One, introduction to the Active Directory
Active Directory (Active Directory) Yes Windows Server 2003 the components that provide directory services in the domain environment. Directory service on Microsoft platform Windows Server 2000 we started to introduce, so we can understand that the Active Directory is a way to implement directory service on Microsoft platform. Of course, directory services are implemented on non-Microsoft platforms.
Windows Server 2003 there are two network environments: workgroup and domain. The default network environment is workgroup. The following illustration
the working group network is also called "peering" network, because each computer in the network has equal status, and their resources and management are scattered on each computer, therefore, the working group environment is characterized by decentralized management. Each computer in the working group environment has its own "local security account database", which is called SAM the database. This SAM what is a database used? In fact, when we log on to the computer at ordinary times, when we enter the account and password, we will go to this SAM database verification, if the account we entered exists SAM in the database, the password is also correct, SAM the database will notify the system to log on. And this SAM by default, databases are stored in C:\WINDOWS\system32\config in the folder, this is the login verification process in the working group environment.
If we have an application scenario: 200 A company with a computer, we hope that the account on a computer Bob you can access resources in each computer or log on to each computer. In the working group environment, we must 200 each of the computers SAM created in the database Bob this account. Once Bob to change the password, you must change it. 200 times ! I guess the administrator of this enterprise is enough. Now it's just 200 A computer company, if there is 5000 for a company with tens of thousands of computers, the administrator may be mad. This is the application scenario of the domain environment.
Any friend who works on Microsoft platform, whether in the system direction or development direction or IT practitioners, I think everyone has heard about the domain environment more than once, but many friends are unfamiliar with the domain environment and do not know how to start, or even do not know the importance of the domain environment on Microsoft platform. I can make an analogy like this: if someone asks me, why does your company buy it Windows Server 2003/2008 ? I will tell him that I went to the activity catalog. In fact, Microsoft server-level products, such MOSS , Exchange and so on all need the support of the activity catalog, package is currently being promoted by Microsoft UC the platform cannot be separated from the Active Directory support.
Windows Server 2003 the biggest difference between the domain environment and the working group environment is that all computers in the Domain share a centralized Directory database (also called Active Directory database), which contains objects in the entire domain (user accounts, computer accounts, printers, shared files, etc.) and security information, while the Active Directory is responsible for adding, modifying, updating and deleting the directory database. So we have Windows Server 2003 to implement the domain environment, you need to install the Active Directory. Active Directory provides directory service and centralized management of enterprise network environment. For example, in the preceding example, you only need to create one in the active directory in the domain environment. Bob account, then you can 200 log on to one of the computers Bob , if you want Bob to change the password of an account, you only need to change it once in the Active Directory.
Second, concepts related to active directories
A namespace is a defined area. For example, we regard a phone book as a namespace. ", then we can find the phone number, address, company name and other information related to this person's name through a person's name in the defined area of the phone book. And Windows Server 2003 the Active Directory of is a namespace. We can find the information related to this object through the name of the object in the Active Directory. The namespace of the Active Directory uses DNS , so the Active Directory domain name adopts DNS the format name. We can name the domain name contoso.com,abc.com and so on.
2, domain, domain tree, forest, and Organization Unit
the logical structure package of the Active Directory: Domain ( Domain ), domain tree (Domain Tree) , Lin ( Forest ) and Organization Unit ( Organization Unit ). The following illustration
A domain is a logical group. To be exact, it is an environment. A domain is the minimum boundary for security. A domain environment can centrally and uniformly manage resources in the network. To achieve a domain environment, you must install an active directory on your computer.
A domain tree consists of a group of domains with continuous namespaces. The following illustration
the top domain name is contoso.com , this domain is the root domain of this domain tree (root domain) , under the root domain
with 2- A child domain, respectively gsd.contoso.com and ged.contoso.com . From the figure, we can see that their namespaces are continuous. For example, domain gsd.contoso.com the suffix of contains the domain name of the parent domain. contoso.com . In fact, subdomains gsd.contoso.com and ged.contoso.com you can also have your own subdomains. I didn't give them in the figure.
All domains in the domain tree share one Active Directory ( active Directory ) , the data in this active directory is stored in various domains, and each domain only stores data in this domain, such as user accounts and computer accounts in this domain, Windows Server 2003 objects stored in each domain are collectively referred to Active Directory .
Lin ( Forest ) is composed of one or more domain trees. Each domain tree has an exclusive namespace. There is no namespace continuity between different domain trees. The root domain of the first domain tree in the forest is also the root domain of the whole forest and also the name of the forest.
Organization Unit ( OU ) is a container that can contain objects (user accounts, computer accounts, etc.), or other organizational units ( OU ).
3, domain controller and site
the physical structure of the Active Directory consists of a domain controller and a site.
Domain Controller ( Domain Controller ) is the storage place of the Active Directory, that is, the Active Directory is stored in the domain controller. The computer with the Active Directory installed is called the domain controller. In fact, when you first install the Active Directory, the computer with the Active Directory installed becomes the domain controller. A domain can have one or more domain controllers. The most classic method is to control the primary and secondary domains. Ha ha, these concepts sound a bit bit bit bit.
Again, a domain is a logical organizational form. It can manage resources in a network in a unified manner, just like a distributed network management in a working group environment. To implement a domain, an active directory must be installed on a computer. A computer with an Active Directory installed is called a domain controller ( DC ).
When the Active Directory database of one domain controller is changed, the changed data will be copied to the Active Directory database of other domain controllers.
Site ( Site ) generally corresponds to the geographical location. It consists of one or several physical subnets. The purpose of creating a site is to optimize DC copy. An Active Directory allows a site to have multiple domains, and a domain can also belong to multiple sites.
This article is forwarded from terryli51CTO blog, original link: http://blog.51cto.com/terryli/141686,如需转载请自行联系原作者
Selected, One-Stop Store for Enterprise Applications
Support various scenarios to meet companies' needs at different stages of development