• 
• 
• 
• 
• 
• 
• 

 1 of 7

Gallery

Active Directory Workshop

Posted on 5 Jun 2002 at 14:59

The most obvious change, though, is a new Directory icon in the My Network Places folder, through which we can navigate the directory to locate our shared files and printers, using domains, OUs and other container objects.

It may not sound like much of an advance, but the directory information is all located in one place, ready-indexed for fast retrieval. As we've already pointed out, it's quick and easy to find resources no matter where they're physically located on the network. But equally important is the fact that the directory can be configured to reflect the logical structure of an organisation rather than the layout of the network itself and its constituent servers, printers and other devices. That too can offer advantages, not least being able to locate and use resources without having to know the names of the servers or networks to which they're attached.

And there's more

There are other benefits to implementing Microsoft's AD, such as making it easier to lock down user desktops through the use of Windows 2000 group policies. These can be defined and stored in the directory, making it possible to control users and their desktops across the entire network, all from one place.

Security can be enhanced too, with facilities within AD to store and use X.509 digital certificates, again with centralised management and control across the entire network. It's important not to forget that other applications can make use of AD, to store and access information beyond the simple resource data covered here. It's not the only directory in town, but there are lots of companies using it, even to support large e-business applications reportedly handling millions of individual users.

However, that's not to say that AD is for everyone. If you're happy with NT domains, there may be little to be gained in moving up to AD, especially as there's often a lot of hassle involved unless you're already migrating or planning to migrate to Windows 2000. It's also a complex technology to get to grips with. In this workshop, we've concentrated on the basics of installing and using a single domain controller, but it's more complicated for larger networks where multiple domains and domain controllers are required. Bear in mind too that if access to shared network resources is your main goal, then AD is very much a Windows 2000- and XP-specific service. Windows NT and 9x users can't be authenticated by the Microsoft directory, neither can they use it to locate shared network resources, at least not without a lot of effort.

There have also been the usual bugs and problems reported with the software, although last year Microsoft claimed that some 75 per cent of its corporate customer base was either using AD or in the process of deploying it. A second generation of the directory service is on its way as part of the forthcoming Windows .NET release. That promises the usual enhancements to performance, scalability and functionality, and may ultimately win over the remaining 25 per cent yet to try the delights of the Microsoft directory.