Windows Server 2012 : Active Directory Domain Services Primer - AD DS Structure - Understanding the AD DS Domain

9/28/2013 7:22:05 PM

Reviewing the Original Microsoft Directory Systems

Exchange Server 5.5 ran its own directory service as part of its email environment. In fact, AD DS took many of its key design components from the original Exchange directory service. For example, the AD DS database uses the same Jet database format as Exchange 5.5 and the site replication topology is similar in many ways.

Several other Microsoft applications ran their own directory services, namely Internet Information Server and Site Server. However, each directory service was separate from the others, and integration was not very tight between the different implementations.

Outlining the Key Features of Active Directory Domain Services

Five key components are central to AD DS’s functionality. As compatibility with Internet standards has become required for new directory services, the existing implementations have adjusted and focused on these areas:

TCP/IP compatibility—Unlike some of the original proprietary protocols such as IPX/SPX and NetBEUI, the Transmission Control Protocol/Internet Protocol (TCP/IP) was designed to be cross-platform. The subsequent adoption of TCP/IP as an Internet standard for computer communications has propelled it to the forefront of the protocol world and essentially made it a requirement for enterprise operating systems. AD DS and Windows Server 2012 utilize the TCP/IP protocol stack as their primary method of communications.

Lightweight Directory Access Protocol support—LDAP has emerged as the standard Internet directory protocol and is used to update and query data within the directory. AD DS directly supports LDAP.

Domain name system (DNS) support—DNS was created out of a need to translate simplified names that can be understood by humans (such as into an IP address that is understood by a computer (such as The AD DS structure supports and effectively requires DNS to function properly.

Security support—Internet standards-based security support is vital to the smooth functioning of an environment that is essentially connected to millions of computers around the world. Lack of strong security is an invitation to be hacked, and Windows Server 2012 and AD DS have taken security to greater levels. Support for IP Security (IPsec), Kerberos, certificate authorities, and Secure Sockets Layer (SSL) encryption is built in to Windows Server 2012 and AD DS.

Ease of administration—Although often overlooked in powerful directory services implementations, the ease in which the environment is administered and configured directly affects the overall costs associated with its use. AD DS and Windows Server 2012 are specifically designed for ease of use to lessen the learning curve associated with the use of a new environment. Windows Server 2012 also enhanced AD DS administration with the introduction of the Active Directory Administration Center, Active Directory Web Services, and an Active Directory module for Windows PowerShell command-line administration which has been greatly improved from the one originally included in Windows Server 2008 and Windows Server 2008 R2. PowerShell support in Windows Server 2012 AD DS now allows for better troubleshooting and fully automated provisioning of domain controllers and entire forests from the command line.

Detailing Microsoft’s Adoption of Internet Standards

Since the early development of Windows 2000/2003/2003 R2/2008/2008 R2 and continuing with Windows Server 2012, Microsoft has strived to make all its products Internet compatible and friendly. Standards that before had been options or previously incompatible were subsequently woven into the software as primary methods of communication and operability. All applications and operating systems became TCP/IP compliant, and proprietary protocols such as NetBEUI were phased out.

With the introduction of Windows Server 2012, the Internet readiness of the Microsoft environment reaches new levels of functionality, with enhancements such as the ability to join virtual domain controller templates to a forest; the ability to restore deleted objects using the Active Directory Recycle Bin, offline domain join, and Managed Service Accounts; the ability to use multiple password policies per domain; read-only domain controller (RODC) support, the ability to start/stop AD on a domain controller (DC), and the ability to audit changes made to AD objects.

1. Understanding the AD DS Domain

An AD DS domain, traditionally represented by a triangle, as shown in Figure 1, is the initial logical boundary of AD DS. In a standalone sense, an AD DS domain acts very much like the legacy Windows NT 4.0 domain structure that it replaced. Users and computers are all stored and managed from within the boundaries of the domain. However, several major changes have been made to the structure of the domain and how it relates to other domains within the AD DS structure.


Figure 1. Examining a sample domain in AD DS.

Domains in AD DS serve as administrative security boundaries for objects and contain their own security policies. It is important to keep in mind that domains are a logical organization of objects and can easily span multiple physical locations. Consequently, it is no longer necessary to set up multiple domains for different remote offices or sites as replication concerns and security concerns are more properly addressed with the use of AD DS sites or RODCs, which are described in greater detail in the following sections.

Top 10
3 Tips for Maintaining Your Cell Phone Battery (part 2) - Discharge Smart, Use Smart
3 Tips for Maintaining Your Cell Phone Battery (part 1) - Charge Smart
OPEL MERIVA : Making a grand entrance
FORD MONDEO 2.0 ECOBOOST : Modern Mondeo
BMW 650i COUPE : Sexy retooling of BMW's 6-series
BMW 120d; M135i - Finely tuned
PHP Tutorials : Storing Images in MySQL with PHP (part 2) - Creating the HTML, Inserting the Image into MySQL
PHP Tutorials : Storing Images in MySQL with PHP (part 1) - Why store binary files in MySQL using PHP?
Java Tutorials : Nested For Loop (part 2) - Program to create a Two-Dimensional Array
Java Tutorials : Nested For Loop (part 1)
- First look: Apple Watch

- 3 Tips for Maintaining Your Cell Phone Battery (part 1)

- 3 Tips for Maintaining Your Cell Phone Battery (part 2)
- How to create your first Swimlane Diagram or Cross-Functional Flowchart Diagram by using Microsoft Visio 2010 (Part 1)

- How to create your first Swimlane Diagram or Cross-Functional Flowchart Diagram by using Microsoft Visio 2010 (Part 2)

- How to create your first Swimlane Diagram or Cross-Functional Flowchart Diagram by using Microsoft Visio 2010 (Part 3)
Popular Tags
Microsoft Access Microsoft Excel Microsoft OneNote Microsoft PowerPoint Microsoft Project Microsoft Visio Microsoft Word Active Directory Biztalk Exchange Server Microsoft LynC Server Microsoft Dynamic Sharepoint Sql Server Windows Server 2008 Windows Server 2012 Windows 7 Windows 8 Adobe Indesign Adobe Flash Professional Dreamweaver Adobe Illustrator Adobe After Effects Adobe Photoshop Adobe Fireworks Adobe Flash Catalyst Corel Painter X CorelDRAW X5 CorelDraw 10 QuarkXPress 8 windows Phone 7 windows Phone 8 BlackBerry Android Ipad Iphone iOS