Addis Ababa University Faculty of Informatics Department of
Computer Science
Directory Service Directory Service - is a software application
that stores and organizes information about a computer network's
users and network resources, and that allows network administrators
to manage users' access to the resources. LDAP (Lightweight
Directory Access Protocol) is the directory service for Unix.
Active Directory (AD) is the directory service for Windows 2000
Server. It stores information about objects on the network and
makes this information easy for administrators and users to find
and use.
With a single network logon, administrators can manage directory
data and organization throughout their network, and authorized
network users can access resources anywhere on the network.
Server-client architecture
Benefits of Active DirectoryActive Directory provides:
Information security Policy-based administration Extensibility
Scalability Replication of information Integration with DNSFlexible
querying Active Directory was released first with Windows 2000
Server edition, and revised to extend functionality and improve
administration in Windows Server 2003.
DomainsA domain is just a group of servers and workstations that
agree to centralize user and machine accounts and passwords in a
shared database. A security boundary Domains do several things for
us. Keep a central list of users and passwords. Provide a set of
servers to act as authentication servers or logon servers known as
domain controllers Maintain a searchable index of the things in the
domain, making it easier for people to find resources Let you
create users with different levels of powers Allow you to subdivide
your domains into subdomains called organization units or OUs.
A forest can contain one or more domain trees.
You create a domain by installing the first domain controller
(AD server) for a domain. Domains that form a single domain tree
share a contiguous namespace (naming hierarchy). For example, a
domain with a NetBIOS name of "grandchild" that has a parent domain
named parent.microsoft.com, would have a fully qualified DNS domain
name of grandchild.parent.microsoft.com.
In Active Directory, each user account has a user logon name,
and a user principal name suffix. The user principal name is
composed of the user logon name and the user principal name suffix
joined by the @ sign. the user principal name suffix, identifies
the domain in which the user account is located. The logon name for
a user named abebe in microsoft.com domain would be
[email protected].
