Home  
  Microsoft  
  Practice Exams  
  TechNotes  
  Links  
  Forums  
  Blogs  
  Topsites  
  Search the Web  
  Watch free videos online  
     
  Subnet Calculator  
  Online Degrees  
  Exam Vouchers  
  Free Magazines  

   
70-210 Windows 2000 TechNote:
Introduction to ADS
Index
- Overview
- Terminology
-- Domains
-- Naming Context
-- Global Catalog
-- Forest
-- Organizational Units
-- Domain Controllers
-- Sites

ACTIVE DIRECTORY SERVICES

Overview    Back to top

Microsoft made many changes and improvements to their operating system (OS) when they designed Windows 2000. The most important change was the addition of Active Directory (AD). Nearly every facet of the OS now revolves around AD and we’re already seeing the next generation of BackOffice products that are dependent upon it (i.e., Exchange 2000). Active Directory is the central holding space for all objects making up our enterprise: domains, organizational units, users, groups, computers, printers, etc. By using some of the specifications of the X.500 directory services, the hierarchical structure of AD removes many of the deficiencies of the flat domain structure found in NT 4.0.

Put simply, the AD is a hierarchical database of all objects in the entire enterprise. These objects include users, groups, computers, domain controllers, printers, contacts, shared folders, and organizational units. Active Directory must use TCP/IP as its network protocol.

Active Directory uses a basic top-down hierarchical model. At the top is a single forest of one or more trees, that must contain at least one (root) domain, which must contain at least one organizational unit (OU), and several other containers. There is a recommended size limitation of one million objects per domain for the initial Windows 2000 release, however tests have run the number of objects up to ten times that without failures.

All Windows 2000 computers can use the AD. Legacy computers (those running Windows NT 4.0, NT 3.51, Windows 98, Windows 95, Windows 3.x) can log into a Windows 2000 domain, but they won’t be able to take advantage of the features of AD. Windows 95 and Windows 98 computers will require a new Directory Services add-on client (dsclient.exe) that ships with 2000 Server to interact with AD. There is no such tool for OS’s prior to 95/98.


TERMINOLOGY
    Back to top

Domains     Back to top

The concept of domain as we remember it from the NT 4.0 days stays the same in Windows 2000. The architecture, however changes from the flat model from NT 4.0 to a hierarchical model with a parent domain and child domains under it. The parent (also known as the root) domain and all of its child domains are defined as a single domain tree. Multiple trees within the same AD are defined as a forest.


Naming Contexts    Back to top

A change in Windows 2000 affects the naming contexts within a domain. Now they are done according to the Internet’s Domain Name System (DNS) standard (RFCs 1034 & 1035). To better explain this concept, let’s assume the root domain in our tree is called “mycompany.com”. The sales “child” domain under it is names “sales.mycompany.com”; the finance “child” domain is called “finance.mycompany.com”, and so on.

There must be a separate naming context for each parent, or root. Each root domain begins a new tree within the forest. This naming context allows DNS to be used for all Windows 2000 name resolutions.

Design Tip: 1 DNS server per site.


Global Catalog    Back to top

Also new in Windows 2000 is the Global Catalog (GC). The GC is a search engine that helps users and applications find objects that are published in the AD. Without the GC it could be difficult and quite time consuming to search the AD database since there could potentially be hundreds, or even hundreds of thousands of objects in any single directory.

The Global Catalog can only exist on a Domain Controller (DC). It contains a listing of every object in every domain in the entire forest, however, it does not contain every property of every object. By default, only one GC server exists in the entire forest and it’s on the first DC that was created in the forest. It’s replication is forest wide.

Design Tip: 1 Global Catalog server per site.


Forest    Back to top

An Active Directory forest sets the boundaries of the Windows 2000 AD. There is a single forest in the AD. Within it are trees, and within the trees are domains. The forest allows us to facilitate movement of objects within its boundaries. In a forest, all objects of the same type share the same properties (schema).


Organizational Units
    Back to top

Another new term with Windows 2000 – Organizational Units (OUs). Within a domain, there exists OUs. They can be thought of as a subdomain containing AD objects grouped by similar function or geographic location. The primary purpose for OUs is to delegate administrative authority and group policy application. Organizational Units can contain just about any AD object, including another OU. By default OUs inherit their permissions and group policies from their parent.


Domain Controllers    Back to top

A big change with Windows 2000 is the master/slave PDC/BDC roles of the servers. Now they are all Domain Controllers and they are all masters, accepting updates at any time. This multi-master model allows for replication throughout the domain and increases fault tolerance for the domain.

Whether a server is going to become a Domain Controller is a decision that is left until after the server installation is complete. Any Windows 2000 Server can be promoted to a domain controller and any domain controller can be demoted back down to a stand alone server or a member server.

Domain Controllers default to running in a mixed mode. Running in mixed mode allows the NT4 servers’ PDC/BDC replication to continue. Once all the servers are upgraded to Windows 2000 then the switch can be made to native mode. It’s important to note, however, that once the switch is made from mixed to native mode it cannot be reversed.

Design Tip: 1 domain controller per site.


Sites    Back to top

If you’ve worked with Exchange, then the concept of a site is not new to you. A site is a physical boundary defined within Active Directory, unlike forests, trees, domains, and OUs, which are all logical elements of AD. A site is defined as one or more well-connected IP subnets. Well-connected implies a reasonably fast, reliable connection (usually a T-1).

There is only one site per forest, by default. Sites are used to control domain replication, allow for faster user logons, and quicken response times to queries and searches by users. Sites can only contain computers and administrators have to manually create and configure all sites, site links, and site link bridges.

So, if you were counting along, the design tips recommended:
• 1 DC
• 1 DNS server
• 1 GC server
(all of these roles can be housed on the same computer)

Microsoft Virtualization Training Videos – Demand for Virtualization is escalating because it saves money, time, and makes testing and disaster recovery easier. Train Signal’s Microsoft Virtualization Course teaches you everything you need to know to utilize Virtual PC and Virtual Server!


 
Current related exam objectives for the 70-210 exam:

These notes do not directly cover one or more exam objectives, but is required basic info for almost every Windows 2000 exam.


Click here for the complete list of exam objectives.

Discuss this TechNote here Author: Lisa Clinton




 
 
 

All images and text are copyright protected, violations of these rights will be prosecuted to the full extent of the law.
2002-2015 TechExams.Net | Advertise | Disclaimer