I. Introduction to the active catalogue
Active Directory (Active Directory) is the component that provides directory services in a Windows Server 2003 domain environment. Directory services are introduced on the Microsoft platform from Windows Server 2000, so we can understand that the Active Directory is a way of implementing directory services on the Microsoft platform. Of course, the directory service on the non-Microsoft platform has a corresponding implementation.
Windows Server 2003 has two network environments: workgroups and domains, and the workgroup network environment by default. The following figure
The workgroup network is also known as a "peer-to-peer" network, because the status of each computer in the network is equal, their resources and management are scattered on each computer, so the team environment is characterized by decentralized management, the workgroup environment each computer has its own "Local Security account Database", Called the SAM database. What is this SAM database for? In fact, when we log on to the computer, when we enter the account and password, this will go to this SAM database verification, if we entered the account in the SAM database, and the password is correct, the SAM database will inform the system let us log in. This SAM database is stored by default in the C:\WINDOWS\system32\config folder, which is the logon verification process in the workgroup environment.
If we have this scenario: a company with 200 computers, we'd like to have an account on one computer where Bob can access resources on each computer or log on to each computer. So in a workgroup environment, we have to create Bob this account in each of the 200 computers ' Sam databases. Once Bob wants to change his password, he has to make changes 200 times! I reckon the manager of this business is a tough one. Now just 200 computer companies, if there are 5000 computers or tens of thousands of computer companies, it is estimated that administrators will be crazy. This is the application scenario for the domain environment.
All the Friends working on Microsoft platform, whether it is the direction of the system or the direction of development or it practitioners, I think we have heard more than once in the domain environment, but many friends are unfamiliar with the domain environment, do not know how to do it, even do not know the domain environment on the importance of Microsoft platform I could say that if someone asked me, why would your company buy windows Server 2003/2008? I'll tell him I'm going to the active catalogue. In fact, Microsoft server-level products, such as Moss, exchange, and so the need for Active Directory support, the package of Microsoft in the promotion of the UC platform is inseparable from the Active Directory support.
The biggest difference between a Windows Server 2003 's domain environment and a workgroup environment is that all computers in the domain share a centralized directory database (also known as an Active Directory database) that contains objects within the entire domain (user accounts, computer accounts, printers, shared files, and so on), security information, and so on. The Active Directory is responsible for adding, modifying, updating, and deleting the directory database. So we're going to implement the domain environment on Windows Server 2003, which is actually to install the Active Directory. The Active Directory provides us with a directory service to provide centralized management of the enterprise network environment. For example, in a domain environment where you only have to create a Bob account in an Active Directory, you can log on to Bob on one of any 200 computers, and if you want to change the password for Bob's account, just change it once in the Active Directory.
Second, the concept related to the Active Directory
1, namespaces
A namespace is a well-defined area, such as when we think of a phone book as a "namespace", so we can find information about the phone, address, and company name associated with the person by using a name in the well-defined area of the phone book. While Windows Server 2003 's Active Directory is a namespace, we can find information about this object through the names of the objects in the Active Directory. The "namespace" of the Active Directory uses the DNS schema, so the domain name of the Active Directory is named in DNS format. We can name the domain name contoso.com,abc.com and so on.
2, domain, domain tree, forest, and organizational unit
The logical structure of the Active Directory package: domain, domain tree, forest (Forest), and organizational unit (organization). The following figure