Active Directory
Directory Service
Directory
LDAP
X.500
DAP
DNS
Replication
Domain Controller
Key Players
Novell
Netscape
Directory Service:
Feature # 2
Feature # 3
Sub-Menu1
XML On-line
HTML Online
CSS Online
Scott Cipri
Carlos Andres Jara
Dustin Lane
Emily Perrin
Bibliography

What is Active Directory?

Active Directory is the directory service included in the Windows 2000 Server family. It allows for presentation of a network in a precise and unique manner, allowing system administrators to manage complex systems. It also allows searching and locating objects when asked; permits communication between all of the system's parts including those outside the system's scope. In addition it supports security features and control user access to network objects. Active Directory makes a transparent view distinction between inside and outside the local network (or domain) to present an identical view of content, regardless of location.(A)

Directory Service: A service that maintains the logical order in a network that interconnects many sites and supports many users with countless network objects. (A)

Directory: a container of information about objects people, places, and things. A directory gives users a logical view of these projects, but in a form that makes the information searchable, useful and reusable. (D)

DNS

Active Directory uses the organization and naming schemes of the Internet to bring to the network the same hierarchical order that is used on the Internet. The DNS function of Active Directory joins the external (the internet) with the internal (local network) in a common naming scheme. It does this by "naming" every object on the network, and mapping each one's relationship to other (with domains). It also serves as the network's road map (because the network's map emulates the structure of the business itself). Therefore the Active Directory can be a powerful tool for modeling and mapping the business itself.

Replication

Active Directory allows for replication between two domain controllers. Usually when installing a Windows 2000 Server OS the first domain controller created will be the primary domain controller. In order to have a copy of the file system of this domain controller replication of the server is implemented. Replication between a primary and a secondary domain controller allows for replication of information frequently and automatically.

The Evolution of the LDAP
The University of Michigan developed Lightweight directory access protocol (LDAP) in 1998. The University of Michigan wanted to free clients from the heavyweight access protocol (DAP) for the X.500 directory access. So what they did was place a LDAP server between the client and the X.500 directory. The LDAP server translated a directory request from an LDAP client on a TCP/IP network from the client's language to that used by X.500 directory. Then the LDAP server sends the request to an X.500 server. Without the need of a X.500 the LDAP can supply a complete LDAP directory running on a TCP/IP network without the need of X.500. LDAP is now a directory service and not just a protocol.

X.500: The Directory System Agent (DSA), also known as X.500 is the database in which directory information is stored. This database is hierarchical in form, for fast and accurate search and retrieval.

DAP: The directory Access Protocol is a protocol used in X.500 Directory Services for controlling communications between the Directory User Agent (DUA) and Directory System Agent (DSA) agents. The agent represents the directory and program or the user. What is DUA? The Directory User Agent (DUA) provides functionality that can implement in different types of interfaces. Some examples of the interfaces are DUA clients, Web server gateways, or e-mail applications.

LDAP is the primary access method for Active Directory. LDAP combine routing and transport services in a faster way than do traditional networks and transport layer protocols. This is more effective in transporting over high-speed lines such as fiber-optic cables. LDAP is a subset of the X.500 protocol. This means that the clients are smaller, faster and easier to implement than the X.500 clients. LDAP is vendor independent and works with, but does not require an X.500. Unlike the X.500 the LDAP supports TCP/IP, which is need to support any Internet access. The LDAP is an open protocol and applications are independent of the server platform hosting the directory.

The Impact of LDAP Ldap had a huge impact on the industry about six years ago. Back then products worked in isolated environments, with there own data sets. When LDAP came along it introduced and openness to the industry. Not only did it affect the X.500 and other directory products but it also affected applications and operating systems now supporting at least an access protocol that facilitated data sharing.

Industry

Key Players

As server operating system technologies go Active Directory, patterned after Novell's NDS (NetWare Directory System), is the market leader of the directory system world. "Microsoft's Active Directory is the front-runner, but by no means the contestant", reads the headline from a June article found @ computer.com. Other contesters are directory service products put out by Netscape, Novell, & iPlanet.

Novell (NDS)

Novell created the enterprise networking market by implementing directory services before Microsoft even knew what the term meant. And to its credit, Novell ported its NDS product to NT two years before Microsoft began developing its proprietary Active Directory product. With this in mind you can see how Novell's product could be inferior to AD since it is based on older technologies and standards.

Novell offers a different security and management model than AD, and if you are accustomed to the metadata level of user/group-member management with Novell solutions, you may not want to switch over from eDirectory to AD. You will not be able to deploy AD in your NDS infrastructure (or any other non-Windows system). NDS is geared towards administering tighter security control, and a fuller management. When you want to deny access to a group while using of NDS, you don't have to branch out a new tree, you just create a filter.

With NDS the user gets the benefit of Exchange server directory services without logging on to the Exchange host NT server itself, Active Directory can not do this. NDS includes automatic and completely transitive trust, as does AD. But; in order to keep Access Control Lists (ACL's) updated NDS uses dynamic inheritance, while AD makes use of static inheritance. This difference plays a huge role in the amount of data created for each object.

Where there is replication there is a transport method. NDS uses a proprietary method of transport that opens new ports in firewalls in order to let replication traffic through, as opposed to AD which uses SMPT & RPC (Remote Procedural Protocol) which allows AD to e-mail updates to another server.

