ADS Active Directory Service (Farsi User Guide)
Resource: Windows 2000 Server Resource kit Distributed Systems Guide

> Part2 > ADS > Part 1 > Active Directory Data Storage > Data Storage > Directory Tree

Directory Tree

Directory Tree نمایان کننده سلسله مراتب و ساختار درختی Object ها در یک Forest مشخص می باشد .

برای تمامی Object های درون Active Directory  اطلاعاتی درمورد Parent-Child آنها ذخیره شده .هر Object دقیقا یک Parent دارد.

بدلیل داشتن Parent برای هر Object یک فرم یا ساختار درختی ایجاد می شود که این رابطه بین Class ها و Object ها را ایجاد می کند .

Object های ساکن در Active Directory  این ساختار را ایجاد می کنند و توسط قوانین موجود در Schema این ساختار دارای قانون می شود

مثلا مشخص می شود که کدام Class مربوط به Object اجازه دارد که رابطه منطقی با دیگر Object ها داشته باشد.یا در واقع ساخته شود در دیگر Object ها .

 

Directory Tree دارای یک سری محدودیت و نیازمندیها می باشد .که در زیر شرح داده می شود .

1.هر Domain دارای یک سری Object and Class می باشد که فقط می تواند Child دیگر Domain ها باشد برای مثال نمی تواند Child یک OU باشد.

2.Directory Root یا در اصطلاح RootDSE یک تصویر خیالی از ساختار درختی Domain می باشد

بنابراین خود آن دارای Class در Schema نمی باشد.

و تشکیل Root برای Directory می دهد که نمایان کنند ساختار درختی می باشد تا شما متوجه شوید

با کدام  Domain Controller به آن Connect می باشید .

RootDSE : RootDirectory-Specific Entry

3.پایین Root تمامی Directory هایی که وجود دارد یک Root Domain دارند .اولین Domain ساخته شده همیشه Forest می باشد .

هر Domain همیشه دارای Child container می باشد .برای اطلاعات بیشتر در مورد Container بر روی آن کلیک کنید .

این Child container دارای Configuration Data می باشد .

Configuration Data مربوط به اطلاعتی در مورد all services, sites, and other domains-partitions درون Forest می شود

خود Configuration Data دارای یک Child container می باشد به نام Schema.

Domain

            |

             --- Configuration

                                        |

                                          --- Schema

 

RootDSE

نمایان کننده ساختار درختی Domain و نیز نمایان کننده NameSpace مربوط به DC مورد نظر می باشد  و همچنین 

نمایان کنند ساختار Tree از بالا به پایین LDAP می باشد . این اطلاعات  فقط مربوط  می شود به یک Root که در Directory

که DC در آن وجود دارد یعنی اینکه اطلاعات ذخیره شده در Root موجود در Directory که DC به آن Connect شده در این

قسمت وجود دارد .اطلاعات Attribute موجود در RootDSE توسط  دو قسمت مجزا شناسایی می شود یک Directory Partitions که تشکیل شده از

domain, schema, and configuration directory partitions و دوم Forest Root Domain Directory Partition این دو

بکمک هم اطلاعات RootDSE را تشکیل می دهند درنتیجه می توان گفت که RootDSE یک Table Of Content از اطلاعات می باشد برای یک DC

The rootDSE publishes information about the LDAP server, including what LDAP versions it supports, supported Simple Authentication and Security Layer (SASL) mechanisms, and supported controls, as well as the distinguished name (DN) for its subschemaSubentry.
 
 

RootDSE جمع آوری می کند اطلاعاتی در مورد LDAP Server که این اطلاعات تشکیل شده از Version آنها SASL و Supported Controls و ...

