Chapter 5. Active Directory

In Windows NT, administrators were introduced to the concept of domains. Active Directory Domain Services (AD DS) builds on that concept by creating a dynamic, easily accessible structure through which directory and management information can be stored and accessed centrally throughout an organization. By using AD DS, you create a structure for managing your equipment and the people who use that equipment, which is a helpful feature for all but the smallest of operations.

By using Active Directory as a whole, you have access to several cool management tools, including Group Policy (GP), the ability to put groups inside groups multiple times, and an online directory of users, computers, printers, and contacts that you can access easily through the Windows user interface. Although you certainly can operate a Windows-based network without Active Directory deployed in some form, you lose out on a lot of functionality. You will learn about these tools in this chapter and the next.

In this chapter, I'll introduce you to Active Directory and its concepts, walk you through the process of building an AD DS domain and tree structure, guide you through the process of managing domain users and groups, and discuss in detail the process of directory content replication. I'll also discuss different roles that domain controllers take in an AD DS environment, the importance of time synchronization and how to accomplish it, and how to keep your AD DS deployment in tiptop ...

Get Windows Server 2008: The Definitive Guide now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.