Network basics: Part 9 - Information about Active Directory

In the last part of this article series, I have talked about Active Directory and how it works with network domain controllers. In this section, we will continue to introduce it to you

Brien M. Posey

In the last part of this article series, I have talked about Active Directory and how it works with network domain controllers. You also learned from the previous sections that Active Directory is basically a database consisting of many different objects such as user accounts and computer accounts. In this section, I will continue the discussion by showing you how Active Directory is structured. If you have ever used Microsoft Access or SQL Server, you can completely open the database and observe the entities within it. However, no administrative tools used to manage Active Directory can show you the entire Active Directory database. Instead, Microsoft has provided a number of different tools that correspond to a specific area of ​​the database. For an administrator, the commonly used administrative tool is the Active Directory Users and Computers console.

You can access the Active Directory Users and Computers console from a Windows Server 2003 domain controller by selecting Active Directory Users and Computers from the Start menu / All Programs / Administrative Tools of the server. Its interface is shown as what you see in Figure A.

Network basics: Part 9 - Information about Active Directory Picture 1Network basics: Part 9 - Information about Active Directory Picture 1
Figure A: Active Directory Users and Computers interface is a tool
The main administrator for managing Active Directory objects.

We will discuss the process of creating or editing Active Directory objects later, now we will take a closer look at this interface because it helps us explore a bit of the structure of Active Directory. If you look at Figure A, you will see that there are a number of large directories, each of which corresponds to a specific type of object. Each object in Active Directory is assigned an object type (known as the object class).

Each object also has some related properties. Specific properties vary depending on the type of object.

For example, the Users folder contains user accounts, all classified as user objects, as shown in Figure B. If right-clicking on one of these user objects and selecting Properties from the right-click menu, You will see the object's properties sheet (as shown in Figure C).

Network basics: Part 9 - Information about Active Directory Picture 2Network basics: Part 9 - Information about Active Directory Picture 2
Figure B: Users folder contains user accounts,
All are classified into user objects.

Network basics: Part 9 - Information about Active Directory Picture 3Network basics: Part 9 - Information about Active Directory Picture 3
Figure C: When right-clicking on a user object and selecting
Properties, you will see the user properties page.

If you look at Figure C, you will see that there are a number of different information fields such as name, last name, phone number . Each of those fields corresponds to an attribute of an object. Although most of the fields in the image are uncommon, in some real situations these fields can be used to create collaborative folders. In fact, many applications are designed to extract information directly from Active Directory. For example, Microsoft Exchange Server (Microsoft's e-mail server product) creates a global address list based on the content of Active Directory. This list is used when sending email notifications to other users in the company.

If you look at Figure D, you will see a screen in which we performed a search with the name Hershey, and Outlook returned the entire Global Address List global address list, including Hershey. Not surprisingly, this is just a result. If you look at the results section of the window, you will see where Outlook displays the user's title, business phone number and the location where that field is popular. All this information is taken from Active Directory.

Network basics: Part 9 - Information about Active Directory Picture 4Network basics: Part 9 - Information about Active Directory Picture 4
Figure D

If you want to see more detailed information about the user, right-click on the user's name and select Properties. When the window like Figure E is displayed. Remember that this is not an admin screen. This is simply a screen that any user in the company can access directly through Outlook 2007 to find information about other employees.

Network basics: Part 9 - Information about Active Directory Picture 5Network basics: Part 9 - Information about Active Directory Picture 5
Figure E: View Active Directory information directly through Microsoft Outlook

After all, Outlook is a Microsoft product, so it only makes sense that Outlook will be able to retrieve information from Active Directory, part of another Microsoft product. However there are many people who do not realize one thing, which is quite easy for anyone with the proper permission to retrieve information from Active Directory. In fact, there are many third-party products designed to interact with Active Directory. One of them has the ability to store data in special Active Directory sections.

The reason it is reasonable for you or with third party software vendors when interacting with the Active Directory is because the Active Directory is based on a known standard. The Active Directory is based on a standard called X.500. This standard is basically a generic way of implementing directory services. Microsoft is not just a directory creation service company based on this service, but Novell also initially created the NetWare Directory Service directory service on this standard.

This is also a way of accessing directory service information. In an Active Directory environment, accessing directory information involves using the Lightweight Directory Access Protocol (LDAP). LDAP protocol runs on top of TCP / IP protocol.

The first thing you need to know about the LDAP protocol is that any name that is set must be distinguished, because nothing is less important about it (it is more important than the root directory access protocol, The protocol is not designed to take advantage of the TCP / IP protocol stack.

Each object in Active Directory is attributed to a distinguished name (often abbreviated as DN). The distinguished name is based on the location of the object within the directory hierarchy. There are many different components in distinguished names but some are common names (abbreviated as CN) and a namespace (DC for short). For example, assume that the Contoso.com domain consists of an account named User1 and this account is located in the Users directory. In such a case, the distinguished name of the user account will be:

CN = User1, CN = Users, DC = Contoso, DC = com

Conclude

In this section, we explained that information stored in Active Directory can be used by extension applications through the LDAP protocol. In the next part of this series we will discuss distinguished names that are related to Active Directory.

5 ★ | 1 Vote