Windows 2003 Active diretory Introduction (i)--Directory Services

First, learn a few important basic concepts:

First, directory Services

A directory is a collection of information about a group of objects in a particular environment, such as a phone book that records some areas of the phone number.

The directory also has the following characteristics: 1, High query performance, 2, hierarchical structure, 3, can distinguish objects, keep name unique.

Directory services are also able to provide queries, create new, delete, or modify object information in the directory.

Directory data structure: The following directory tree, divided into container objects and non-container objects

Object is named by: 1, to each object with RDN (relative distinguished name--relative recognition name), in the directory tree each object allows the same RDN, but in the same container of objects, RDN can not be the same. RDN plus the top has been to the top all Objects RDN form DN, the lowest RDN placed at the leftmost of the DN. For example, "C=us" indicates that this object represents a country (COUNTRY) and an object name (US); "O=flag" Indicates that this object represents the organization (organization) and the object name "FLAG", and if RDN is "Dc=us", the DC indicates that domain Component,ou=product represents this object representative unit (organization), CN =frankie ke indicates that the object represents a generic name (COMMON name).

To mention here: the mainstream standard of directory services---LDAP, which is the public standard that directory services follow, so that different clients can access the information in the directory. As the soft test to make the entry conditions, different degrees of people can apply for.

Second, Active directory directory Services

Ad is one of the directory services, it is also an object, and the hierarchical structure is used to organize objects.

Objects in AD have two attributes: 1, GUID (globally unique IDENTIFIER)-the whole domain unique recognition unit: A set of numbers to identify. 2, ACL: Each object has a acl,acl in fact is a record of security subjects (such as users, groups, computers) on the object's write, read, audit and other access rights. For example, the system administrator has full control of the permissions, a user only write permission. In practice, the underlying object can inherit the upper ACL based on requirements.