Netscape (Directory Service)

Netscape's Directory Service was the first to commercially implement Lightweight Directory access Protocol (LDAP) standard. This standard specifies how to communicate with directory-service databases to add, change, or request resource information. Although Netscape doesn't call Directory Server a metadirectory product, you can set up a limited metadirectory for NT networks running Netscape Internet and intranet services.

Variations in Product and Service

While it is no small task to deploy any directory system, Microsoft boasts that it is the most user friendly of the bunch, it also appears to be the best investment choice for medium size companies that are expecting to expand or grow in the short run. "Novell and Netscape's directory-service applications are third-party solutions to integrate directory services across various network operating systems. They create a directory management foundation for heterogeneous networks while Microsoft is the first to bind directory services with a network operating system." As long as there are NetWare and Unix systems at the core of enterprise networking, these third-party solutions will maintain their position.

Solutions & Resolutions

The key players in helping resolve issues regarding directory service are the consumers who correspond with the manufacturers of the products, as they detect flaws or bugs within the software.

The key players in helping resolve issues regarding directory service are the consumers who correspond with the manufacturers of the products, as they detect flaws or bugs within the software.

As stated earlier, Microsoft is the leader, and it possesses the resources to research this product and develop it. Microsoft's integration of Active Directory with the Windows 2000 operating system, and the growth of Windows networking overall, will be enough to give Active Directory the lead role in a number of installed AD servers over the next couple of years. Cisco is trying to get Active Directory ported to Sun's Solaris operating system. If this is achieved, than the Unix Active Directory will penetrate market for directory services in growing numbers--both because of Cisco's presence in most of the Internet-connected enterprises and because of the need to integrate network solutions. These are expected to be new deployments rather than replacements for existing directory services.

Outlook

Where do we go from here?

With so many directory services available how does a company choose on that is best for their business? The first question that needs to be addressed is whether the upgrade in necessary for business functions. When asking that question it is important to anticipate the future needs of the business. Active Directory is good for large-scale corporations that NT could not satisfy as well as small businesses. It is important to develop a planning and implementation scheme for Active Directory once it has been chosen. If this is not done administrators may find that the upgrade from NT to Win2K may be a painful transition.

Netware has the advantage of being on the market already and Netscape was the first to implement the latest version of LDAP. These companies have sustained considerable market share, but that may simply be due to the unavailability of Active Directory. According to International Data Corporation (IDC), one in five Netware users will replace their server in the next year and 85 percent of these users will choose Win2K as a replacement. It seems that Microsoft will corner this market as well.

The Future of LDAP

In July of 1999 the Directory Interoperability Forum (DIF) merged various directory services into a standard based on LDAP. Microsoft has incorporated these standards into Active Directory.

DIF has launched its second integration of standards for LDAP, WWL2. "Open Brand for LDAP 2000 requires specific conformity for server products and the directory servers that meet that criteria gain the right to carry the LDAP 2000 brand logo. WWL2 goes beyond LDAP 2000 standards and certifies applications that will work with any Open Brand for LDAP 2000 server (Kearns 2001). This application certification will ease the minds of network managers. Products that carry the label will be more marketable. Will Microsoft seek the certification of WWL2? Our predictions are that yes, Microsoft, will incorporate the requirements into their applications if the market demands it.

It seems that with the new release of LDAP 3 and the implementation of standards for the protocol the technology will be around for a while. There are no significant competitors in the directory protocol arena and the definitions of standards will deter any from coming along until a real need is identified. Active Directory has been in the works for several years and is about to become available to businesses. Microsoft retains the majority of the market of operating systems and will continue to do so. The release of Active Directory will reinforce this position and perhaps increase market share. NT was less than desirable for large corporations and Active Directory resolves this problem making a new market sector available.

Bibliography

Aspinwall, Jim http://www.computeruser.com "Who will be Your Directory Services?"


Chowdhury, Pankaj ZDNet http://www.zdnet.com "Windows NT Guide (Replication)"


Kearns, Dave Network World Fusion http://www.nwfusion.com/ "Has Active Directory Won the War?"


Kearns, Dave Network World Fusion http://www.nwfusion.com/ "Has Active Directory Won the War?"


Kearns, Dave Network World Fusion http://www.nwfusion.com/ "Announcing Recipients of LDAP 2000 Standard


Goodman, David and Colin Robbins Nexor http://www.nexor.com "LDAP-Moving Forward"


Network Computing Internet Site http://www.networkcomputing.com "Network Design Manual,Directory Services: "The Active Directory"


Madden, Finnel, Sheldon, Wilansky MCSE Training Kit Windows 2000 Server.


Microsoft http://msdn.microsoft.com/ "Microsoft Windows Active Directory: An Introduction to the Next Generation Directory Services"


Microsoft Product Support Service http://support.Microsoft.com "Introduction to Lightweight directory Access protocol"


Sosinsky, Barrie Windows 2000 Magazine http://www.win2000mag.com/ "Novell's Window of Opportunity"


Windows 2000 Magazine http://www.win2000mag.com/ "Directory Services Heats Up"


Zhou, Tao Windows 2000 Magazine http://www.winntmag.com "The Evolution of LDAP"