Active Directory

Active Directory Search and Publication Technologies

Active Directory exists so that users, services, and applications can search for and publish useful information in the directory. The operations that users, services and applications perform against the directory include the following:

  • Performing searches against the data
  • Finding (or in the case of services, publishing) information related to services that are available on the network

Active Directory Search and Publication Architecture

The Active Directory architecture that supports search and service publication can be divided into two functional areas:

  • Search
  • Service publication

The following table describes these Active Directory functional areas. Active Directory Search and Service Publication

Functional Area Description
Active Directory search Directory clients and services need a way to find data that is stored in the directory. Requests for directory objects are carried out either through the Active Directory Service Interfaces (ADSI) Lightweight Directory Access Protocol (LDAP) provider or through the LDAP application programming interface (API).
Active Directory service publication Service publication in Active Directory enables services to provide information about themselves in the directory, and it enables directory clients to search for available services on the network. In addition, Active Directory supports service principal names (SPNs) as the means by which client applications can authenticate the services that they use.

The primary components of the architecture for the Active Directory search function include the directory client applications that search the directory; LDAP, which is used for searching and retrieving directory information; and the Active Directory database against which the directory client applications search. The following table describes the Active Directory search components. Active Directory Search Components

Search Component Description
Directory client application A directory client application is any application that is capable of searching for information that is stored in Active Directory.
LDAP LDAP is a directory service protocol that specifies directory communications. It runs directly over TCP/IP, and it can also run over user datagram protocol (UDP) connectionless transports. LDAP enables clients to query, create, update, and delete information that is stored in a directory service over a TCP connection. LDAP is the preferred and most common means of interacting with Active Directory.
Active Directory database The Active Directory database is the structured data store that Active Directory uses to store information about objects on the network, including users, user groups, computers, services, applications, application data, shared files, and distribution lists. A copy (or replica) of the Active Directory database resides on every domain controller in an Active Directory forest.

Active Directory Service Publication

The primary components of the architecture for Active Directory service publication are the services that publish information about themselves and the client applications that search the directory to find and authenticate services. Active Directory provides the storage and distribution mechanism for published service information and for the SPN attributes that are used in mutual authentication. The Key Distribution Center (KDC) provides the mechanism for authenticating services, using SPNs that are constructed by the client applications. The following table describes the Active Directory service publication and SPN components. Active Directory Service Publication and SPN Components

Service Publication Component Description
Service An application that makes data or operations available to client applications.
Client application An application, which runs on a workstation (or on a server), that makes use of a service.
KDC A service, which runs on every domain controller, that provides authentication services for clients as well as for servers and services.
Connection point object An object in Active Directory that contains information about a service.
Service account object An object in Active Directory that represents the account in whose security context a service runs and on which an SPN attribute resides.
SPN attribute An attribute that contains a unique name that identifies an instance of a service and that is associated with the logon account under which the instance of the service runs.

Active Directory Search and Publication Scenarios

Scenarios that rely on Active Directory search and publication include performing directory searches, advertising available services, finding available services, and authenticating services.

Performing Directory Searches

Searching the directory is a common Active Directory scenario in which directory clients use LDAP to query the directory and find information. Clients search the directory for a wide variety of information, including address book information, information about shared resources, and information related to a specific directory-enabled application. This scenario requires directory clients, LDAP, and the Active Directory database.

Advertising Available Services

A service that has services to offer client applications can use Active Directory as a way of advertising its services. In this scenario, a network service (at the time when it is installed) publishes a special object in the directory, called a connection point object. The connection point object holds information about the service, including binding information that a client application can use to connect to the service.

Finding Available Services

In large, distributed networks, directory clients must be able to find the network services that they need, regardless of where those services reside on the network. In this scenario, client applications search the directory for connection point objects that contain information about specific services that are available on the network. Client applications can then use this information to connect to the services that they need.

Authenticating Services

In large, distributed networks, a client application must be able to authenticate a service before the client application uses the service. The process of authenticating a service protects client applications from malicious or accidental damage or breaches of security that can be caused by an unauthorized, or rogue, service. In this scenario, a client application requests authentication of an SPN representing the service that the client application wants to use. If the service can authenticate against a domain controller by using the SPN, the client application can safely use that service. So, that’s all in this blog. I will meet you soon with next stuff .Have a nice day !!!

Recommended contents

How to Check the Active Directory Database Integrity

Disabling and Enabling the Outbound Replication

DFS Replication Service Stopped Replication

What is Strict Replication Consistency

The replication operation failed because of a schema mismatch between the servers involved

Troubleshooting ad replication error 8418 the replication operation failed because of a schema mismatch between the servers

How to export replication information in txt file

Repadmin Replsummary

Enabling the outbound replication

Disabling and enabling replication on schema master domain controller

How to enable strict replication consistency

How to prevent lingering objects replication in active directory

AD replication process overview

How to force active directory replication

Change notification in replication process

How to check replication partner for a specific domain controller

dcdiag test replications

Guys please don’t forget to like and share the post.Also join our WindowsTechno Community and where you can post your queries/doubts and our experts will address them .

You can also share the feedback on below windows techno email id.

If you have any questions feel free to contact us on admin@windowstechno.com also follow us on facebook@windowstechno to get updates about new blog posts.

How useful was this post?

Click on a star to rate it!

As you found this post useful...

Follow us on social media!

Was this article helpful?
YesNo

Vipan Kumar

He is an Active Directory Engineer. He has been working in IT industry for more than 10 years. He is dedicated and enthusiastic information technology expert who always ready to resolve any technical problem. If you guys need any further help on subject matters, feel free to contact us on admin@windowstechno.com Please subscribe our Facebook page as well website for latest article. https://www.facebook.com/windowstechno

Leave a Reply

Back to top button