Windows%20Server%202003%20Active%20Directory

1
Windows Server 2003Active Directory
Microsoft

• CS526 Semester Project
• Spring 2006
• Patricia C. Marquez

2
Introduction

• Active Directory is the Windows Server 2003
  directory service.
• Directory services enable the management of
  network resource information.
• Active Directory uses the Lightweight Directory
  Access Protocol (LDAP).
• LDAP defines the directory access methods and
  employs the X.500 directory standard.

3
Goals

• Develop an application to programmatically query
  and modify the directory data using Active
  Directory Service Interfaces (ADSI).
• Install Windows Server 2003
• Configure the server as a domain controller
• Configure the server as a DNS server
• Install Active Directory
• Create a Directory Information Tree
• Configure a Windows XP client to access the
  directory via a directory-enabled application.

4
Overview of Directory Services

• A directory service is a type of service used to
  manage network resource information such as
  users, printers, files, applications, and even
  other services.
• The information is stored in a special type of
  database. The data repository is referred to as a
  directory because of its hierarchical structure.
• The X.500 Standard defines the architecture and
  features of a directory service. This includes
  the data model, namespace, functional model, and
  authentication methods.
• Directory data is accessed using the
  client/server model.
• Directory services are ideal for large
  distributed environments.
• Distributed applications can be directory-enabled
  to access directory data using associated APIs.

5
Lightweight Directory Access Protocol

• An open industry standard for directory access.
• Defines a standard method for querying and
  updating information in a directory including the
  transport and format of messages.
• Less resource-intensive than DAP because
• It runs directly over TCP/IP instead of requiring
  the entire OSI protocol stack to operate.
• It uses a simplified version of the X.500
  directory data model.
• LDAP provides APIs for C and Java.

6
Active Directory Highlights

• The Microsoft Windows Server directory service
• Its primary protocol is LDAP
• The data model is derived from the X.500 data
  model
• Resources are represented as objects. The
  database can hold a billion objects
• Provides access control and authentication
• Supports intersite and intrasite replication
• Provides its own API
• Active Directory Service Interfaces (ADSI)

7
Physical Architecture
8
Windows Server 2003 Security Subsystem
9
Logical Architecture

• Building blocks include
• Forests
• Domains
• Organizational Units
• Groups
• Objects users, computers, printers, et cetera
• Trust relationships
• Sites
• Replication

10
Forest with Domain Trees and Trust Relationship
A forest is a logical grouping of domain trees
A domain tree is a logical grouping of domains
11
Domain with Organizational Unit Tree
12
Future Research

• Solutions to Active Directory limitations
• No easy way to rearrange the structure of
  existing forests
• No easy way to merge one forest with another to
  form a single forest
• No easy way to split domains off a forest to form
  a new forest
• Research using Directory Services Markup Language
  (DSML) to access my directory.

13
Key References

• Kouti, Sakari, and Mika Seitsonen. Inside Active
  Directory A System Administrators Guide.
  Addison-Wesley, 2002
• Stanek, William R. Microsoft Windows Server 2003
  Inside Out. Microsoft Press, 2004
• Tuttle, Steven, Ami Ehlenberger, Ramakrishna
  Gorthi, Jay Leiserson, Richard Macbeth, Nathan
  Owen, Sunil Ranahandola, Michael Storrs, and
  Chunhui Yang. Understanding LDAP Design and
  Implementation. IBM Redbooks, 2004

14
Questions