 

SASL : Simple Authentication and Security Layer

 
subschemaSubentry   The name of a subschema entry, which is used to administer information about the schema; in particular, the object classes and attribute types that are supported. (For more information about subschemaSubentry, see "Active Directory Schema" in this book.)

namingContexts   Naming contexts (directory partitions) that this server masters (stores as a writable replica) or shadows (stores as a read-only replica). This attribute allows a client to choose suitable base objects for searching when the client has contacted a server.

supportedControl   Object identifiers that identify the LDAP controls that the server supports. If the server does not support any controls, this attribute is absent.

supportedSASLMechanisms   The names of the SASL mechanisms that the server supports. SASL is a standard for negotiating an authentication mechanism and (optionally) an encryption mechanism. If the server does not support either type of mechanism, this attribute is absent.

supportedLDAPVersion   The versions of LDAP that the server implements.

supportedExtension   Object identifiers (known as "OIDs") that identify the supported extended operations that the server supports. If the server does not support any extensions, this attribute is absent. This attribute is absent by default for Active Directory servers.

altServer   The values of this attribute are URLs of other servers that can be contacted when this server becomes unavailable. If the server does not know of any other servers, this attribute is absent. This attribute is absent by default for Active Directory servers.

در اینجا باید گفت که اطلاعاتی که در زیر شرح داده شده برای RootDSE اولویت دارند برای نگهداری و ذخیره سازی آنها .

currentTime. The current time in the generalized time format.

dsServiceName. NTDS settings.

defaultNamingContext. The default naming context (directory partition) for a particular server. This value is the distinguished name of the domain directory partition for which this domain controller is authoritative.

schemaNamingContext. The naming context (directory partition) for the forest schema.

configurationNamingContext. The naming context (directory partition) for the forest Configuration container.

rootDomainNamingContext. The distinguished name for the domain naming context (directory partition) that is the first domain that was created in this forest. This domain functions as the forest root domain.

supportedLDAPPolicies. Supported LDAP management policies.

highestCommittedUsn. Highest update sequence number (USN) committed to the database on this domain controller. (For information about update sequence numbers, see "Active Directory Replication" in this book.)

dnsHostName. The DNS name of this domain controller.

serverName. The fully qualified distinguished name for this domain controller.

supportedCapabilities. The object identifier value (1.2.840.113556.1.4.800) that indicates the additional capabilities of an Active Directory server, such as dynamic update, integrated DNS zones, and LDAP policies.

LdapServiceName. The service principal name for the LDAP server, which is used for mutual authentication.

isSynchronized. Boolean indicator for whether the domain controller has completed its initial sync with replica partners.

isGlobalCatalogReady. Boolean indicator for whether the domain controller is prepared to advertise itself as a Global Catalog.

For more information about rootDSE and rootDSE attributes, see the Request for Comments (RFC) link on the Web Resources page at http://windows.microsoft.com/windows2000/reskit/webresources. Follow the links to RFC 2251 and RFC 2252.

برای اطلاعات بیشتر درمورد RootDSE  به Link بالا رجوع کنید و RFC: 2251,2252

تذکر شما می توانید ازدو ابزار جالب برای تماشای Attribute ها موجود در RootDSE استفاده کنید الیته امکان Edit نیز دارید .

این دو ابزار ADSIEDIT.MSC و LDP.EXE می باشند .اگر تجربه کار با این ابزار ها را ندارید موردی را تغییر ندهید .ولی حتما برای نمایش امتحان کنید .

به مثالهای زیر در مورد این دو ابزار دقت کنید .

To use ADSI Edit and Ldp, install the Support Tools that are located in the Support\Tools folder on the Windows 2000 Server operating system CD. To install the tools, double-click the Setup icon in that folder. For more information about using ADSI Edit and Ldp, see Microsoft Windows 2000 Support Tools Help. For information about installing and using the Windows 2000 Support Tools and Support Tools Help, see the file Sreadme.doc in the Support\Tools folder of the Windows 2000 operating system CD.

To view rootDSE properties by using ADSI Edit

  1. In ADSI Edit, right-click the ADSI Edit icon, and then click Connect to.
  2. To connect to a different domain controller from the default domain controller (the domain controller for the domain to which you are logged on), click Select or type a domain or server, and then type a domain name or server name.
  3. Under Connection Point, click Naming Context.
  4. In the Naming Context list, click RootDSE and then click OK.
  5. Expand the RootDSE [ServerName] node.
  6. Right-click the RootDSE folder, and then click Properties.
  7. In the RootDSE Properties dialog box, view a property value by selecting the property in the Select properties to view box.

