Active Directory Design
Directory (AD) service is the flagship component of Windows 2000 Server and Advanced Server. Just about
everything that happens on your Microsoft Windows 2000 network will rely upon
AD being installed, configured, and managed properly. Everything
from the logon process to application installations can be managed through the
Active Directory database..
Cost: Business decisions are made with an eye on return for
investment, even decisions regarding something as critical as the
network itself. Each choice made reflects an expected result at a given
cost. When implementing a directory, we have to ensure that the perceived value
outweighs the actual costs.
Security: The old maxim "Money is power" has changed to
"Information is power." For many companies, the data stored on
a network is their edge against the competition. This information must be secure or companies
will not trust it to their networks.
Reliability: Uptime is the keyword for business networks. It does not
matter what information a company obtains—if that
information is not available due to a network problem, it is of no value.
Performance: A good network design, both in the physical layout of resources and in the configuration of software, can
produce a system in which performance is optimized. A bad design, on the
other hand, can greatly impact a user’s ability to perform their job.
PC-based networks have become an integral part of the
business world. They started out as simple solutions for sharing a few
physical resources— hard disk space, printers, and so on. Over time,
though, networks have become quite complex—often spanning multiple sites,
connecting thousands of users to a multitude of resources. Today, networks
control everything from payroll information to e-mail communication, from
printers to fax services. As networks offer more services, they also demand more
management. Easing the use and management of networks is the real
goal of a directory service.
To understand and appreciate the power and convenience
of a directorybased solution, you must have an understanding of the
technologies that it will replace. Before the advent of directories, most network
operating systems (NOSs) were server based. In other words, most account
management was done on a server-by-server basis. With older NOS software,
each server maintained a list of users who could access its resources (the
accounts database ) and a list of the users’ permissions (the access control list
, or ACL). If a system had two servers, each server had a separate accounts database, Although this
system is simple and easy to understand, it becomes unwieldy once it
grows beyond a certain point. Imagine trying to manage 1,000 users on 250
servers—the user and resource lists would soon overwhelm you! To get around
this limitation, some NOS software, such as Microsoft NT 4, was
configured so that small groups of servers could share one list of users (called
a central accounts database ) for security and authentication purposes.
This central accounts database gave administrators a single
point of management for a section of their network, known as a domain . Once again, however,
this solution becomes cumbersome after the network
reaches a certain size. Network directories are just databases that hold
network information. They can contain many different types of information:
User account information (logon names, passwords,
User personal information (phone numbers, addresses,
Peripheral configuration information (printers, modems,
Application configuration (Desktop preferences, default
Network infrastructure configuration (routers, proxies,
Internet access settings)