Programming the Active Directory
Directory Services are a specialized part of .NET and thus the API functionality is contained in its own dedicated DLL (System.DirectoryServices.dll).
AD programming, specifically, can be done via the System.DirectoryServices.ActiveDirectory namespace which provides access to the ADSI, although DirectoryServices provides access to a wider range of directory services, such as NDS (the Novell NetWare directory service).
ADSI is the name of the programmatic interface into Active Directory. Admin tasks such as backing up databases, testing printers and administering user accounts can be done via the ADSI (Active Directory Service Interfaces).
Evolution of Directory Services
Here is an interesting comparison of AD versus Novell NetWare. More interesting than the comparison, is the discussion of the evolution of directory services, from a "white pages" service of people on the network, to a way to access network resources such as printers, and apply security permissions. AD thus has quite an impressive scope. There is also the provision of "directory-enabled infrastructure" such as shared file systems.
Some people call this the "NOS" or Network Operating System. Windows NT introduced the notion of "domains" (security and administrative boundaries within the network) and the related notion of "domain controllers" (administrative services in the "NOS"). There were certain limitations in the initial releases of Windows NT (such as domains supporting only a maximum of 40,000 objects - users, groups, computers), causing Microsoft to later embrace the LDAP standard in the design of new technology.
X.500 DAP and Some of its Limitations (Directory Server Technology from late 80s to late 90s)
In 1988, the ITU and ISO came together to develop the X.500 model for directory services, based on the OSI model (rather than the more lightweight TCP/IP). This led to the development a more lightweight version called LDAP. Version 3 of LDAP was published in 1997. LDAP-based directory servers have been developed by many vendors including IBM, Microsoft and Novell.
Basic X.500 Concepts and Terminology
X.500 refers to Directory System Agents (DSAs) i.e. directory servers, each holding part of the Directory Information Base (DIB). The DIB objects are structured by a Directory Information Tree (DIT). As LDAP emerged, the first LDAP-based servers were gateways into X.500 servers, before the trend came to break away from X.500 altogether.
Active Directory Concepts
The basic structuring concepts in AD are DOMAINS, DOMAIN TREES and FORESTS. This is the logical structure of AD. Domains in AD consist of a hierarchical structure of containers and objects, like in X.500 and a DNS name as a unique identified (e.g. techno.com). Adding europe.techno.com and asia.techno.com would create a hierarchical structure called a domain tree. Domains in a domain tree trust each other via transitive trusts (if A trusts B, B trusts C, then A trusts C). A FOREST is a collection of one or more domain trees. Domains are administered by domain controllers.
Time Synchronisation in the Forest
This is based on Network Time Protocol (NTP).
Directory Services are a specialized part of .NET and thus the API functionality is contained in its own dedicated DLL (System.DirectoryServices.dll).
AD programming, specifically, can be done via the System.DirectoryServices.ActiveDirectory namespace which provides access to the ADSI, although DirectoryServices provides access to a wider range of directory services, such as NDS (the Novell NetWare directory service).
ADSI is the name of the programmatic interface into Active Directory. Admin tasks such as backing up databases, testing printers and administering user accounts can be done via the ADSI (Active Directory Service Interfaces).
Evolution of Directory Services
Here is an interesting comparison of AD versus Novell NetWare. More interesting than the comparison, is the discussion of the evolution of directory services, from a "white pages" service of people on the network, to a way to access network resources such as printers, and apply security permissions. AD thus has quite an impressive scope. There is also the provision of "directory-enabled infrastructure" such as shared file systems.
Some people call this the "NOS" or Network Operating System. Windows NT introduced the notion of "domains" (security and administrative boundaries within the network) and the related notion of "domain controllers" (administrative services in the "NOS"). There were certain limitations in the initial releases of Windows NT (such as domains supporting only a maximum of 40,000 objects - users, groups, computers), causing Microsoft to later embrace the LDAP standard in the design of new technology.
X.500 DAP and Some of its Limitations (Directory Server Technology from late 80s to late 90s)
In 1988, the ITU and ISO came together to develop the X.500 model for directory services, based on the OSI model (rather than the more lightweight TCP/IP). This led to the development a more lightweight version called LDAP. Version 3 of LDAP was published in 1997. LDAP-based directory servers have been developed by many vendors including IBM, Microsoft and Novell.
Basic X.500 Concepts and Terminology
X.500 refers to Directory System Agents (DSAs) i.e. directory servers, each holding part of the Directory Information Base (DIB). The DIB objects are structured by a Directory Information Tree (DIT). As LDAP emerged, the first LDAP-based servers were gateways into X.500 servers, before the trend came to break away from X.500 altogether.
Active Directory Concepts
The basic structuring concepts in AD are DOMAINS, DOMAIN TREES and FORESTS. This is the logical structure of AD. Domains in AD consist of a hierarchical structure of containers and objects, like in X.500 and a DNS name as a unique identified (e.g. techno.com). Adding europe.techno.com and asia.techno.com would create a hierarchical structure called a domain tree. Domains in a domain tree trust each other via transitive trusts (if A trusts B, B trusts C, then A trusts C). A FOREST is a collection of one or more domain trees. Domains are administered by domain controllers.
Time Synchronisation in the Forest
This is based on Network Time Protocol (NTP).
No comments:
Post a Comment