Understanding Directory Services

Novice or experienced network administrator? You need to understand the intricacies of directory services.

• By Warren E. Wyrostek
• August 01, 2000

Whether you're a novice network administrator, a systems engineer with 20 years experience, or a career changer anticipating the rewards of network certification, you need to understand the intricacies of directory services. Understanding Directory Services is a superb, comprehensive overview of the various contemporary directory service implementations and their predecessors.

This book takes the reader through the design, evaluation, assessment, concepts, and terminology of directory service technologies from X.500 to Active Directory Services. In a fair, easy-to-understand format LDAP, DNS, NDS, X.500, and ADS are individually explained and historically delineated. Active Directory Services is not only explained, for example, but the evolution and implementation of ADS from DNS, LDAP, and NT4 is examined in a succinct manner. The authors address each directory service technology in a logical manner with a good balance of description, comparative tables, and professional quality graphics.

In nine, well-designed chapters the authors take the reader from an introduction to directory services to an examination of the architecture and operations of Active Directory. Chapter 1 gives a complete overview of directory services. The operations of directory services within a network are defined, their integration explored and benefits examined.

Chapter 2 discusses the evolution of directory structures. The basic information structures used in directory services are examined, as is directory service operation and design. Application-specific directories, network operating system directories, limited-use directories, general-purpose directories and meta-directories are discussed and compared. A high point of this chapter is the description of physical and logical naming conventions.

Chapter 3 focuses on distributed directory services and the distribution and storage of information. Partitioning and replication are looked at with excellent graphical examples.

Chapters 4 through 6 look at X.500, LDAP, and DNS—one standard per chapter with each chapter building on the previous one. Chapter 4 is the foundation of the three with its discussion of X.500, exploring both the X.500 model and the collection of standards that comprise it. The schema, object definitions, and naming methods are clearly defined.

Chapter 5 explores the world of LDAP, and Chapter 6 the realm of DNS. Through comparative tables the language of X.500 is correlated with LDAP and DNS in their respective chapters. Following the pattern used in the chapter devoted to X.500, the methods and conventions used in LDAP and DNS are presented. These three chapters are the heart of the book.

Chapter 7 presents the business considerations of directory services, helping the reader to evaluate a directory service for a network environment.

Chapter 8 examines Novell Directory Services, NDS, including the latest version NDS 8, while Chapter 9 examines how Microsoft has implemented Active Directory Services. Both chapters cover the core concepts used in their respective directory service technology in an easy to understand fashion. I find the discussion of NDS and ADS a must read for anyone wrestling with deploying a directory service in a network environment.

The main weakness of the text is the placement of chapter 7 between the heart of the book and the discussion of NDS and ADS—a position that seems disjointed. This chapter should either be the concluding chapter or come before the presentation of the X.500 material.

As the whole, this is the best overview text I have found on the topic of directory services in a network environment, and have recommended it to my clients and students without reservation. I would also highly recommend it to all network professionals who are encountering or who will be encountering directory services in their network environments.