Active Directory Exposed
A prerequisite read for anyone planning an AD implementation.
- By Thomas Eck
- April 01, 2000
Daniel Blum's Understanding Active
Directory Services is a prerequisite read for anyone beginning
the process of planning an AD implementation in his or her
enterprise. Beginning with chapter 1, the author describes
the definition of a directory and its role in the enterprise.
He presents a chapter-by-chapter roadmap describing the yield
of your reading investment and then dispenses with the overview
material and begins the tour of the AD.
After an excellent overview of LDAP, DNS,
and Microsoft's use of both technologies in the AD, the author
then goes on to present a brief overview of LDAP search mechanisms
and the available APIs for programmatic manipulation of an
LDAP namespace in chapter 2.
Next, he describes the high-level concept
of the Microsoft Windows DNA application architecture to begin
chapter 3. For those interested in how the AD will affect
enterprise development, a reasonable overview of COM, DCOM,
and middleware technologies is also presented.
Blum then keenly describes the AD components
that stray away from the LDAP standards in chapter 4 through
a discussion on domains, trees, forests, and the global catalog.
In chapter 5, the author takes a temporary
departure from the theoretical realm by presenting a high-level
overview of the installation of Windows 2000. However, instead
of continuing on this practical track, the author gives a
good overview of ADSI in chapter 6 but the writing remains
too steeped in theory to adequately describe the robust nature
of the ADSI with sufficient integrity.
In chapter 7, Blum presents some advice
and methodologies you can employ to plan an AD namespace in
your own enterprise, but focuses a bit too heavily on the
importance of directory schema. As a result of this tangent,
a vital element in planning a namespace isn't covered until
chapter 9, causing the reader to lose focus on the importance
of replication in the design of a namespace. Luckily, Active
Directory Replication and Sites are covered in excellent detail
in chapter 8, and the author even includes the often-omitted
topics of meta-directory replication and multi-vendor directory
The security mechanisms found in the AD
are covered in sufficient detail in chapter 9 through careful
attention to trusts, Kerberos authentication and PKI. In the
latter section of chapter 9, the reader is presented with
information on the role security descriptors play on the AD,
which the author aptly uses to segue into a discussion of
inheritance and delegation of authority for Active Directory
objects and attributes.
In its final chapter, the book presents
a valuable mix of theory and practical methodologies you can
use to migrate an existing Windows NT infrastructure to Windows
In addition to the usual glossary and
comprehensive index found within most technical titles on
the shelf, this volume also features a one-sentence summary
of each paragraph found in the text within the margins of
each page. For those short on time, this can be an excellent
way to get a quick understanding of the contents of the text
for later review or to reinforce a concept long after the
chapter was read.
Without a doubt, those in the early stages
of planning an AD namespace will find Daniel Blum's book to
be an invaluable cover-to-cover read.
Thomas Eck, MCSE+I, MCSD, ASE, CCA, CAN, is a
specialist with Perot Systems Corp., currently assigned as
a systems architect, developer and project manager for a major
European investment bank. Thomas is also the author of Windows
NT/2000: ADSI Scripting for System Administration (New Riders).