Active Directory in Windows Server 2003
Exposure to Active Directory when working with Windows Server 2003 is all but unavoidable. It is important to understand the basics of this massive component of Server 2003 network environments if you are going to be administrating any part of a Windows network. To gain an understanding of how Active Directory operates, we need to first look at directory services in general.
What Exactly Is Directory Service?
In the early ’90s, directory services were unheard of because back in those times networking products were primarily designed for workgroups, which are small groups of computers connected together that share some resources and documents. Over time, networks grew bigger and bigger, until we arrived where we are now: Where it is not at all uncommon for a network to consist of thousands of nodes.
From these large network environments was born the need to have an index of sorts, for locating network resources. Directory services in networks work much the same as phone books do, keeping track of data associated with individual nodes. Modern directory services, like Active Directory (AD), contain information about computers, users, hardware and software devices, printers, and applications. This information is stored in a central directory where it can be available to anyone at any time.
Active Directory and Domain Controllers
Active Directory is the directory service used with Windows Server 2003 Domains, not workgroups. It is far more than just a database, offering a collection of additional supporting components, like transaction logs, Sysvol, logon scripts, and group policy information.
Some of the services that use AD are LDAP, Kerberos security and replication processes. Active Directory also provides a collection of utilities for administrators to use in managing the directory service. It can be installed on one or more domain controllers and if installed on more than one, replication will have to be configured to keep the databases in sync.
Since Active Directory is such a critical part of a Windows domain, networks will frequently have two Domain Controllers configured in the event that one goes down, so that the other may take over. The typical configuration of replication between two domain controllers is simple: When a change is made to an Active Directory database record, the change is replicated to all other domain controllers in the domain.
This method is called "multiple-master replication" because changes can be made from any domain controller. Single-Master Replication was a method used in old NT network environments. Changes had to be made on the Primary Domain Controller only, and changes were replicated to the Backup Domain Controllers.
The modern multiple-master method has less administrative overhead. In complex networks (i.e multiple sites, domains, or forests) replication is much more complicated, but that is a lesson for a much later time.
This post is part of the series: Windows Server 2003 Guides
- Windows Server 2003 Editions
- Installing Windows Server 2003
- Windows Server 2003 Active Directory 101
- Understanding Windows Server 2003 Groups
- Promoting Windows Server 2003 to Domain Controller