The Uses of the Active Directory
By Peter Garant
With the ever increasing amount of data moving across large networks, it behooves the network systems administrator to oversee the proper function of these elements, not to mention implement the correct security measures. One helpful tool is the Active Directory.
Developed in 1996 by Microsoft, the Active Directory is the primary method by which Windows operating systems amasses information about domains, and also monitors them. In recent years the function has been increased to allow it to facilitate and view online data flows.
The Structure of the Active Directory
Because it was devised to make accessible all the pertinent objects in the network, the directory was structured in an easy to understand hierarchical structure. There are multiple viewing levels: forests, trees and domains/objects.
The forest is where every tree and domain can be viewed; dropping to the tree level, you will see that it contains one or more domains. Domains or objects have no deeper level.
There are three main categories: Resources, which cover hardware devices like printers and scanners; the other two are Servers and Objects, which are primary components of both the network and the domain.
The Active Directory is especially useful for managing objects. An object can be defined as any element that can contain another object. Every object has its own properties or schemas, which can be accessed and modified.
How the Active Directory Works
What makes Active Directory so important for a systems administrator is that it makes the updating and upgrading process a virtual one step process. For example, you need to install a new security application. If there are several computers in the network, the procedure would be tedious, but Active Directory, via its forest structure, makes this easy; you just update one object and it applies to all.
The structure is also flexible enough to allow for making changes to specific objects. Because each has its own schema, then the administrator can assign a particular task to a user and use certain software without giving access to everyone.
To determine access levels, the Active Directory utilizes two elements: transitive trust and one way one transitive non trust.
The transitive trust, when used, signifies that the administrator has allowed users admission into the other's domain and/or tree.
The one way one transitive non trust, on the other hand, means entry into a tree or domain but not admission into other domains.
This situation often happens when a network system administrator accesses the domain of any number of users, but the end user cannot go beyond the domain assigned to him/her. This can be very important for administrators when it comes to checking out problems with a user's domain.
These are just some of the things that one can use with Microsoft's Active Directory. While they can be quite technical, they can, once learned, make management of information and data, as well as performing security checks and software upgrades, much easier.
It is for this reason that usage of Active Directories has become part and parcel of servers and networks with Windows operating systems.
Peter Garant is writing articles about Active Directory [http://www.rolo.org/active-directory.html] standards for a full site about Active Directory