You can use ADSI Edit to view one rootDSE property value at a time. To view the entire list of properties and their values, use Ldp.

Ldp.exe is a graphical tool that you can use to perform LDAP operations, such as connect, bind, search, modify, add, and delete, against any LDAP-compatible directory, such as Active Directory. When you use Ldp to connect to a domain controller, the tool displays a list of the rootDSE attribute values that are stored on the domain controller to which you connect.

Note

You can open Ldp in any of the following ways: from the Windows 2000 Support Tools menu by selecting Active Directory Administration Tool; from the Run dialog box by typing ldp; or from a command prompt by typing ldp.

To connect to a domain controller and view rootDSE attributes by using Ldp

  1. In Ldp, on the Connection menu, click Connect.
  2. In the Server box, either use the current domain controller name or type the name of the domain controller to which you want to connect.
  3. In the Port box, type the port number that you want to use.

    Port 389 is the default port for LDAP; port 3268 is the default port for the Active Directory Global Catalog.

  4. Click OK.
ld = ldap_open("sea-rk-dc-01", 389);
Established connection to sea-rk-dc-01.
Retrieving base DSA information...
Result <0>: (null)
Matched DNs:
Getting 1 entries:
>> Dn:  =====> distinguished name (DN) 
1> currentTime: 10/1/1999 15:49:25 Pacific Standard Time Pacific Daylight Time;
1> subschemaSubentry: CN=Aggregate,CN=Schema,CN=Configuration,DC=reskit,DC=com;
1> dsServiceName: CN=NTDS Settings,CN=SEA-RK-DC-01,CN=Servers,CN=Default-First-Site-Name,
CN=Sites,CN=Configuration,DC=reskit,DC=com;
3> namingContexts: CN=Schema,CN=Configuration,DC=reskit,DC=com; CN=Configuration,DC=reskit,
DC=com; DC=reskit,DC=com;
1> defaultNamingContext: DC=reskit,DC=com;
16> supportedControl: 1.2.840.113556.1.4.319; 1.2.840.113556.1.4.801; 1.2.840.113556.1.4.473;
1.2.840.113556.1.4.528; 1.2.840.113556.1.4.417; 1.2.840.113556.1.4.619;
1.2.840.113556.1.4.841; 1.2.840.113556.1.4.529; 1.2.840.113556.1.4.805;
1.2.840.113556.1.4.521; 1.2.840.113556.1.4.970; 1.2.840.113556.1.4.1338;
1.2.840.113556.1.4.474; 1.2.840.113556.1.4.1339; 1.2.840.113556.1.4.1340;
1.2.840.113556.1.4.1413;
2> supportedLDAPVersion: 3; 2;
11> supportedLDAPPolicies: InitRecvTimeout; MaxConnections; MaxConnIdleTime;
MaxActiveQueries;MaxNotificationPerConn; MaxPageSize; MaxQueryDuration;
MaxTempTableSize; MaxResultSetSize; MaxPoolThreads; MaxDatagramRecv;
1> highestCommittedUSN: 191396;
2> supportedSASLMechanisms: GSSAPI; GSS-SPNEGO;
1> dnsHostName: SEA-RK-DC-01.reskit.com;
1> ldapServiceName: reskit.com:sea-rk-dc-01$@RESKIT.COM;
1> serverName: CN=SEA-RK-DC-01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,

CN=Configuration,DC=reskit,DC=com;

1> supportedCapabilities: 1.2.840.113556.1.4.800;
1> isSynchronized: TRUE;
1> isGlobalCatalogReady: TRUE;

در ادامه بخش بعدی  Directory Partitions را که در ادامه همین بخش می باشد مطالعه  کنید .

 

ADS Active Directory Service (Farsi User Guide)

LastUpdate:2005/04/05

> Part2 > ADS > Part 1 > Active Directory Data Storage > Data Storage > Directory Tree