Active Directory includes two aspects: directory and directory related services. A directory is a physical container that stores various objects. The basic objects of directory management are resources such as users, computers, files, and printers. A directory service is a service that enables all information and resources in a directory, such as user and resource management, directory-based network services, and network-based application management. Active Directory is a distributed directory service. Information can be spread across multiple different computers, ensuring
fast access and fault tolerance, while providing a unified view of users regardless of where they are accessed or where the information is. In today's explosive Internet growth of the Internet computing era, Microsoft Active Directory has also adopted Internet standards extensively, bringing almost endless benefits to users. Active Directory integrates key services such as Domain Name Service (DNS), Message Queuing Service (MSMQ), Transaction Service (MTS), etc.; integrates key applications such as email, webmaster, ERP, etc.; and
It also integrates today's key data access, such as ADSI, OLE DB and more.
From this point of view, Active Directory is an indispensable and important component of the Windows 2000 network architecture. It can be said that there is no Active Directory, and there is no Windows 2000. So understanding the Active Directory is very important for understanding the overall value of Windows 2000. To understand the Active Directory. We must start with the logical and physical structure of its
. Here, I introduce you to the logical structure of the Active Directory.
1. Hierarchical Directory Structure
Figure 1 Active Directory Hierarchy
As shown in Figure 1, Active Directory for Windows 2000 is organized by OU ), the domain (Domain), the domain tree (Tree), the forest (Forest) constitute a hierarchy.
Active Directory creates a copy of the directory database for each domain. This copy stores only the objects used for this domain. If multiple domains have a relationship, they can be combined to form a domain tree. In each domain tree, each domain has its own copy of the catalog database to store its own objects, and it can look up copies of other catalogs in the domain tree. Multiple domain trees form the forest. This hierarchical structure of Windows 2000 Active Directory makes the enterprise network highly scalable, easy to organize, manage, and directory. In this regard, the NT4.0 domain model, whether it is a multi-primary domain model or a full trust domain model, cannot be compared to the Windows 2000 Active Directory structure. Windows 2000 Active Directory is more suitable for enterprise directory services.
2, object-oriented storage
As mentioned earlier, Active Directory stores information about network elements in the form of objects, objects are object classes (pattern: object schema Object)
An instance, and each object class has a number of properties that describe the special characteristics of an object class. This allows organizations to store a wide range of information in a directory, making it easy to organize, manage, and control access to it. This object-oriented storage mechanism also implements object security because the properties of the object are
encapsulated inside the object. Of course, all of these objects have a globally unique identifier.
3, domain, domain tree, forest
Domain is the core unit of NT Active Directory, is the container of objects (such as computers, users, etc.), these objects have the same security requirements, copy Process and management.
In the domain, all domain controllers are equal. Active Directory implements directory replication between domain controllers in a multi-master replication model. A domain can be a subdomain
or a parent domain of another domain. These subdomains and parent domains form a tree ------ domain tree. The domain tree implements a contiguous domain name space, and domains on the domain tree share the same DNS domain name suffix. Domain
The first domain of the tree is the root of the domain tree. Each domain in the domain tree shares a common configuration, schema object, and global catalog. More trees
The domain tree constitutes a forest. Domain trees in the forest do not share a contiguous namespace. Each domain tree in the forest has its own unique namespace. The first domain tree created in the forest is created by default as the root tree of the forest.
4. Building an Organizational Model Using an Inclusive Structure
An organizational unit is a container that organizes and manages objects within a domain. It can accommodate user accounts, user groups, computers, printers, and other organizational units. . Very
Obviously, through the inclusiveness of organizational units, organizational units have a very clear hierarchy. This inclusive structure allows managers to cut organizational units into the domain to reflect the organizational structure of the enterprise and delegate tasks and authorizations. Building an organizational model of the inclusive structure can help us solve many problems, while still using a large domain, each object in the domain tree can be displayed in the global directory, so that users can easily find a certain service with a service function. Object regardless of its position in the domain tree
structure.
From the above introduction to the logical structure of Active Directory, we can see that this hierarchical structure of Active Directory can help us simplify management, strengthen the network
security, and easily find the objects and resources needed. In a large enterprise network environment, we will never have a headache because we cannot find shared resources.
The Global (or Full) Flag Editor is a utility for CW2KP provided by Sppuort Tools, which was mention
First, although it is first sight, it seems to have known each other WinDiff is a tool for comparing
No matter whether it is an individual user or a corporate user, you will encounter the problem of se
As a network administrator, one of the most common tasks is the deployment of various software, incl
Windows 2000 server configuration guide
Win2000 Permissions Diagnostics
How to increase FSO security under Windows 2003
Processor.exe has a processor utilization rate increased to 100%
Environment variables in Windows 2000
New features of Win2000 Notepad
Easy setup for optimal performance with Win2000
Win Server 2003 System Q&A Highlights
Win2000 upgrade to Win2003 10 major functions cause
Experience Win 2003 shared "restore" technology
Win2003 reminds Microsoft: In the next two years, it will show its strengths
Win8.1 modify the location of desktop, video, image and other files
Teach you to create a key to clear the extra boot items to improve the boot speed of the win7 system
How to let WIN10 restore F8 into safe mode channel
Win7 Ultimate System IE unresponsive solution skills
Win8 challenges Apple Siri: System built-in Microsoft Tellme Voice Assistant
Win10 and then welcome new cumulative update: code KB3081438
IIS prompt error ASP 0177 : 800401f3 Se
How WinXP changes IE favorites location through the registry
How to remotely access IIS after Win7 installs IIS
Killing the original PC version of the plot of the sixteenth mission Raiders