he .NET framework provides strong support for accessing Active Directory Services, letting you create, edit, delete, and search for directory objects efficiently. This article discusses the benefits of Active Directory Services, its specific features, and how to manipulate Active Directory objects using .NET code.
To implement the techniques discussed in the article, the minimum requirements are:
- .NET framework: version 1.1 or higher
- Operating System: Windows XP/2000 or higher
I won't discuss how to install and configure Active Directory in this article, but here are links to installation instructions for Windows 2000 Server
and Windows 2003 Server
For Windows 2000, you can migrate existing groups, users, and computers to Active Directory using the downloadable Windows 2000 Active Directory Migration Tool
Directory Services and Active Directory
A directory service is a centralized repository of network information used to store and manage complex hierarchical data, authorization, and user management. Directory services provide ways to define new object types and specify the attributes for those types, letting developers create instances of these types and store them in the repository.
Typically, developers gain access to the repository using an API. The basic difference between a directory service and a Relational Database Management System (RDBMS) is that while the former manages access to hierarchical structure of objects, the later manages access to relational tabular data. Unfortunately, there's a drawback: Reading and writing data to a directory service is far slower than similar operations against an RDBMS. Further, unlike RDBMSs, Active Directory doesn't have any support for transactions.
Microsoft's Active Directory is an implementation of a directory service. It is a distributed, replicated, and hierarchical Windows service that's well-integrated with the host OS. Another way to think of it is as an object-oriented hierarchical database that represents network resources in the system. Active Directory provides an API to locate and manage these resources, making them available to authorized users and groups.
Active Directory is a central and secure repository of an organization's data designed for use in distributed computing environments. It provides policy-based administration. Active Directory, originally named "NT Directory Service," was introduced with Windows 2000, and is basically Microsoft's implementation of an LDAP directory service for Windows OSs.
Active Directory Features
The basic features of Active Directory are:
- Hierarchical object grouping
- Support for open standards
- Backward compatibility with earlier Windows OSs
The objects Active Directory contains typically fall into one of the following categories:
What are Active Directory Objects?
- ResourcesPrinters, scanners, user details, etc.
- Servicesfor example, DirectoryService, SecurityService, etc.
- Usersuser credentials
Each object in Active Directory is an instance of a class defined in a schema. The objects in the Active Directory are strongly typed and are organized in a tree-like structure where the root object represents the domain, and the other nodes represent containers that can hold one or more objects. The schema is responsible for defining the types and the attributes of the objects in the repository.
Typical objects in an Active Directory represent files, printers, users, or software. Each object has its own attributes and an Access Control List (ACL). Active Directory identifies objects using a distinguished
name that specifies the domain where the object is located and the path of the object. Distinguished names have several components, called the CN
. The CN
represents the common name of the object in the Active Directory, OU
represents the organizational unit to which the object belongs, and DC
is the domain controller or the DNS name of the object.
Active Directory Protocols
Active Directory can use either of two protocols:
- Lightweight Directory Access Protocol (LDAP)
- Active Directory Service Interface (ADSI)
LDAP is a generalized protocol for accessing information directories. It is a light-weight, open-source, cross-platform, client-server protocol for accessing a directory service over a network. You can use LDAP to access LDAP-compliant directories from virtually any platform.
In contrast, ADSI is a COM-based programmatic interface specific to Microsoft that abstracts directory-service protocols from various vendors into a common API. The .NET framework includes the System.DirectoryServices namespace, which contains a set of classes that use ADSI to interact with a variety of network providers.
You can download the Active Directory Service Interfaces (ADSI), Version 2.5 if they aren't available on your system.