Tag Archives: identity

Identifying Objects in Microsoft Active Directory

Microsoft Windows Server, , , ,

Identity

GUIDs

To be able to uniquely identify objects in Active Directory, Microsoft uses a 128-bit Globally Unique Identifier or GUID. You should note that if you move an object in your AD tree, or even if you rename the object inside of Active Directory, this GUID remains unchanged. There is one important exception to this, and that would be a move across a forest to another forest using something like the Active Directory Migration Tool (ADMT). This situation does not preserve the GUID.

Distinguished Names

We humans are certainly not going to work with GUIDs to identify objects in AD. Fortunately, there is another method of identification called distinguished names (DN). This approach is actually referenced in the LDAP specifications. The DN provides a nice hierarchical path to the object in addition to names. For example, we might have a domain of labs.cbtnuggets.com. The DN would be:

dc=labs,dc=cbtnuggets,dc=com

We also have relative distinguished names (RDN) to identify the object in a parent container. For example, consider this DN:

cn=Admin,cn=Users,dc=cbtnuggets,dc=com

The RDN would be:

cn=Admin

Attribute Types

Notice from our examples above there is an Attribute Type as part of the DN. Here is a list of these Attribute Types:

  • CN = Common Name
  • L = Locality Name
  • ST = State or Province Name
  • O = Organization Name
  • OU = Organizational Unit Name
  • C = Country Name
  • STREET = Street Address
  • DC = Domain Component
  • UID = User ID

AD uses CN, L, O, OU, C, and DC.
Pearson Education (InformIT)

A Brief History of Microsoft’s Active Directory

Microsoft Windows Server, ,

Active Directory

Active Directory Overview

For my latest CBT Nuggets course, you and I are going on an intense exploration of the wonders of Active Directory (AD). AD is a Network Operating System (NOS) that Microsoft originally built on top of Windows 2000! Obviously, with Windows Server 2016 powering many data centers today, this NOS has seen many change and improvements.

The Database

It is fair to think of AD as a sophisticated database. It holds information about your users, groups, computers, printers, and any other objects you need to define in order to make your network thrive. When Microsoft first introduced Windows NT, they were struggling with what to do about a NOS. In fact, the original “domain” concept from Microsoft featured information stored in a flat file structure and constrained administrators to a fixed number of objects they could add to the domain. It is amazing to think about this today with the vastly scalable network architectures of Server 2016.

The key technology that changed everything for Microsoft was the Lightweight Directory Access Protocol (LDAP). Microsoft was so impressed with this open standard for NOS functions they based their own Active Directory on these principles and ensured the compliance of AD with LDAP.

It is no coincidence that LDAPv3 became a reality in 1997 and Microsoft released AD in Windows 2000.

The Database Revealed

While Active Directory presents a hierarchical structure to users and administrators, it is still actually stored in a flat file database structure. Users never see this, however. They see container objects and non-container objects (leaf nodes). The most common container we use today is the OU (OrganizationUnit). These incredibly powerful structures allow us to group similar objects and then apply security and management policies to these devices as a whole.

I hope you are super excited like I am for the Windows Server 2016 Identity course at CBT Nuggets where we will use Hands On Labs to ensure you master all aspects of AD!
Pearson Education (InformIT)