I don’t understand the active directory
As we start looking at Group Policy deployment to Active Directory objects, we can’t avoid a particular question: what, exactly, is an Active Directory? An excellent question. In the simplest of terms, Active Directory is just another piece of Microsoft software built upon the networking technologies that preceded it and is certainly nothing unique in that regard.
Microsoft, along with software companies everywhere big and small, has taken existing technologies and/or the ideas from existing software and made it theirs by taking what in their view is the next evolutionary step. In the case of Active Directory, Microsoft already had a working (if somewhat grumbled about) domain model built into their Server products. When Microsoft moved to the NT 4 operating system, they added the capability to link domains together with trust relationships.
Carefully implemented, the enterprise could still be managed centrally or, conversely, distributed amongmultiple administrative groups. This linking also provided for easy access to resources, and it accommodated business mergers and subsidies as organizations redefined themselves. The problemwith NT 4’s domain model was one of scalability.To wit:NT 4’s domain model was flat, affording no levels of hierarchy. As you started to add multiple domains to the NT mix, several problems occurred, and these problems usually compounded themselves as the organization began to grow. In the next iteration of its Server family,Windows 2000,Microsoft set out to address this scalability problemby seeking an enterprise model that could meet two primary design objectives. The Windows 2000 domain model needed the following:
- A global list of each domain’s directory available at every domain
- A system to automatically manage trust relationships, lessening the administrative overhead when deploying multiple domains
The result was ActiveDirectory,which made its debut inWindows 2000, and it came with a handy little side benefit.By storing allWindows domain information in a centralized database, users and administrators could then perform queries like, “Which one of the printers on the fourth floor of building 22 prints in color?” or “Is that computer located in the North building or the South building?” The next release of Microsoft’s Server operating system is the current version, Windows Server 2003. (Its successor,Windows Server 2008, is scheduled for release late 2007/early 2008.) Windows Server 2003 includes many improvements toWindows 2000’s version of Active Directory, making it even more versatile, dependable, and economical to use. Windows Server 2003 provides the following benefits:
- Easier deployment and management Improved migration and management tools. Better tools with drag-and-drop capabilities, multiobject selection, and the ability to save and reuse queries. Improvements in Group Policy that make it easier to manage groups of users and computers in an Active Directory environment.
- Greater security Cross-forest trusts provided a new type of Windows trust for managing security relationship between two forests. (I’ll define forests in a bit.) Users can securely access resources in other domains without sacrificing the administrative benefits of having only one user ID and password maintained in the user’s home domain.
- Improved performance and dependability More efficiently managed replication and synchronization of Active Directory information. In addition, Active Directory provides more features that allow you to intelligently select only changed information for replication; it no longer requires updating of entire portions of the directory.