each domain controller in sync with changes that have been made elsewhere on the network is called replication. When a domain controller transmits replication information to other domain controllers on the network, this is called outbound replication. When a domain controller receives updates to the Active Directory database from other domain controllers on the network, this is called inbound replication.
Consider a small network with three domain controller: DC1, DC2, and DC3. A user changes her password, updating the ntds.dit database in DC1. DC1 must then replicate this change to DC2 and DC3. Domain controllers automatically replicate with other domain controllers in the same domain to ensure that the Active Directory database is consistent. Windows Server 2008 relies on one or more domain controllers to manage access to network services.
Active Directory is designed to enable scalability by handling organizations of any size, from small businesses to global enterprises. In fact, Active Directory is theoretically scalable to holding 4,294,967,041 (232 -235) separate objects. From a practical standpoint, this means that the maximum size of an Active Directory database is really only limited by the processing power of the hardware that has been deployed into domain controller.
Benefits of Active Directory Domain Services
- Centralized resources and security administration
- Single logon for access to global resources
- Fault tolerance and redundancy
- Simplified resource location
Guys, these are the introduction of Active Directory Domain Services. I hope you understand the concept of Active Directory DS, functions and benefits of Active Directory.