Windows2000 is a new generation operating system of Microsoft Corporation. It is developed on the basis of Windows NT4.0 operating system. It combines the advantages of Windows NT technology and Windows9X. Based on this, many new features have been developed. and function. Such as smart mirroring, terminal services, distributed file systems, disk quotas, DNS enhancements, and Active Directory. One of the most important features is the Active Directory.
Active Directory includes two aspects: a directory and related services. A directory is a physical container that stores various objects. The basic objects of directory management are resources such as users, computers, files, and printers. A directory service is a service that makes all the information and resources in a directory work, such as user and resource management, directory-based network services, and network-based application management. Active Directory is a distributed directory service. Information can be spread across multiple different computers, ensuring fast access and fault tolerance, while providing a unified view of the user regardless of where the user is accessed or where the information is. In today's explosive Internet growth of network computing, Microsoft Active Directory has also adopted Internet standards extensively, bringing almost endless benefits to users. Active Directory integrates key services such as Domain Name Service (DNS), Message Queuing Service (MSMQ), Transaction Service (MTS), etc.; integrates key applications such as email, webmaster, ERP, etc.; it also integrates today's critical Data access, such as ADSI, OLE DB, etc.
this, Windows2000 Active Directory network architecture is an essential, integral and important component, we can say this: there is no Active Directory, there is no Windows2000. So understanding the Active Directory is very important for understanding the overall value of Windows 2000. To understand the Active Directory. We must start with its logical structure and physical structure. Here, I introduce you to the logical structure of the Active Directory.
1, the hierarchical directory structure
FIG active directory hierarchy shown in FIG
, Windows2000 Active Directory by organizational unit (OU), domain (Domain) 1, domain tree (Tree), forest (Forest) constitutes a hierarchical structure. Active Directory creates a copy of the directory database for each domain. This copy stores only the objects used for this domain. If multiple domains have a relationship, they can form a domain tree. In each domain tree, each domain has its own copy of the catalog database to store its own objects, and it can look for copies of other catalog databases in the domain tree. Multiple domain trees form the forest. This hierarchical structure of Windows 2000 Active Directory makes the enterprise network highly scalable, easy to organize, manage, and directory. In this regard, the NT4.0 domain model, whether it is a multi-master domain model or a full trust domain model, cannot be compared to the Windows 2000 Active Directory structure model. Windows 2000 Active Directory is more suitable for enterprise directory services.
2, object oriented storage
As mentioned earlier, Active Directory objects stored in the form of information about the network element object class objects (Mode: Object schema Object) of An instance, and each object class has a number of properties that describe the special characteristics of an object class. This allows organizations to store a wide range of information in a directory, making it easy to organize, manage, and control access to it. This object-oriented storage mechanism also implements object security because the properties of the object are encapsulated inside the object. Of course, all of these objects have a globally unique identifier.
3, domain, domain tree, forest
domain is the core unit of NT Active Directory is an object (such as computers, users, etc.) containers, these objects have the same security requirements, copy Process and management. In the domain, all domain controllers are equal. Active Directory implements directory replication between domain controllers in a multi-master replication model. A domain can be a subdomain or a parent domain of other domains. These subdomains and parent domains form a tree--domain tree. The domain tree implements a contiguous domain name space, and domains on the domain tree share the same DNS domain name suffix. The first domain of the domain tree is the root of the domain tree. Each domain in the domain tree shares a common configuration, schema object, and global catalog. A multi-domain tree constitutes a forest. Domain trees in the forest do not share a contiguous namespace. Each domain tree in the forest has its own unique namespace. The first domain tree created in the forest is created by default as the root tree of the forest.
4, build organizational model
organizational unit using the containment structure is the organization, the management of a domain container object, it can accommodate user accounts, user groups, computers, printers, and other organizational units . Obviously, organizational units have a very clear hierarchy through the inclusion of organizational units. This inclusive structure allows managers to cut organizational units into the domain to reflect the organizational structure of the enterprise and delegate tasks and authorizations. Building an organizational model of the inclusive structure can help us solve many problems, while still using large domains, each object in the domain tree can be displayed in the global directory, so that users can easily find an object using a service function regardless of Its location in the domain tree structure.
From the above introduction to the logical structure of Active Directory, we can see that this hierarchical structure of Active Directory can help us simplify management, strengthen network security, and easily find the objects and resources needed in large enterprises. In the network environment, we will never have a headache because we cannot find shared resources.