Active Directory Exposed

A prerequisite read for anyone planning an AD implementation.

• By Thomas Eck
• April 01, 2000

Daniel Blum's Understanding Active Directory Services is a prerequisite read for anyone beginning the process of planning an AD implementation in his or her enterprise. Beginning with chapter 1, the author describes the definition of a directory and its role in the enterprise. He presents a chapter-by-chapter roadmap describing the yield of your reading investment and then dispenses with the overview material and begins the tour of the AD.

After an excellent overview of LDAP, DNS, and Microsoft's use of both technologies in the AD, the author then goes on to present a brief overview of LDAP search mechanisms and the available APIs for programmatic manipulation of an LDAP namespace in chapter 2.

Next, he describes the high-level concept of the Microsoft Windows DNA application architecture to begin chapter 3. For those interested in how the AD will affect enterprise development, a reasonable overview of COM, DCOM, and middleware technologies is also presented.

Blum then keenly describes the AD components that stray away from the LDAP standards in chapter 4 through a discussion on domains, trees, forests, and the global catalog.

In chapter 5, the author takes a temporary departure from the theoretical realm by presenting a high-level overview of the installation of Windows 2000. However, instead of continuing on this practical track, the author gives a good overview of ADSI in chapter 6 but the writing remains too steeped in theory to adequately describe the robust nature of the ADSI with sufficient integrity.

In chapter 7, Blum presents some advice and methodologies you can employ to plan an AD namespace in your own enterprise, but focuses a bit too heavily on the importance of directory schema. As a result of this tangent, a vital element in planning a namespace isn't covered until chapter 9, causing the reader to lose focus on the importance of replication in the design of a namespace. Luckily, Active Directory Replication and Sites are covered in excellent detail in chapter 8, and the author even includes the often-omitted topics of meta-directory replication and multi-vendor directory replication.

The security mechanisms found in the AD are covered in sufficient detail in chapter 9 through careful attention to trusts, Kerberos authentication and PKI. In the latter section of chapter 9, the reader is presented with information on the role security descriptors play on the AD, which the author aptly uses to segue into a discussion of inheritance and delegation of authority for Active Directory objects and attributes.

In its final chapter, the book presents a valuable mix of theory and practical methodologies you can use to migrate an existing Windows NT infrastructure to Windows 2000.

In addition to the usual glossary and comprehensive index found within most technical titles on the shelf, this volume also features a one-sentence summary of each paragraph found in the text within the margins of each page. For those short on time, this can be an excellent way to get a quick understanding of the contents of the text for later review or to reinforce a concept long after the chapter was read.

Without a doubt, those in the early stages of planning an AD namespace will find Daniel Blum's book to be an invaluable cover-to-cover read.