Active Directory
As you know, Microsoft sells several versions of Windows 7: Home Basic, Home Premium, Professional, Enterprise, and Ultimate. One key difference is that computers running the two Home editions can't join a domain.
There are other versions of Windows, however: the specialized ones that run on those domain-controller computers. To create a domain, at least one computer must be running either Windows Server 2003 or Windows 2000 Server. These are far more expensive operating systems (the price depends on the number of machines that they serve) and they run only on high-octane PCs. They also require high-octane expertise to install and maintain.
One key offering of these specialized Windows versions is an elaborate application called Active Directory. It's a single, centralized database that stores every scrap of information about the hardware, software, and people on the network. (The older operating system called Windows NT Server can create domains, but it doesn't include Active Directory.)
After creating a domain by installing Active Directory on a server computer, network administrators can set about filling the directory (database) with information about the network's resources. Every computer, printer, and person is represented by an object in the database and attributes (properties) that describe it. For example, a user object's attributes specify that person's name, location, telephone number, email address, and other, more technical, elements.
Active Directory lets network administrators maintain an enormous hierarchy of computers. A multinational corporation with tens of thousands of employees in offices worldwide can all be part of one Active Directory domain, with servers distributed in hundreds of locations, all connected by wide-area networking links. (A group of domains is known as a tree. Huge networks might even have more than one tree; if so, they're called-yes, you guessed it-a forest.)
The objects in an Active Directory domain are arranged in a hierarchy, something like the hierarchy of folders within folders on your hard drive. Some companies base their directory-tree designs on the organization of the company, using departments and divisions as the building blocks. Others use geographic locations as the basis for the design, or use a combination of both.
Unless you've decided to take up the rewarding career of network administration, you'll never have to install an Active Directory domain controller, design a directory tree, or create domain objects. However, you very well may encounter the Active Directory at your company. You can use it to search for the mailing address of somebody else on the network, for example, or locate a printer that can print on both sides of the page at once. Having some idea of the directory's structure can help in these cases.
In this tutorial:
- Managing Windows 7 in a Domain
- The Domain
- What is Wrong with Workgroups
- The Domain Concept
- Active Directory
- Domain Security
- Joining a Domain
- Windows 7 Offline Domain Join
- Browsing the Domain
- Searching the Domain
- Custom Searches
- Assigning Permissions to Domain Members
- The Double-Thick Security Trick
- Creating a Test Bed
- Creating a Domain
- Installing Windows Server 2008 on vPC
- Configuring a Windows Server 2008 Server
- Promoting a Server to a Domain Controller
- Joining Windows 7 to a Domain
- Authentication vs Authorization
- Authentication
- Authorization
- Built-in Groups
- Organizing Users with Groups
- Group Scope and Group Type
- Creating Users and Groups in a Domain
- Using HomeGroup with a Domain-Based Computer
- Identifying and Resolving Logon Issues
- Hardware vs. Network
- Using Cached Credentials
- Password Expiration
- Determining Logon Context
- Logon Hours Compliance
- Restricting Computer Access
- Time Synchronization
- Understanding User Profiles
- Standard Profiles
- Roaming Profiles
- Implementing Roaming Profiles
- Mandatory Profiles
- Super-Mandatory User Profiles
- Modifying the Default User Profile
- Configuring Settings with Scripts
- Anti-Malware Software
- Microsoft Windows 7 Defender
- Third-Party Anti-malware Software