Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 11: Directory Services. Directory Services A directory service is a database that contains information about all objects on the network. Directory.

Published byFrederica Ray Modified over 8 years ago

Similar presentations

Presentation on theme: "Chapter 11: Directory Services. Directory Services A directory service is a database that contains information about all objects on the network. Directory."— Presentation transcript:

1 Chapter 11: Directory Services

2 Directory Services A directory service is a database that contains information about all objects on the network. Directory services contain data and metadata. Metadata is information about data. For example: A user account is data. Metadata specifies what information is included in every user account object.

3 Directory Services Information within directories is organized hierarchically. This means that there is a strict set of rules as to where certain data is located within the directory based on the properties of that data. Unlike relational databases such as SQL where information is read and written often, information is usually only read from a directory service, but rarely is it input. For example: User account data changes very little once it has been entered.

4 Early Directory Services The first directory service was developed at PARC and was called Grapevine. X.500 was developed as a directory service standard by the ISO and CCITT. Although X.500 was developed as a comprehensive standard, as with the OSI model, it was not widely deployed on real- world LANs. X.500 formed the basis of a standard that is widely deployed known as LDAP. Some X.500 conventions are used in Active Directory and eDirectory.

5 LDAP Stands for Lightweight Directory Access Protocol. LDAP is a scaled-down implementation of the X.500 standard. Active Directory and eDirectory are based on LDAP. Netscape’s Directory Server was the first wide implementation of LDAP. It was used primarily for enterprise calendaring and contact management. Netscape’s product was not used for network management. Most LDAP directories use a single master method of replication. Changes are made to the master databases and then propagated out to subordinate databases. The disadvantage of this scheme is that it has a single point of failure. Objects within an LDAP directory are referenced using the object’s DN (Distinguished Name). The DN consists of the RDN (Relative Distinguished Name) appended with the names of ancestor entries.

6 LDAP II RDN of the user object in the figure is cn=ccarpenter. DN of the user object in the figure is cn=ccarpenter,ou=mn,o=emcp,c=us.

7 Novell eDirectory eDirectory is a partitioned and loosely replicated directory service. eDirectory can be used to manage multiple operating systems. The two primary components of eDirectory are database partitions and database replicas. Partitions are sectioned off according to location. The partition is hosted on a server local to that location. The primary benefit of this is that authentication is localized.

8 Novell eDirectory Database replicas are copies of partitions. There are several different types of replicas. Master replica: First copy of partition. Read-write replica: Can be used to authenticate and make changes to objects. Used for redundancy purposes. Read-only replica: Can be used to locate information, but not to change objects. Subordinate reference: Special replicate automatically created. Used as a pointer to a target replica.

9 eDirectory ObjectDescription countrytwo letter country code localitycity or state organizationtop level container in tree organizational unitcontainer object, used to represent department roottop level of tree Container objects are used to organize other objects within the directory. For example: You might place all of the accountant user objects within the accountants organizational unit. In eDirectory, a DN finishes at the organizational level. Objects are separated by periods. An accountant at EMCP with an user account named dmorgan, would have the DN.cn=dmorgan.ou=accountants.o=emcp.

10 Active Directory Active Directory is an implementation of LDAP that uses multimaster replication. Active Directory runs on Windows Server 2003 and Windows 2000 Server on special computers known as domain controllers. Active Directory can be used to manage almost every aspect of a Windows Server 2003 network. Active Directory can also be used as a type of phonebook. For example, you could query Active Directory to locate all users located on the 2 nd floor of a building. Alternatively you could locate all color printers at a particular location. Any domain controller can process directory updates. Replication uses the RPC protocol for servers on the same LAN and the SMTP protocol for servers located across WAN links.

11 Active Directory Components Domain. All user accounts within a domain share a common password policy. Different password policies require separate domains. Site. Used to represent a single physical location within Active Directory. Organizational Unit (OU). Can be used to represent organizational hierarchy. OU can contain OU. Group Policy Object (GPO). Collection of policies that can be applied to domains, sites, and OUs. Forest. Collection of domains with common schema. Tree. Collection of domains with common namespace.

