Study On Domain Structure And Active Directory Computer Science Essay

Published: Last Edited:

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.

At first I will start talking about domain structures. Active Directory is a service which will be used by managing these installed network domain structures, so it makes sense to handle it as second. At first we should ask the question what a domain is.

You can find a domain structure in every bigger network. Domains are helping the administrator to split off the whole network into parts, which can be managed easier. Also there are a lot of other reason why domains are helpful and important for administrating a network. But before we start there is the question how to imagine a domain. Domains are not something like hardware or software. It is a concept to manage and structure the PC`s, Servers and other peripherals in a company's IT-environment.

Domains defines groups of PC`s in all its variations. If you want to build a connection between two workstations you don't need a domain. You only have to give attention about the given IP declaration and the subnet mask of your PC`s. So now you can find both PC`s in the network. A Workgroup's only function is to sort the PC`s in a network. PC`s with the same workgroup could be found in the nearer surrounding. Domains are at a higher level as workgroups but they have on principle the same functionality like a workgroup. But you have a great difference of options to the workgroup to work with the network. One of them is the possibility of using Active Directory we will handle later.

I think we understood what a domain is. Now we can ask what advantages domains entail.

At first security should be mentioned here. There is no possibility to protect a workgroup in a network. With a domain structure you can install firewalls for protection of internet attacks, log-on scripts, proxy-server and gateways for inner security. As a hacker in workgroups I only need the passwords of the computers I want to infiltrate. The other advantage is the better overview about the whole network. Normally a big company has many different sectors with their own data and databases. If we have only one big domain we would have several managing problems. Also a proxy server and similar systems have a limited capacity. If this limit overruns you would have many queues at these systems which means the connection speed is heavily broken down for all computers in the network.

So the administrator often splits off the root domain differencing between the several sectors. The root domain is the domain where every other domain is scripted to. These other domains were called sub domains.

Until here we understood that the highest domain (root domain) concludes all sub domains existing in the company's network. The upcoming request should be how these sub domain can exchange data streams. Between the sub domains there is a trusting relationship. The gateway between the several domains includes the necessary information for these so called "trusts". A "trust" is data request from a sub domain up to the gateway connecting the domain which includes the workstation keeping the asked data. Now the gateway has to check his profile list if the domain of the asking workstation is scripted to. If yes the question gets its answer otherwise it would be declined. Mostly the trusts were programmed to connect both ways. But in some cases it could be that questions only in one way work. This makes sense if you have e.g. a head office sub domain and a standard sector domain. If the trust is programmed in only one way the clients of the head office always have access to the data from the sector domain but other way the questions from the sector domain would be declined. So these trust relationships are helpful for inner data security, because you don't need additional passwords to protect several data within the network. The normal way would be that the domain controller sitting in ever domain requires usernames and password to access the request. These domain controllers do not disappear, but the log-on procedure is obsolete.

The end effect of this construction is that all domains act together like a single root domain, but you have much more capacity and more security.

The procedure was used over the last years under NT4 server operation systems.

But with the appearance of Windows 2000 server a new management service came along. It is called Active Directory. The Active Directory stores many interesting objects in a network. It simplifies the administration and the search for resources. With its introduction many useful and simplifying services were implemented into administration work. Services like the possibility to manage a Global Directory or Single Log-On all bounded together into Active Directory.

It will be installed like other services while installation of Windows 2000 server.

If installed now every client in the network has instead access to all data resources in the whole network as long as the trust relations guarantee the requests. Also the number of trust transactions is screwed down to a minimal times. Before in NT4 networks you had round 10 times more transactions than now. The performance speed is much higher and you need less hardware. How does it work is the next question? The secret is that Active Directory uses information replications which will be sent to all domain controllers in the whole network as soon an user identification has changed. The update time can be set by the administrator. Normally it isn't much higher than 10 minutes. Under NT4 every domain was in trust relation with all other domains. There were always trusts in both ways, so you had a bad overview about the domain structure and many trusts to manage. With Active Directory the solution is more logical. This could be explained in a little example: If domain 1 is in trust with domain 2 and domain2 in trust with domain 3, then must be domain 1 in trust with domain 3 too. In NT4 networks this action demanded a lot of trust which must be given until it found its destination, because the request had to move from one domain controller to the next. Now you have access within seconds, because every domain controller has the updated log-on script saved in his memory and the trust can given on direct way. This explains why the number of trust has been shrinked. Global Directory works on the same principle. A Global Directory is a database including information about all employees in company. Information like telephone, email and position etc. This database will be freshen up regularly and replicated to all domain controllers in the network. So if somebody uses the search mask of Global Directory, the request can be answered by its own domain controller.

At least you can say that Active Directory mainly controls the synchronization of identification databases within the whole network. The effect for the user is you need only one password and login name at all and in addition long waiting time and queues belong to history.

But Active Directory isn't only for synchronization. There were many others advantages shown in the picture below:

We talked the most time about security and domain connecting. Surely this is in my opinion the most important advantage of Active Directory. Now let me tell some words about administrating a network with the help of AD.

After building up a big network the main office of an administrator is to manage the accounts of all users. Before I spoke about Global Directory. This directory contents information of all co-workers in company. But it doesn't contents any information about their profiles. So the administrator needs an exclusive catalogue for managing these profiles. Profiles includes the network information and privileges of any client. Here Active Directory is helping too. With these catalogue the Single Log-On function had been made possible, because here were all necessary information saved. Of course this catalogue will be replicated and sent to all other domain controllers in network as soon it has changed.

Also Active Directory leads another catalogue about all computers, servers, notebooks and printers connected to the network. It is not only the user who has to log on into the network, the computer he uses must be scripted to domains too.

Active Directory is using three different catalogues: Global Directory which can be used by every registrated client connected to the network and also account and computer catalogues designed only for the administrator. With these options a lot of secondary functions which were listed in the picture below can be used.

At least we would like to have a view to the future. Actually domains and Active Directory were involved in every bigger network. But the trend is going away from many sub domains. With new technologies like Active Directory a splitted network hasn't such a meaning like in earlier times. The new trend is going to install a standard workstation system on every client system in the company's network. These means that every user has the same programs and installations on his workstation. It introduces the possibility of using new managing systems like SMS-Server of Microsoft with its help software of all types can be installed on every networks computer in the whole system within a few minutes from the administrator's chair. On this way much time can be saved and time is knowingly money. Also new hardware has much more capacity and so domains can be hold bigger.

Because of the introduced advantages of Active Directory all sub domains are acting like one together. So why install further sub domains in future if only one will be needed?