Windows 2000 Operating System -- Active Directory Service COSC 516 Yuan YAO 08/29/2000

Windows 2000 Included Products Windows 2000 Professional Windows 2000 Server Windows 2000 Advanced Server Windows 2000 Datacenter Server Windows NT 4.0 Workstation Windows NT 4.0 Server Windows NT 4.0 Enterprise

Upgrade to Windows – 2000: automatic setup will report incompatibility, some application have different components for two 98 – 2000: tricky due to lots of hardware and software compatibility problems NT 4.0 – 2000: easier but not without problems

What to expect if you …are on the road (Remote users) …work at home (Home office users) … run a small business (Small business) …run a larger network (Medium-size and large enterprise) …provide internet services (Service provider)

Active Directory Service A true hierarchical, distributed directory service for managing resources across an enterprise or extranet.

ADS Terminology Directory and Directory Services Directory is an information store. Directory Services are a directory itself as well as the services it provides, such as security and replication. Workgroup and Domain A Windows 2000 workgroup is a logical grouping of networked computers that share resources, such as files and printers, and maintain a local security database, which is a list of user accounts and resource security information for the computer it is on. A Windows 2000 domain is a logical grouping of networked computers that share a central directory database, which contains user accounts and security information for the domain.

ADS Terminology Domain Tree and Forest A domain tree refers to a hierarchical grouping of domains that share a contiguous namespace, a common schema, and a common global catalog. A domain forest is a collection of two or more domain trees that do not share a contiguous namespace, but do share common schema and global catalog. Namespace A collection of unique domain names.

ADS Terminology Object and Organizational unit An object is a representation of a network resource, including users, computers, printers, and so forth. Organizational unit is an object that can hold other objects. Multimaster replication The process by which Active Directory domains replicate with each other and resolve conflicting updates. Lightweight Directory Access Protocol (LDAP) An Internet standard by which Active Directory clients and servers communicate.

Do you need Directory Service ? A central database that keeps track of every resource and user in an enterprise-wide network. If you don't need a full directory service yet, you should get ready by practicing the discipline of using a consistent naming scheme.

Importance of Directories Become the points of reference for applications and user services. Provide single sign-on. Become increasingly important as business networks expand to include connections with business partners and customers.

Existing Directory Services Bull, Computer Associates, Hewlett-Packard, IBM, Tivoli, and Unisys have offered directory solutions. But hefty price tags and lack of interoperability have limited their adoption. Active Directory brings a big buzz. Novell Directory Services (NDS) and the Novell ZenWorks software family have also made many administrators aware of the importance of directory services.

What is a hierarchical namespace?

Scalability Comparison Active Directory Service partitions can hold millions of objects and use indexed data stores Novell Domain Service partitions are limited to 1,000 objects NT 4 Domain Service can only provide limited scalability, one NT 4 server stores the entire domain database

Transitive Kerberos Trusts If domain A trusts domain B, and domain B trusts domain C, then domain A trusts domain C and vice versa. Trusts give user and group rights to traverse domains and are essential for single sign-on. It reduces the complexity of maintenance.

A Distributed Directory Service Directory servers are typically distributed across a network so that they are easily reachable by clients and servers. Data relationships and naming Replication Caching

Data Relationships & Naming For NT 4, administrative authority could only delegate to the domain level. ADS gives the administrative authority down to the Organizational Unit level. For NDS, user rights to other domain objects or common resources can be assigned to an Organizational Unit. For ADS, rights must always be configured for individual users and groups.

Replication Domain Controller, a server that contains directory information and responds to database requests or routing requests for resources. NT 4's Primary and Backup Domain Controllers have been replaced in 2000 by a peer model. Any server can be promoted to AD domain controller status. Multimaster Replication replicates changes made to any single controller to all other controllers.

Caching To improve response time for directory queries, directory servers can save a copy of frequently requested directory service information locally in Global Catalog (GC)

Migrating to Active Directory Domains to Active Directory: Requires extensive planning and testing NDS to ADS: No good reasons to switch to Active Directory, unless plan to abandon NetWare completely. Better create a test-bed first.

Domain Modes Mixed Mode Allows the domain controllers to interactive with any domain controllers running previous versions of Win 2000 Server. Native Mode All the domains are integrated with Active Directory, and all Windows NT 4 domain controllers are upgraded to Windows 2000 Server

Mixed Mode to Native Mode: Upgrade all domain controllers. Reconfigure the domains by using Active Directory Migration Tool or FastLane, etc. Several points: Support for down-level replication ceases. Can no longer add new down-level domain controllers to the domain. No more primary domain controller, all domain controllers are peers. The change is one way only.