White Paper
© 1996 Microsoft Corporation. All rights reserved.
This White Paper is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT.
BackOffice, BackOffice logo, Microsoft, Visual Basic, Win32, Windows, and Windows NT are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.
Other product and company names may be the trademarks of their respective owners.
Microsoft Corporation n One Microsoft Way n Redmond, WA 98052-6399 n USA
Today's Microsoft® Windows NT® Server offers the Windows NT Directory Services, robust directories that provide customers what they need most—single network logon, with a single point of administration and replication. While these functions are critical to businesses, it is becoming increasingly clear that customers need and want more from their directories, features such as a hierarchical view of the directory, extensibility, scalability, distributed security and multimaster replication. To meet these expanding needs, Microsoft is developing next generation Directory Services.
This White Paper will examine the components of next generation Directory Services and provide details on their implementation.
Customer's directory needs vary greatly. Businesses of all sizes, small or large, share a common need: the need for a hierarchical, extensible directory that can scale with their business, from tens of entries to hundreds of thousands of entries. Likewise, public network operators, such as CompuServe, need a directory that can scale to many millions of entries for both white pages (individuals and businesses listed by name) and yellow pages (products and services listed by category). Certain parts of the directory must be publicly accessible (that is, via the Internet), some must be accessible only by the network provider's subscribers, and some must be restricted still further. Regardless of the scope of their directory needs, it is clear that today's customers need this capacity to succeed in business.
Today's Microsoft® Windows NT® Server network operating system offers the Windows NT Directory Services, a robust directory that provides customers what they need most—single network logon, a single point of administration and replication. While these functions are critical to businesses, it is becoming increasingly clear that customers need and want more from their directories, features such as a hierarchical view of the directory, extensibility, scalability, distributed security and multimaster replication. To meet these expanding needs, Microsoft is developing next generation Directory Services, scheduled to be available in a preview release in the second half of 1996. Its full implementation is slated to be in the next release of Windows NT Server.
The next generation Windows NT Directory Services is a directory service
integrated with Windows NT Server that offers the hierarchical view, extensibility, scalability, and distributed security required by all customers, no matter the size. The next generation Windows NT Directory Services represents a significant evolution of directory services. For the first time network administrators, developers, and end users gain access to a directory service that
The next generation Windows NT Directory Services is a critical part of the distributed system, taking it far beyond the traditional directory system. Administrators and users will now be able to use the directory services as an information service, as much as they use it as an administrative service.
The rest of this document will explore in detail the design and implementation of next generation Windows NT Directory Services.
Microsoft is building the foundation for distributed computing with its next generation Directory Services, which combine the best of the Internet's Domain Name Service (DNS) as a locator service and X.500 naming standards to provide enterprises with the interoperability they need to unify and manage the multiple name spaces that now exist in the heterogeneous software and hardware environments of corporate networks.
The next generation Microsoft Windows NT Directory Services, which incorporate the lightweight directory access protocol (LDAP) as its core protocol, can work across operating system boundaries, integrating multiple name spaces. These next generation Directory Services can subsume and manage application-specific directories, as well as other NOS-based directories, to provide a general purpose directory service that can reduce the administrative burdens and costs associated with maintaining multiple name spaces.
The next generation Directory Services allow a single point of administration for all published resources, which can include files, peripheral devices, host connections, databases, Web access, users, arbitrary other objects, services, and so forth. The next generation Directory Services supports a hierarchical name space so that objects can be grouped by Organizational Units.
The next generation Directory Services support more than 10 million objects per store, with multiple stores, thus offering unparalleled scalability while at the same time offering unsurpassed simplicity for the smallest businesses. When combined with the forthcoming Microsoft Distributed File System, next generation Directory Services will bring networks even closer to the goal of a single global name space.
The next generation Directory Services iare seamlessly integrated with Windows NT Server, which is the only operating system that offers traditional file and print, applications, communications and Internet/intranet support built into the base product. Windows NT Server is the best file and print server for all of a business's information and resource sharing needs, outperforming all other operating systems available today. It is also the best applications server available, offering the best scalability/price ratio in the industry. Additionally, Windows NT Server is an excellent communications platform, offering such features as Remote Access Services, TAPI and PPTP.
The next generation Directory Services provide the power of X.500 interoperability, without requiring systems to host the entire X.500 overhead. It does this by implementing the protocols needed for X.500 communication, including subsets of the 1993 directory access protocol (DAP), directory system protocol (DSP), and directory information shadowing protocol (DISP), and, as already noted, LDAP. The result is the high level of interoperability required for administering real-world, heterogeneous networks.
The Microsoft next generation Directory Services features include:
The need for an ever more powerful, transparent, and tightly integrated directory system is driven by the explosive growth of networked computing. As LANs and WANs grow larger and more complex, as networks are connected to the Internet, and as applications require more from the network and are linked to other systems through corporate intranets, more is required from a directory service.
The next generation Windows NT Directory Services have a rich set of protocols and application programming interfaces (APIs). The protocols and object formats supported define the openness of the directory—that is the degree to which the directory is available to clients beyond those explicitly designed to use it. The APIs supported define the range of tools and applications that will directly take advantage of the directory service. The Windows NT Directory Services support a wide range of well defined protocols and formats and provides powerful, flexible, and easy-to-use APIs.
The next generation Windows NT Directory Services provide administrators and users with a one-stop source for resource and management information. And the directory services must become a point of unification, providing a sense of order and structure—especially when managing information from competing network operating system (NOS) and application directories.