Active Directory – Directory Services

Active Directory

Ad he is a central database that contains information on the resources of the network such as : Printers, users, computers etc… ' that are called objects, and also information on different facilities that exist in the network. Possible/given to say in addition that ad he somewhat like telephone book that contains every the list of the memberships and also their characteristics.


The structure active directory the resources of the network are organized in active directory in the two central buildings : The structure is logical and the structure is physical. The logical structure groups resources in order that to the users will be easy to execute a search by means of there the resource and not according to physical place to about Ncl the physical structure he are transparent to the user.

The logical structure of object of set of characteristics that represent a resource of network or every thing given/allowed to characterize the same in certain form. For example : Object that he is a printer is possible/given to give her characteristic such as : There, type etc… '. Organizational unit

Object of container ) i.e. can contain in him more objects ( Hmapshrargon logical of objects the inside domain. Coulds contain computers, users, printers etc… '.


Only logical that coordinator in her/it the resources of the network and binoculars the organization / company. Domain constitutes : Only managerial, every the resources of the network exist the inside domain the managed by means of manager of the network and enables a definition of one policy for all the company.

Protected border, for all resource of network that exists in domain possible/given to define the level of security that marks to whom allowable ) authorization ( to use this resource. All definitions of the security that are possible/given in domain, obstinacy to the him domain only. Manager of the network can define authorizations only in domain that he is situated in him.


Only logical Hmahdt domain one or more. Characteristics : All the domains divide schema communal expanse of names are longlasting. Divide global catalog


Only logical Hmahdt tree one or more. Characteristics : The all tree in forest divide a communal scheme. For all tree there is an expanse of names is different. All the domains in forest divide global catalog. The forest enables a communication between all the domains


Contains definitions of the objects ) including characteristics ( that the could be and to take place in ad. Agreement from fencing which characteristics must be for all object ) object class ( and which additional characteristics it's possible to add to the object


Global Catalog

Contains in him/it list of all the objects that exist in tree or in forest. I.e. gc he is a defined service on any server in domain and his role to answer on queries that are done in the network as regards different resources. The gc contains a list partially of the most useful characteristics for all object. In tree or in forest is recommended to locate global catalog one in each domain, in order that queries will make in the frame of the domain in order to abate the movement

The physical structure of the physical structure of active directory based on site. Site he is a combination of sub one network or more the connected in the fast line. Fast defined line about 512 kbps at least. The physical structure enables the processes such as : Replication to work in the efficient smooth form likewise exists a mechanism that enables guard in him/it Ainpormtsit the physical structure of the network


.When installers active directory on the first server in the network or that operation/sales of upgrading to serve of windows nt4, we actually create active directory domain. Ainpormtsit the domain stored in the form physically in data base on one server or more that is called : Domain controllers. And as such was created situation that everyone what dc stores an absolute copy the of data base

A topology of Hshcpol, replication a topology of Hshcpol replication the known also by name multi master replication from fencing of environment of equality between the all dc the situated in the network. I.e. everyone what dc can protest or to inform on changes that they became in directory. When warning from this type became, every the remainder dc come to take (took) changes what dc Hmtria.btopologia Hshcpol that there was by the environment of nt4 the known by name : Single master replication from fencing of based environment on dc central that is called primary domain controller that only he only could have been able to execute changes for db. The db of nt4 calls : Security account manager

Active directory domains can contain dc also a crusher of nt4, but dc those do not supporters in active directory. Environment of involved2 network of I sang 2000 and of I sang 4 nt calls : Mix mode. In this environment must take into account certain limitations that used to/would exist by the environment of dc of winnt such as

.1Limitation of 40,000 user that it's possible to define in dc of nt4 ) to the one domain

2.40mb of registry

3Network nt does not support the concatenation security groups

When every dc in their network win2000, possible/given to change the definition of the network to the situation native mode. In this environment it's possible to benefit from all the facilities that give windows 2000 active directory

My component active directory

Already we reminded that was active directory stored in data base on server that is called : Dc. Every dc belongs for domain one only the inside forest, and all the objects that inside him domain are cloned for all the dc that inside the same domain. But there are certain functions that not pass in the replication to the remainder dc. Five main roles flexible single master operations are distributed for dc in each domain and / or forest. Two possible/given roles for dc in the level of forest they

1Domain naming master. In order not to enable names of similar domains in the same forest, all increase and deletion of domain what forest are defined on domain naming master

2Schema master. Only dc one responsible on changes in schema the of active directory. Inasmuch as that was schema he is a static, important thing of intellect/thatall/ of change that becomes will not constitute conflict to the changes that they became elsewhere in forest

Remainder the three of the roles exist in the level of the domain

1Pdc emulator. Many applications were written to the old systems like nt4. In order that there will be a full coordination dc one in the domain needs to answer to those questions. In addition, the pdc emu receives changes of passwords and do a test before was dc postpone them to the event that the passwords that and us recently

2Rid master. The rid, part off sid, that serves to the unique identification of every user, group or computer in the domain, to the targets of security such as giving of authorizations. Inasmuch as intellect/thatall/ dc can create new objects every dc must manufacture unique number ) rid (. Every dc receives a range ) list ( of rid's that he can give insofar and was created new object. The role rid mas he to give ranges ) lists ( those. The rid will be enclosed for sid the of domain and get accepted sid sharp principled for all the forest

3Responsible on update of certain records in directory to the objects from other domains for example : Change put or deletion. All these roles call flexible inasmuch as that they are transmissible the between dc that in the domain with the help of administrative tools. As default value of my role operation master possible/given to serve the possible the first. Insofar and is defined a domain with dc one only, dc this will constitute dc forest root and receive all the five of the roles

Yaniv Totshvili

Leave a Reply

Your email address will not be published. Required fields are marked *

Reload Image

This site uses Akismet to reduce spam. Learn how your comment data is processed.

WhatsApp Logo IT World