Chapter 21. Domains and Directory Services


  • Learning what a directory service is

  • How information enables intelligent network applications

  • Directory services organize networks into domains

  • Microsoft Active Directory

Directory services play a central role in the current network operating systems' client-server architecture. They provide a name service, store information about objects on the network, and allow this information to be propagated to other servers and applications. There are many directory services in use today, and modern networks use them heavily.

The smallest fundamental unit in a directory service is the domain. A domain is a collection of systems that share the same security database. Domains can be of various types and contain elements such as organizational units, user and machine accounts, and other objects that can be addressed using a unique Distinguished Name.

Most modern directory services are based on the X.500 standard. The LDAP version of X.500 was created for TCP/IP networks and is used for most of the products that are available today. The different directory services and their characteristics will be described. Among the features presented are policy engines, replication and synchronization, single sign-on, namespaces, identity management, and role-based access control.

Microsoft Active Directory (AD) is the best known and most widely used directory service. AD was built to store objects of various kinds, and includes aspects of security properties. ...

Get Networking Bible now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.