What is Active Directory? 2

[elcephus]

Yes, the age old question - What exactly is active directory? From what I can gather is just a collection of directories and their services, along with a copy of the GC that makes a server an Active Directory sever. Would it be fare to call A Domain controller an Active Directory or would the DC need to have the Global Catalog as well? Or am I missing it all together.

The reason I ask is because I have a server running AD and Exchange 2003, file, printer and RAS services. Now this is not the best practice and in order for me to get failover/Disaster recovery implemented it is recommended that I remove the AD from that server and put it on its own server, and then I would have to rebuilt the exchange server and re-populate the mail boxes. If anyone could provide me with some recommendations as to the best way to go about that it would be much appreciated. Thanks.

 

[drew1701d]

If you've ever had the pleasure in the past of dealing with Novell Netware then you've dealt with Active Directory......well at least its predicessor. Microsoft pretty much copied what Novell had already perfected. Since Windows 2000 was released Novell died a slow painful death as Active Directory with Windows 2000 was here. Now to your questions.
In order to authenticate users a DC must be up that contains a copy of the global catalog see the link below for windows terms

http://www.microsoft.com/windows2000/techinfo/howitworks/activedirectory/glossary.asp#g

For the situation you're dealing with do you have more than one domain controller? if so, ensure at least two are global catalogues. If you do not have another domain controllers, stand one up and ensure it has a copy of the global catalog on it. Next, on your "exchange/file/printer/ras" box run dcpromo to demote the server, making it a member server and not a DC. If it has any FSMO roles, it should prompt you to transfer them to another DC which you must have available.

 

[Seaspray0]

You are very close to the mark on what you see as active directory. Active directory is the data store used by domain controllers to store objects such as users, groups, printers, group policies, and any other object you wish to publish in it (including DNS). Each domain controller holds a copy of active directory but not all of it. Domains do not need to hold a copy of the objects of other domains. Also there are specific active directory objects/services that do not reside on every domain controller. The global catalog (a part of active directory) enables network logon by providing universal group membership information to a domain controller when a logon process is initiated. It enables finding directory information regardless of which domain in the forest actually contains the data. You can store a global catalog on more than one domain controller. To keep replication of active directory under control, 5 flexible single master operations (FSMO's) exist in active directory. 2 of the roles only exist once in your entire forest while the other 3 exist once per domain. And as you may have guessed, all 5 roles can only exist on on computers that have active directory (domain controllers).

So as you can see, a domain controller must have active directory and active directory will only exist on domain controllers, but active directory is much more than just a domain controller.

When you add exchange, you have even MORE active directory. That's because exchange taps into the data store just like a domain controller. When you install exchange, changes are made to the schema of active directory to hold the data information for exchange.... it's now one of the databases used by exchange and defines who has a mailbox and what their email address is. The other database holds the actual mail.

Unless you have a good reason to move the exchange to a different server (performance), then leave it right where it is and use your resources to provide a good backup strategy for the server you have (i.e. full tape backups nightly).


A+/MCP/MCSE/MCDBA