About Active Directory

Active Directory is a central piece in Windows 2000 architecture. Understanding it is important. This chapter does not provide a detailed description of it but rather presents a few code examples showing how to use it programmatically. Before starting with code exercises it is desirable to have general understanding of Active Directory. Microsoft MSDN online (http://msdn.microsoft.com/) may be a good place to start. Also, the "Active Directory Services for Windows 2000" book by David Iseminger (see the Bibliography section for more details) might be helpful.

Microsoft has a useful tool for Active Directory investigations. It is called Active Directory Browser (adsvw.exe). It is covered in one of the subsections below. Active Directory programmers should probably be familiar with it.

Before experimenting with Active Directory you need it installed somewhere. This is accomplished by installing a Windows 2000 Server and then running dcpromo.exe on it (or by using the Configure Your Server Wizard). This promotes the server to a domain controller and installs Active Directory on it. The promotion operation seems risky. I think it is worthwhile to have a separate isolated small network for Active Directory experiments to keep network administrators happy, especially if your existing network uses something different, for example, a Windows NT 4.0 PDC.

How can you access Active Directory programmatically? One way is via Active Directory Service Interfaces (ADSI), which are using LDAP underneath. The remainder of this chapter illustrates this approach. Notice that a client computer does not need to run Windows 2000 in order to access Active Directory. It may be Windows NT 4.0 or 9.x with ADSI 2.5 installed. Also, ADSI may be used to talk not only to a Windows 2000 directory, but to other directories as well. For example, you can access Exchange 5.5 directory with it.