Windows 7 / Networking

---

Windows Server 2008 Active Directory Network

A domain-based network is a network that uses Microsoft's Active Directory. Active Directory is a single, distributed database that contains all the objects within your network. Some of these objects are user accounts, group accounts, and published objects (folders and printers).

The first of many advantages to Active Directory is centralized management. As we just stated, the Active Directory database contains all the network information within a single, distributed data repository. Because these objects are all located in the same database, an administrator can easily manage the domain from one location.

Another major advantage to using Active Directory is domain security. An administrator has the advantage of creating a single username and password for all users within the domain. This password can be used to access all resources that an individual has the proper rights to access. An administrator can determine, based on job function or position, which files or folders a user can obtain. In our peer-to-peer example, you needed to create 100 accounts. Now with a domain, you need to create only 10 accounts.

An Active Directory structure is made up of one or more domains. A domain is a logical grouping of objects within your organization. For example, if we had the Stellacon.com domain, all users in that domain should be members of the Stellacon.com organization. The objects that are contained within a domain do not need to be in the same physical location. Domains can span the entire globe even though they are part of the same organization.

One of the advantages to using domains is the ability to have child domains. A child domain is a subdomain of another domain. You can build child domains based on physical locations, departments, and so forth.

Microsoft domains are represented as triangles. It is important to remember that when looking at any Microsoft websites or white papers.

One of the benefits of creating child domains is scalability. Active Directory has the ability to store millions of objects within a single domain, but child domains give you the flexibility to design a structure layout that meets your organizational needs.

When setting up child domains, the parent and child domains already establish a trust relationship. Trusts allow users to be granted access to resources in a domain even when their accounts reside in a different domain. To make administration of trust relationships easier, Microsoft has made transitive two-way trusts the default relationship between domains. This means that, by default, all domains within the same forest automatically trust one another.

The last Active Directory advantage that we discuss is an extensible schema. The Active Directory schema is the attributes of the database. For example, when you create a new user using the Active Directory Users and Computers snap-in, the system asks you to fill in the user's first name, last name, username, password, and so forth. These fields are the attributes of Active Directory and that is the schema. An administrator has the ability to change or expand these fields based on organizational needs.

The major disadvantage to an Active Directory model is cost. When setting up an Active Directory domain, an organization needs a powerful enough machine to handle the Windows Server 2008 operating system. Also, most companies that decide to use a domain-based organization will require the IT personnel to manage and maintain the network infrastructure.

In the next section we look at some of the server terminology that we use in the remainder of this tutorial.