Hot skills: Microsoft Active Directory

Skills for IT professionals

What is it?

Active Directory is Microsoft's implementation - with proprietary extensions - of the Lightweight Directory Access Protocol (LDap), itself a commercial implementation of the ITU-TS X.500 Directory Access Protocol.

It provides centralised and secure authorisation, authentication and management of network users and groups, services such as messaging and other applications, and resources such as printers. Administrators use it to apply security and other policies, and to deploy software. Updates, patches and the latest versions of anti-virus controls can be installed from a central console.

It includes Active Directory Application Mode (Adam), a lightweight version which provides directory services for applications and uses the same application programming interface. Adam changes to Lightweight Directory Services in Windows Server 2008.

Where did it originate?

The origins of Active Directory lie in NT Directory Services, first seen in 1996. The first public version, released with Windows Server 2000, was greeted as robust and feature-rich, but lacking in management tools, and with a high cost of ownership. These problems were addressed in the Windows 2003 version, which also tackled replication and syndication between domain controllers.

What's it for?

The Windows 2008 version builds on improvements introduced with Windows 2003, but with a new emphasis on identity and rights management services, digital certificates, and federation services, which extend directory services to trusted customers and partners. Like Adam, a number of features and services have been renamed.

What makes it special?

Many of the "highlights" of the Windows 2003 version were simply fixing the shortcomings of the Windows 2000 version, but there were still many limitations. A lot of the improvements in the Windows 2008 version involve making Active Directory far more flexible, with features such as fine-grained password policies, better auditing of directory service changes, restartable domain services, and the read-only domain controller for remote sites and branch offices.

How difficult is it to master?

Active Directory professionals will need to replace their Windows 2003 MCSE with a Windows 2008 Microsoft certified technology specialist qualification. The upgrade course takes five days, followed by one exam, which results in three separate certifications: Active Directory configuration, network infrastructure configuration and application platform configuration.

What systems does it run on?

Mainly Windows, but it is also used to manage Unix and Linux. Some Linux versions offer a level of Active Directory integration, and there are third-party integration products.

What's coming up?

Windows Server 2008 will feature an improved version of Active Directory. Download Microsoft's poster showing the forthcoming features, by searching online for "Windows Server 2008 Active Directory components".

Read more on IT for small and medium-sized enterprises (SME)