Active Directory

A network is created to group computers and other objects into a common ground to share their means. The connected computers provide resources, such as files, folders, (local) printers, DVD players, that other computers can take advantage of. Besides the computers, peripherals such as printers, projectors, fax machines, etc, are made part of the network and shared so their use can be as transparent as possible. The computers, peripherals, users, and other resources that are part of a network are also called objects. The interaction and usefulness of the objects that are part of a network is mainly taken care of by people called users.

Because there can be so many objects in a network, they should be better organized to be able to locate and manage them. To make this possible, the objects are created as a list. The first or top item of the tree is referred to as the root. This main list contains items called nodes. Each main node of the list is considered a category of items. A category can contain its own internal categories also called nodes:

This type of arrangement of a list is referred to as a directory. If you have used Windows Explorer or some web sites such as http://msdn.microsoft.com, you may have seen this type of list in the left frame.

With this type of list, the root or any of its branches can also contain an end item referred to as a leaf. Of course, a list or a category can contain more than one category or more than one leaf:

Notice that the root or a branch may or may not contain a leaf. There is no strict rule about this. The person who creates the list or tree usually decides how it would behave. Still, there rules applied to a directory of this type:

• The most top item is referred to as the root. In most cases there is only one root
• The root can contain one or more branches and the root can contain leaves
• A branch can contain 0, one, or more branches and a branch can contain 0, one or more leaves
• A leaf cannot contain anything. That is, a leaf constitutes an end by its position: it can contain neither a branch nor another leaf

A computer network is a group of computers and resources used by people to do their jobs. The setup and management of the network is transparent to users. On the other hand, the network administrators need to be able to control all or most aspects of the network, such as who is using what, when, and under what circumstances. To make this management effective, Microsoft developed Active Directory, which is a directory of everything that exists in a Microsoft Windows Server 2003 (or, previously, Windows 2000 Server) network. Active Directory not only provides an arrangement of the items that are part of the network but also it provides visual means of managing the items.

In the above illustrations, we introduced items and nodes that are part of a directory. In the Active Directory, to provide a common way of referring to them, each item is called an object. This includes physical people (called users), resources they use (such as printers), and groups that only network administrators are primarily aware of.

In a directory, an object that can contain another object is called a container. From our discussion so far, this means the root and the branches, and not the leaves, are referred to as containers. In Active Directory, you use containers to organize the objects that are part of the network. For example, instead of having information about computers and users at the root or in any branch, you can create containers to group similar objects.