Windows 2000 Active Directory base article

Source: Internet
Author: User
Tags file system mail

We know that one of the biggest breakthroughs and successes of the Win2K system is its newly introduced "Active Directory" service, which makes the Win2K system more tightly connected to the services and protocols on the Internet because it successfully named the directory with the "domain name" are named in a consistent manner, and then resolved through DNS, making consistent results with WINS resolution over the Internet. The Active Directory also illustrates Microsoft's strategic shift in network architecture, although some products (such as Exchange SERVER, IIS, and so on) have provided services similar to the Active Directory in previous NT times. However, as a new integrated service mode, the active catalogue comes after the birth of Win2K. The active catalogue appears to be ubiquitous throughout the Win2K system. However, to really understand the "Active Directory" in all aspects of it is not easy, the following would like to spend a few chapters on the Active Directory of the main aspects of a detailed analysis, I hope that those who are afraid of the list of Win2K activities of the novice a comprehensive understanding of the opportunity.

First, the origin of the active catalogue

The most reminiscent of the Active Directory is DOS under the "directory", "path" and Windows9x/me under the "folder", at that time the "directory" or "folder" only represents a file on the disk location and hierarchical relationship, After a file is generated relative to the directory of the file is also fixed (of course, you can delete, transfer, etc., now do not consider these), which means that its properties are relatively fixed, is static. This directory can only represent the location of all files in this directory and the total size of all files, and can not draw other relevant information, which affects the overall use of the directory efficiency, that is, affect the overall efficiency of the system, so that the entire management of the system become complex. Because there is no correlation, the same object in different applications to be configured more than once, the management of a considerable number of locks, affecting the use of system resources efficiency. To change this inefficient relationship and to strengthen the association with relevant protocols on the Internet, Microsoft has decided to overhaul the Win2K, introducing the concept of active catalogs. The key to understanding the Active Directory is "activity" two words, do not "activity" two words removed and only from the "directory" two words to understand, then you and I can not be separated from the original DOS in the directory or windows9x under the folder, because this directory is active, so it is dynamic, It is a directory containing service functions, it can do "interviewers" association, mapping, if found a user name, you can think of its account, birth information, E-mail, telephone and other basic information, although the files that make up this information may not be a piece. At the same time, the information can be shared among different applications, which reduces the waste of the system development resources and improves the utilization efficiency of the system resources.

The Active Directory includes two aspects: directory and directory-related services. A directory is a physical container for storing a variety of objects, from a static perspective, this directory is not fundamentally different from the "directory" and "folder" We've known before, just an object, an entity, and a directory service is a service that makes all the information and resources in the directory work. The Active Directory is a distributed directory service that can be dispersed across several different computers. To ensure that users can access quickly, because the same information on multiple machines, so there is a strong ability to control information, because of this, regardless of where the user access or information in the place, provide users with a unified view.

Ii. Related terminology

Although many of the technologies used in the Active Directory have been seen in other software products, as a comprehensive overall network solution is the first appearance, many of the terms or terms may be unheard of, so it is necessary to have a detailed understanding of the Active Directory of the relevant nouns or terminology.

1, Namespace: In essence, the Active Directory is a namespace, we can interpret the namespace as any given name of the parsing boundary, which refers to the name can provide or relate, map all the information range. In layman's parlance, we search the server by looking up all the associated information that an object can find, such as a user, if we have given this user defined in the server such as: User name, user password, work unit, contact telephone number, home address, etc., the sum above is generally understood as "user" The name of the name space, because we only enter a username to find all the information listed above. Name resolution is the process of translating a name into the object or information represented by that name. For example, in a phone directory to form a namespace, we can from the name of each phone account can be resolved to the corresponding phone number, rather than the name is now the name, the number of numbers, can not be horizontal contact. The file system of the Windows operating system also forms a namespace, and each file name can be parsed into the file itself (containing all the information it should have).

2, Object: Object is the Active Directory of information entities, that is, we usually see the "attributes", but it is a set of attributes, often representing the physical entities, such as user accounts, file names and so on. An object describes its basic characteristics through attributes, such as the user's name, phone number, e-mail address, and home address, which may be included in the attributes of a user account.

3. Container: A container is part of the Active Directory namespace, and, like a directory object, it has attributes, but unlike a directory object, it does not represent a physical entity, but rather represents a space for an object, because it represents only the space of an object, so it is smaller than the name space. For example, a user, it is an object, but the object's container is limited to the object itself can provide the information space, such as it can only provide user name, user password. Other such as: work units, contact telephone number, home address, etc. are not part of this object's container scope.

4. Directory tree: In any namespace, a directory tree refers to a hierarchy of containers and objects. The leaves and nodes of a tree are often objects, and the non leaf nodes of the tree are containers. The directory tree expresses the way objects are connected, and also shows the path from one object to another. In the Active Directory, the directory tree is the basic structure, from each container as the starting point, the layer depth, can constitute a Shang tree. A simple directory can form a tree, a computer network or a domain can also form a tree. It's also easy to understand, our first study of the computer is not in a comprehensive understanding of the concept of the path under DOS to start, in fact, this "directory tree" is a "path relationship", if you understand the DOS under the "path" believe that understanding the "directory tree" is no problem!

5, Domain: domain is the security boundary of Win2K network system. We know that the most basic unit of a computer network is "domain", which is not unique to Win2K, but the Active Directory can run through one or more domains. On a stand-alone computer, the domain refers to the computer itself, a domain can be distributed across multiple physical locations, while a physical location can divide different network segments into different domains, each with its own security policy and its trust relationship with other domains. When multiple domains are connected through a trust relationship, the Active Directory can be shared by multiple trusted domain domains

6. Organizational unit: A directory object type that is particularly useful in a domain is an organizational unit. An organizational unit is a container in which users, groups, computers, and other units can be placed in the Active Directory, and the organizational unit cannot include objects from other domains. An organizational unit is the smallest unit of action that can assign Group Policy settings or delegate administrative permissions. With organizational units, you can create containers in a domain that represents a logical hierarchy in an organizational unit, so that you can manage your accounts, the configuration and use of resources based on your organization model, and you can use organizational units to create management models that scale to any size. You can grant users administrative rights to all organizational units in a domain or to a single organizational unit, and the administrator of an organizational unit does not need to have administrative authority over any other organizational unit in the domain, and the organizational unit is a bit like our working group in the NT era, we can understand this from administrative authority.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.