DIT 615: ADMINISTERING

ACTIVE DIRECTORY

ASSIGNMENT 1

INTRODUCTION TO ACTIVE
DIRECTORY

Name ReDsHell

Student ID 01-200801-00???

Class Code D510

Instructor SHAHIDATUL ARFAH BINTI BAHARUDIN

Submission Date 10 SEPTEMBER 2009

Checked and Verified by

DIT 615: ADMINISTERING ACTIVE DIRECTORY
INTRODUCTION TO ACTIVE
DIRECTORY
Since the beginning of Information Technology’s era, Majority of
computer user need a networking to connect with each other whether
internally and for sure externally to exchanging information and
device. Then, Of course it will need a server to centralize the
administration and support. Therefore from there, come an
administrator to manage network resource such as update all end
users computers with new software, patches, files and so on. This
administering activity can be easily done with using the “Active
Directory” by simply updating one object in a forest or tree (levels
in Active Directory). In the surface concept, Active Directory can be
look as a cupboard which has many drawers and each drawer has kept
many items inside.

Active Directory is a directory structure used on Microsoft

Windows based computers and servers to store information and
data about networks and domains which allows administrators to
create a more flexibility Network structure. It is primarily used for
online information and does a variety of functions including:-

1. Provides information on the objects.

2. Organizes the objects for easy retrieval and access.

2
DIT 615: ADMINISTERING ACTIVE DIRECTORY
3. Controls access and sets security (allows access by end users
and administrators and allows the administrator to set security
up for the directory).

INTRODUCTION TO ACTIVE
DIRECTORY
An active directory can be defined as a hierarchical structure and
this structure is usually broken up into three main categories which
are:-

1. Resources which include printers.

2. Services which include email.
3. Users which include user accounts and groups.

An Active Directory actually is the implementation from Lightweight

Directory Access Protocol (LDAP) which is an application protocol
for querying and modifying directory services. An LDAP directory
tree is a hierarchical structure of organizations, domains, trees, groups,
and individual units. With LDAP, user can search other user information
or object without knowing the location in the first place.

3
DIT 615: ADMINISTERING ACTIVE DIRECTORY

Example of an LDAP Tree

HISTORY OF ACTIVE DIRECTORY

The oldest traceable part of Active Directory started life at 3Com
in 1988 or 1989. This was an incomplete project which X.500-ish
directory with custom communication protocols, built on top of a C-
Tree database and running under 16-bit OS/2. By 1990 3Com had
abandoned its network software efforts and the directory code moved
to Microsoft as part of some complicated deal. The LanMan group
planned to include the directory service in LanMan 3.0 and
immediately started porting it to the JET Blue ISAM and building an RPC
front end compliant with the X/Open XDS API.

At this point (in early 1991) Jim Allchin, who had recently taken
over the LanMan group, cancelled LanMan 3.0 and scrapped its
directory service project. In its place he created the Cairo project,
which included a completely non-X.500 like directory service that lived
as part of OFS, the Cairo file system.

The email group at Microsoft picked up two pieces out of the

wreckage of LanMan 3.0 which the DS and an X.400 MTA. Microsoft
ported the DS to Windows NT, finished the JET and XDS work, and
added a MAPI RPC interface, a query engine, the KCC, a modifiable
schema, the link table, and much more. This version of the DSA (plus
the MTA and a custom message store) shipped in Exchange 4.0 in
1996. By this point there’s very little of the original code left, although
some elderly data structures live on, at least in name.
4
DIT 615: ADMINISTERING ACTIVE DIRECTORY

Around late 1995 Cairo, and its attendant directory service, were
cancelled. This left the OS team with an urgent need for a DS (for
Windows 2000) but no plans to build one. To fill the hole, the week
after Exchange 4.0 shipped, the Exchange DS dev team made a copy
of the DS sources and moved to the Windows group, where we got re-
christened Active Directory, and the rest is history. Though it was
introduced in the 1990s, it did not become a part of the Operating
System until Windows 2000 Server was released in 2000. Since then,
Windows Server 2003 and Server 2008 have been introduced and
Active Directory has gone under some expansion.

ACTIVE DIRECTORY COMPONENT

Active Directory has three level involved which is:-

1. DOMAIN –

Is a combination of small network which contain variation

of object and Organization Unit (OU) which reside in
security or administrative boundary which mean that all
users within a domain normally function under the same
user-account policy. Has at least one Domain Controller.

• Object = Term to call a unit which inside a network

such as user, group, printer and shared folder. All
objects in Active Directory have an ID, usually an object
name (folder name). In addition to these objects being
able to hold other objects, every object has its own
attributes which allows it to be characterized by the
information which it contains.
• Organization Unit = is a container which has many
object inside it. It is a small group to define a
organization such as Admin, Finance, Marketing,
Technical, Production department and so on
5
DIT 615: ADMINISTERING ACTIVE DIRECTORY
• Domain Controller = service that manages security
for its local domain. Every domain has one PDC, which
contains a database of usernames, passwords and
permissions. The PDC also provides a time service for
the network and typically obtains the time from an edge
router, which gets its time from the Internet.

ACTIVE DIRECTORY COMPONENT

2. DOMAIN TREE –

A tree can be a child of another domain (e.g.,

marketing.redcorp.com is a child of redcorp.com). A child
domain name always includes the complete parent domain
name. A child domain and its parent share a two-way
transitive trust. A domain tree exists when one domain is
the child of another domain. A domain tree must have a
contiguous namespace

6
DIT 615: ADMINISTERING ACTIVE DIRECTORY

7
DIT 615: ADMINISTERING ACTIVE DIRECTORY

ACTIVE DIRECTORY COMPONENT

3. DOMAIN FOREST –

A forest is a collection of trees that don’t necessarily form

a contiguous namespace (although each tree must be
contiguous). This arrangement might be useful if your
company has multiple root DNS (Domain Name System)
addresses. Each forest has admin Group. Members of the
group have authority over all the Domain trees in the
forest. Each domain has a Domain admin Group and
administrator in a parent Domain automatically transitive
trust relationship. This type of structure is known as a
hierarchical structure

• Trust Relationships = Trust Relationships are

important in an Active Directory environment so
forests and domains can communicate with one
another and pass credentials. Within a single forest,
trusts are created when a domain is created. By
default, domains have an implicit two-way transitive
trust created. This means each domain trusts each
other for security access and credentials. A user in
domain A can access resources permitted to him in
domain B while a user in domain B can access
resources permitted to her in domain A.

8
DIT 615: ADMINISTERING ACTIVE DIRECTORY

CONCLUSION
With using the Active Directory, Administrator for a large
corporation or organization, can easily update all end users computers
with new software, patches, files, etc simply by updating one object in
a forest or tree. It is important to note that active directories are a
great way to organize a large organization or corporation's computers
data and network. Without an active directory, most end users would
have computers that would need to be updated individually and would
not have access to a larger network where data can be processed and
reports can be created. While active directories can be extremely
technical and require lots of expertise to navigate, they are essential
to storing information and data on networks.