12 GPO and Delegation Control of a particular OU can be delegated. For example: You could allow a certain user to administer all of the accountant’s user accounts, without allowing them to administer anyone else’s account. GPO can be applied to sites, domains, and OU. GPOs can be used to install software or to configure user environment settings. For example: You could install Microsoft Word at a particular location by creating a GPO that installs word and applying it to that location’s site. Alternatively, if you applied that same GPO to the domain, all users would have Word installed. If you applied that GPO to an OU instead, only users within that OU would have word installed.

13 Active Directory Naming Active Directory naming is similar to LDAP and eDirectory, though has a slightly different format. A user named Orin Thomas located within the Engineers OU in the melbourne.emcp.com domain of a Windows Server 2003 network would have the DN: CN=Orin Thomas,OU=Engineers,DC=Melbourne,DC=EMCP,DC=COM DNs are often used in scripts that query information from the Active Directory database. As an administrator you might right a script that queries the database to determine which users have not logged on to the network in the last six months.

14 Summary A directory service is a database that contains information about all objects on the network. LDAP is a scaled-down implementation of the X.500 standard. eDirectory is a partitioned and loosely replicated directory service. eDirectory partitions are sectioned off according to location. eDirectory database replicas are copies of partitions. Active Directory uses multimaster replication. Active Directory can be used to manage almost every aspect of a Windows Server 2003 network and as a type of phonebook.

15 Discussion Questions  What is the difference between an Active Directory site and domain?  What is the difference between an eDirectory partition and replica?  Discuss why you would apply one GPO to a domain and another GPO to an OU.  Which Directory Service can be used to manage multiple operating systems?  What weakness exists in the LDAP replication method?

Download ppt "Chapter 11: Directory Services. Directory Services A directory service is a database that contains information about all objects on the network. Directory."

Similar presentations

COMP091 OS1 Active Directory. Some History Early 1990s Windows for Workgroups introduced peer-to-peer networking based on SMB over netbios (tcp/ip still.

COMP091 OS1 Active Directory. Some History Early 1990s Windows for Workgroups introduced peer-to-peer networking based on SMB over netbios (tcp/ip still.
How to Succeed with Active Directory Robert Williams, PhD CEO Secure Logistix Corporation.

How to Succeed with Active Directory Robert Williams, PhD CEO Secure Logistix Corporation.
Active Directory: Final Solution to Enterprise System Integration

Active Directory: Final Solution to Enterprise System Integration
70-294: MCSE Guide to Microsoft Windows Server 2003 Active Directory, Enhanced Chapter 1: Introduction to Active Directory.

70-294: MCSE Guide to Microsoft Windows Server 2003 Active Directory, Enhanced Chapter 1: Introduction to Active Directory.
Chapter 6 Introducing Active Directory

Chapter 6 Introducing Active Directory
Chapter 4 Chapter 4: Planning the Active Directory and Security.

Chapter 4 Chapter 4: Planning the Active Directory and Security.
3.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.

3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
1 Chapter 1 Introduction to Windows Server 2003. 2 Two main goals for Net Admin Make network resources available to users Files, folders, printers, etc.

1 Chapter 1 Introduction to Windows Server Two main goals for Net Admin Make network resources available to users Files, folders, printers, etc.
Administering Active Directory

Administering Active Directory
Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.

Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.
Chapter 4 Introduction to Active Directory and Account Management

Chapter 4 Introduction to Active Directory and Account Management
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
7.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.

7.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.
3.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.

3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.
Understanding Active Directory

Understanding Active Directory
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.
Module 1: Introduction to Active Directory

Module 1: Introduction to Active Directory
A centralized system.  Active Directory is Microsoft's trademarked directory service, an integral part of the Windows architecture. Like other directory.

A centralized system.  Active Directory is Microsoft's trademarked directory service, an integral part of the Windows architecture. Like other directory.
Hands-On Microsoft Windows Server 2008

Hands-On Microsoft Windows Server 2008

Similar presentations

Ads by Google