The Active Directory is the service of catalogues included in system Server Windows 2000. It expands opportunities of catalogues existing before services on base Windows and adds completely new opportunities. The service of catalogues the Active Directory provides safety, distribution and an opportunity of splitting into sections. It is designed for installation in system of any size – from a single server with several hundreds objects up to system from thousand servers with millions objects. The service of catalogues gives the Active Directory many the new opportunities facilitating search and management of great volumes given and allowing to save time as to managers, and end users.
Some from concepts and the terms used for the description of service of catalogues the Active Directory are new, and the some of them were used earlier. Unfortunately, the part of existing terms is ambiguous – by them different concepts can be designated.
The scope of service of catalogues the Active Directory is rather extensive. It can include each single object (printer, file, user) each server and each domain in one global network. It also can include the incorporated global networks. The service of catalogues the Active Directory can deal both with a single computer, and with a separate computer network or set of the incorporated computer networks.
Dover Leasing currently has information about all users stored in a database application used by the Human Resources Department. The IT manager has asked you to explore some ways this information could be used to create user accounts and populate the Active Directory database. Which tools could be used, and what are some issues involved in using these activates? Information about all users has ...
The service of catalogues the Active Directory is, first of all, space of names, as well as any service of catalogues. The “space of names” is for example, the telephone directory. The space of names is any limited area in which the set name can be authorized. The sanction of a name is a translation process of a name in that object or those data which this name represents. The telephone directory is the space of names in which surnames of subscribers are resolved as telephone numbers, or in telephone numbers. File system Windows forms space of names in which the name of a file is authorized in a file. The service of catalogues the Active Directory forms space of names in which the name of object in the catalogue is authorized in object
Speaking about Active Directory it necessary to point out such notion as “domain” The separate area of safety in computer network Windows NT or Windows 2000 (the additional information on domains can be found in the documentation on Windows) refers to as the domain. The service of catalogues can cover the Active Directory of one or several domains. On an independent workstation the domain is the computer.
From the physical point of view the domain can include the computers located in different places. In each domain the policy of safety and the relations of safety operate with other domains. If some domains are connected by confidential relations and have the same circuit, a configuration and the global catalogue, we have a tree of domains. Some trees of domains can be incorporated into a tree.
The circuit of service of catalogues the Active Directory is realized as a set of copies of classes of objects which are stored in the catalogue. It differs from many catalogues in which the circuit exists, but is stored as a text file which should be read at start. Storage of the circuit in the catalogue gives many advantages. For example, the user appendices can, when reading the circuit, to define what objects and properties are accessible to them.
In service of catalogues the Active Directory the circuit can dynamically be updated. It means, that the appendix can expand the circuit, adding to it the new attributes and classes, and then to take advantage of this expansion. Updating of the circuit is carried out by creation or change of objects of the circuit which are stored in the catalogue. As well as all objects in service of catalogues of the Active Directory, objects of the circuit are protected by lists of management of access (ACL – Lists of the Control Access), therefore change circuit can only the users, possessing corresponding powers.
Microsoft (R) Windows (R) 2000 Professional, Windows 2000 Server, and Windows 2000 Advanced Server Release Notes This document provides late-breaking or other information that supplements the Microsoft Windows 2000 documentation. Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise noted, the example companies, ...
Administration of service of catalogues the Active Directory is carried out by proxy users. The user with more large powers gives other user an opportunity to carry out the specified set of actions above the specified objects and classes of objects in certain sub-tree of the catalogue. It refers to as the delegation of administrative powers. Delegation of administrative powers allows to carry out rather detailed control regarding who has the right to make, and also allows to delegate powers, giving only those rights which are necessary.
Improvements in service Active Directory give significant strategic advantages to the average and large enterprises, providing more high efficiency of work of managers and users. Being based on the base incorporated in Windows 2000, Windows Server 2003 raises universality, controllability and reliability of the Active Directory. Potential benefit for the organizations consists in the further reduction of expenses at increase of efficiency of sharing of various elements of the enterprise and management of them.
The new important opportunities which have appeared in Active Directory have made structure of catalogues of this service one of the most flexible in the today’s market. Now, when the appendices working with services of catalogues, win the increasing distribution, the organizations can use opportunities Active Directory for management of a corporate network environment of as much as complex structure. In any variants of application – from the centers of the data of the Internet up to the big distributed enterprises with the set of branches – the improvements distinguishing family Windows Server 2003, simplify administration and raise productivity and efficiency that makes these systems extremely by the universal decision
Transition on Active Directory became a more simple task due to a number of improvements by Active Directory Migration Tool (ADMT).
This lab provides students with the hands-on skills needed to create a new Active Directory domain in Windows Server 2003 and demonstrates how to configure a centralized authentication and policy definition for access controls. The Active Directory users and workstation plug-ins will be used to create users, groups, and configure role-based access permissions and controls on objects and folders in ...
In ADMT 2.0 the carrying of passwords from Microsoft Windows NT ® 4.0 in Windows 2000 and Windows Server 2003, and also from domains Windows 2000 in domains Windows Server 2003 is allowed.
Additional functions of safety facilitate management of set of trees and inter-domain confidential relations. Inter-tree confidential relations represent new type of confidential relations in Windows, providing management of relations of safety between two trees. They considerably simplify administration of safety and check of authenticity between two trees. Safe access to resources from other trees needlessly is given users to endow a uniform input and the administrative advantages connected to an opportunity to have only one name of the user and the password in a domestic tree of the user. Thus the flexibility necessary that some division or zones is provided could have own trees, not losing thus the access to the advantages of Active Directory.
Windows Server 2003 includes the following improvements for Active Directory – services of catalogues, for the first time appeared in Windows 2000:
-opportunity of renaming of the domain Active Directory after its expansion
-simplification of change of the circuit Active Directory – for example, switching-off of attributes and classes.
-the improved user interface for management of the catalogue (it became possible to move, for example, objects by their dragging and simultaneously to change properties of several objects).
-the improved control facilities a group policy including program Group Policy Management Console
In conclusion it must be said that Active Directory remains to be a powerful and efficient facility which was significantly improved in server 2003. Thus, the reputation of Active Directory as the main devise systematizing system catalogues is completely justified.
1. Allen, R., Lowe-Norris, A., (2003).
Active Directory. O’Reilly.