There are many things to consider before implementing a directory service. Regardless of which directory service you choose to use, the beginning process is universal because it all starts with a plan. The first step is to take a thorough look at the network and make several key decisions such how many domains are needed, how to organize the domains into trees and forests, decide how many organizational units to create for each domain. Another consideration is what kind of servers will be used and if the company already has them in place what operating systems are they using. eDirectory can be used on a variety of platforms, but Active Directory is normally used solely on servers running a Windows operating system. Third party programs, such as Centrify's DirectControl, exist however to allow Linux, UNIX, and Mac clients to join Active Directory domains and operate under the same group policies as a Windows client. When designing a deployment plan for a directory service the answer to which directory service to use may become apparent based on the needs of the company and what resources they already have in place.
There are a great many advantages to using a directory service. One advantage is that it provides simplified management of resources by consolidating them all into a single access point and makes them available across the network. Another advantage is that they eliminate the need to have multiple separate user accounts for each different server in a network because the directory is shared on all of the servers. This means that administrators can compile a single list of users and assign them permissions in the directory service and this will carry over to any resource in the network. Having a single list of objects to manage would be a huge help to administrators who already have a lot of manage and it will also assist users because they will have only one user account and password to keep track of. Yet another advantage of using a directory service, such as Active Directory, is that you can organize separate groups of users with different levels of permissions for the purpose of delegation. Corporations with medium to large networks often have entire IT departments; this is where delegation can really take center stage. Using Active Directory, an administrator can assign privileges to lower level administrators in order to share some of the workload without compromising the functionality or security of the network. This can be a huge benefit for a company because they may avoid the possibility of downtime for having to wait while one administrator tries to juggle everything. There are so many advantages to using a directory service that it becomes difficult to see any disadvantages and those that do arise can be easily outweighed by the advantages. An example of this would be the cost of creating the infrastructure, many hours of planning would be needed in addition to purchasing any software needed. This is counteracted by the fact that having a directory service in place can increase the productivity of the users and take some of the burden off of administrators among other things.
Just as it is important to plan the creation of a directory, it is also important to plan for recovery if failure should occur. Performing frequent backups will help ensure that the network is restored quickly with little to no data loss if disaster should strike. When using Active Directory, the Windows Server Backup feature must be installed before performing a backup. Windows Server 2008 offers both manual and scheduled backups. If failure should occur in a domain with a single domain controller that does not have a backup then users would not have access to resources and the entire database would have to be rebuilt manually which could be both time consuming and costly. In a domain with multiple domain controllers, Active Directory will replicate itself to each domain controller providing fault tolerance. If it is necessary to perform a restore from a backup then Active Directory has several options for this. A non-authoritative restore is the default method of restoring Active Directory and it returns a single domain controller to the state it was in at the time of the backup. An authoritative restore is an extended version of the non-authoritative restore. A non-authoritative restore must be performed before an authoritative restore can be performed. An authoritative restore can restore small units without having to restore the entire directory such as in a case where an administrator may accidentally delete an object. Non-authoritative restores can be performed using the Windows Server Backup snap-in. Authoritative restores can only be performed using the Ntdsutil.exe tool. In addition to performing backups, monitoring Active Directory is an important step to take because it can help prevent problems before they occur. Using the Windows Event Viewer and the Reliability and Performance Monitor tools can help find problems before they become major issues. Windows Events Viewer can be used to view error messages and warnings, alerts relating to Active Directory are stored in the Directory Service log. Reliability and Performance Monitor provides real-time information about the server or a specific machine which the user has permissions to, this information can be viewed in different ways such as in charts or graphs. It is important to have a recovery plan in place but prevention can be just as important in order to maintain an efficient working environment.
Directory Services play a key role in the ever expanding world of networking. Because of these services administrators can manage nearly every resource or object in a network in a simple, effective way.