Domain Concept in Microsoft Windows Server 2003, the domain means is “a centralized territory.” You can control objects within a domain together. According to Microsoft, a domain is a logical group of computers with a common database of accounts. These accounts are managed and secured together under the domain controller. Domains provide authentication and account management.
Idea of domains was introduced in 1993 when NT 3.1 released. Prior to the advent of Windows NT 3.1 and Windows for Workgroups, all machines were configured in a workgroup network. This is an inefficient way of doing things. It consists of one or more domain controllers (DCs), member servers, workstations, users, and groups. All domain controllers share a common Security Account Manager (SAM) database. Each domain controller holds its own copy of the SAM database, but there is only one writeable copy of the SAM database that is stored on the Primary Domain Controller (PDC), which is the first domain controller created in the domain. All other domain controllers are considered backup domain controllers (BDCs) and hold a readonly copy of the SAM. Whenever changes to the SAM database are made, they are made to the PDC and then replicated to the BDCs. This design is called a single master replication model. Member servers and workstations can be “joined to the domain. User and group accounts are also created within the domain, which allows management and the ability for users to use one user account to access everything they need.
Windows 2000 & Server 2003 Domains
There are several differences between NT and Windows 2000/Server 2003 domains. Such as, domains no longer use a single master replication model. No more PDCs and BDCs. All domain controllers are equal. However, there are several different operations master roles that can be assigned to different DCs. These domains use multimaster replication model, in which all DCs can read and write to their copies of the database. This eliminates the PDC as a single point of failure.
Another important difference is, instead of the SAM database, Windows 2000/Server 2003 domains store this information in the Active Directory, which I’ll discuss soon.
Directory services have been a popular buzzword since the development of directory services standards. Operating systems even have their own directory services. One of the first network operating system directories was Banyan VINE’s StreetTalk, which could be added onto Windows NT to provide a full edged directory service. Directory services can be used to store information, like account authentication information.
What Are Directory Services?
Like a telephone directory, product catalogs, and others in print form, a directory service should include a set of rules to follow and a set of rules on how to store those objects. So a directory service is a way of storing information in a directory so that it can be retrieve easily. You should be able to add and remove from directory service as things change.
In computer networking, a directory service is a network-wide database that stores information including users, files, printers, and other applications.
The directory service functions as a central point of management for the network OS, and assists in locating information or objects on the network. It can store authentication credentials, user profiles, network configuration, and many more. The rules those control information format and how it is stored are located in a schema, which can be modified on your organization’s requirement.
Directory service includes the following basic components:
History of Directory Services
Some of the first electronic directories were DNS and WHOIS. Later, application directory services appeared in e-mail products such as Microsoft Exchange, Novell GroupWise, Lotus cc:Mail, and in online directory services functioning as electronic phonebooks such as Four11, Switchboard, and BigFoot. The most recent type of directory services to show up are network operating systems (NOS) directory services such as Novell Directory Services, Banyan VINES, and Microsoft Active Directory.
Directory Services Standards
Most directories in use today are based on the X.500 standards. The X.500 standards are recommendations published by the ISO and International Telecommunications Union (ITU). Standard can makes compatibility between different products possible. If two separate vendors use the same model for directories, then data sharing between directories should be possible. X.500 defines the standards for schema creation, attributes definition, and data organization.
NT Directory Service
It is not as structured and full-featured as the Active Directory. Windows NT’s directory service (NTDS) enables users to be identified and provides access to resources. It also allows an administrator for central management. So NTDS was based on the domain concept. It contained users, groups, and computers. However, it was a database, a hierarchical structure of more complex directories such as NDS and Active Directory.
Active Directory (AD) first used in 2000 Server and is based on the X.500 standards. It has been improved and is still in use in Windows Server 2003. AD is also hierarchical in design but doesn’t use the structure of NTDS. This allows logical separation within the directory for organization and management. AD allows customizing your directory within an intuitive structure for your requirements. It still uses the concepts of domains, but it changes the ways of working. In addition to domains, AD uses additional structural elements such as domain trees, forests, and organizational units (OUs) for directory organization.
Written by: Fahad Bin Ali KhilGi