Figure A: Active Directory Users and Computers interface is a tool
The main administrator for managing Active Directory objects.
We will discuss the process of creating or editing Active Directory objects later, now we will take a closer look at this interface because it helps us explore a bit of the structure of Active Directory. If you look at Figure A, you will see that there are a number of large directories, each of which corresponds to a specific type of object. Each object in Active Directory is assigned an object type (known as the object class).
Each object also has some related properties. Specific properties vary depending on the type of object.
For example, the Users folder contains user accounts, all classified as user objects, as shown in Figure B. If right-clicking on one of these user objects and selecting Properties from the right-click menu, You will see the object's properties sheet (as shown in Figure C).
Figure B: Users folder contains user accounts,
All are classified into user objects.
Figure C: When right-clicking on a user object and selecting
Properties, you will see the user properties page.
If you look at Figure C, you will see that there are a number of different information fields such as name, last name, phone number . Each of those fields corresponds to an attribute of an object. Although most of the fields in the image are uncommon, in some real situations these fields can be used to create collaborative folders. In fact, many applications are designed to extract information directly from Active Directory. For example, Microsoft Exchange Server (Microsoft's e-mail server product) creates a global address list based on the content of Active Directory. This list is used when sending email notifications to other users in the company.
If you look at Figure D, you will see a screen in which we performed a search with the name Hershey, and Outlook returned the entire Global Address List global address list, including Hershey. Not surprisingly, this is just a result. If you look at the results section of the window, you will see where Outlook displays the user's title, business phone number and the location where that field is popular. All this information is taken from Active Directory.
Figure D
If you want to see more detailed information about the user, right-click on the user's name and select Properties. When the window like Figure E is displayed. Remember that this is not an admin screen. This is simply a screen that any user in the company can access directly through Outlook 2007 to find information about other employees.
Figure E: View Active Directory information directly through Microsoft Outlook
After all, Outlook is a Microsoft product, so it only makes sense that Outlook will be able to retrieve information from Active Directory, part of another Microsoft product. However there are many people who do not realize one thing, which is quite easy for anyone with the proper permission to retrieve information from Active Directory. In fact, there are many third-party products designed to interact with Active Directory. One of them has the ability to store data in special Active Directory sections.
The reason it is reasonable for you or with third party software vendors when interacting with the Active Directory is because the Active Directory is based on a known standard. The Active Directory is based on a standard called X.500. This standard is basically a generic way of implementing directory services. Microsoft is not just a directory creation service company based on this service, but Novell also initially created the NetWare Directory Service directory service on this standard.
This is also a way of accessing directory service information. In an Active Directory environment, accessing directory information involves using the Lightweight Directory Access Protocol (LDAP). LDAP protocol runs on top of TCP / IP protocol.
The first thing you need to know about the LDAP protocol is that any name that is set must be distinguished, because nothing is less important about it (it is more important than the root directory access protocol, The protocol is not designed to take advantage of the TCP / IP protocol stack.
Each object in Active Directory is attributed to a distinguished name (often abbreviated as DN). The distinguished name is based on the location of the object within the directory hierarchy. There are many different components in distinguished names but some are common names (abbreviated as CN) and a namespace (DC for short). For example, assume that the Contoso.com domain consists of an account named User1 and this account is located in the Users directory. In such a case, the distinguished name of the user account will be:
CN = User1, CN = Users, DC = Contoso, DC = com
Conclude
In this section, we explained that information stored in Active Directory can be used by extension applications through the LDAP protocol. In the next part of this series we will discuss distinguished names that are related to Active Directory.