February 07, 2001, 1:32 PM — How we store and access information is as important as the kind of information we store. Take the case of the Deep Blue vs Kasparov. Much of the "intelligence" that allowed the IBM computer to beat the world's premier chess grandmaster came from Deep Blue's ability to store and quickly access vast quantities of chess moves, and compare their relative merit at extremely high speeds. A more everyday example of this principle is your annual pile of dead tree matter called the phone book. It contains a ton of information, but it's structured in a relatively simple manner, searchable by business, product, or name. A clear and logical organization makes information more accessible, whether you're dialing for pizza or evaluating chess strategies with a supercomputer.
Unfortunately for those of us without a Deep Blue at our disposal, most operating systems vendors traditionally have been lukewarm on the idea of a directory service. It took the hard, groundbreaking work of vendors and organizations like ICL Ltd., Banyan Systems, and the University of Michigan to prove that directory services can play an important role in collating system information across a network.
Better late than never
Microsoft has finally joined the fray, introducing a rival to Novell's NDS. In reviewing a future direction for its existing NetBIOS-based domain system, Microsoft decided to create its own network directory service called Active Directory (AD). This new system will play a central role in the next-generation Windows 2000 platform, but the APIs for it have already been released (in part) for existing Windows NT systems. This availability has allowed software developers to start working on software that utilized AD and ran on existing platforms, though it will still require an AD server running on Windows 2000.
Active Directory borrows very heavily from the model created in the Lightweight Directory Access Protocol (LDAP) system. It then goes beyond that protocol by creating a superlayer that also works with other non-AD directory services, such as NetWare and Windows NT 4.0 domains. However, the core structure of the system mirrors LDAP, and all accesses to AD use the LDAP protocol. So, to understand more about AD, you should first take a look at how LDAP works.
AD and LDAP
The Active Directory API, known as the Active Directory Services Interface (ADSI), allows applications to access the AD system using COM+ objects, direct language-dependent function calls, or scripting interfaces. System administrators do not need an exhaustive knowledge of how ADSI works. For a quick illustration of how AD is integrated with multiple languages, object models, and directory services, take a look at Figure 1.