Active Directory provides a central locationfor network administration and security. Server computers that run Active Directory are called domain controllers. An AD domain controller authenticates and authorizes all users and computers in aWindows domain type network—assigning and enforcing security policies for all computers and installing or updating software. For example, when a user logs into a computer that is part of a Windows domain,Active Directory checks the submitted password and determines whether the user is a system administrator or normal user.
Active Directory makes use of Lightweight Directory Access Protocol (LDAP)versions 2 and 3, Kerberos and DNS.
An Active Directory structure is a hierarchical arrangement of information about objects. The objects fall into two broad categories: resources (e.g., printers)and security principals (user or computer accounts and groups). Security principals are assigned unique security identifiers (SIDs).
Each object represents a single entity—whether a user, a computer,a printer, or a group—and its attributes. Certain objects can contain other objects. An object is uniquely identified by its name and has a set of attributes—the characteristics and information thatthe object represents— defined by a schema, which also determines the kinds of objects that can be stored in Active Directory.
The schema object lets administrators extend or modify the schema whennecessary. However, because each schema object is integral to the definition of Active Directory objects, deactivating or changing these objects can fundamentally change or disrupt a deployment. Schemachanges automatically propagate throughout the system. Once created, an object can only be deactivated—not deleted. Changing the schema usually requires planning.
A Site object in...