MicrosoftR WindowsR 2000 Active DirectoryT Programming
At this point, Active Directory might seem like some sort of super-charged database, and it performs that role very well. However, Active Directory does much more than store names and phone numbers and replicate changes to this information as they are made. For application developers, Active Directory opens the new world of service publishing.
Network Services
One of the network services is file sharing, which allows users to access and modify files from a centralized location from any workstation. In the past, a user was required to know a long string (for example, \\copper1\documents), known as a share, that identified the location of files. Inflexibility resulted because the string contains the name of the specific computer (copper1) that hosts the files. What happens if the file location is moved? The same problem occurs with shared printers.
Windows 2000 solves this problem by publishing file and printer services in Active Directory. Instead of having to know a particular file share or printer path, a user can search the directory using keywords, as shown in Figure 2-12.
Figure 2-12 Searching the directory for shared folders.
Other network services can also publish information in Active Directory. In addition, because Active Directory is fully distributed, the services themselves are more easily distributed, making the network more service oriented than machine oriented.
Dynamic DNS Service
Another service that uses Active Directory is the Domain Name System (DNS) service. Active Directory relies on DNS to perform object lookup referrals, but the Windows 2000 implementation of DNS can use Active Directory to maintain DNS records. As I described earlier in the chapter, if the DNS service is configured to integrate with Active Directory, the resource records that bind a computer name to a TCP/IP address are stored in the directory. Previous implementations of DNS used host files—long text files with resource record entries. Updating DNS meant manually distributing revised versions of the text files to other hosts. By integrating DNS into Active Directory and using its built-in replication capabilities, updating is automatic and easy to manage. Microsoft refers to this implementation as Dynamic DNS.
IntelliMirror Service
Another Windows 2000 feature that uses Active Directory to publish its services is IntelliMirror, a service that makes network management easier. IntelliMirror is designed to help end users and network administrators with the task of configuring new machines, installing software, and managing user preferences. It provides the following features:
- User Data Management
- Software Installation and Maintenance
- User Settings Management
User Data Management ensures that users' documents and files follow them regardless of what machine they use. The users' My Documents folder and other folders are redirected to a network server. Placing the users' data on a server means that local storage requirements are eased and disaster recovery is enhanced because servers are backed up on a regular basis. (End users—including me—are notorious for not backing up their machines.) The users' data is not only stored on the server, but it is also synchronized to the local hard disk, providing a backup in case network connectivity is lost. The synchronization occurs transparently to the users and is configurable.
Since the data follows users, it makes sense to ensure that their applications also follow them. The Software Installation and Maintenance feature of IntelliMirror allows administrators to publish applications to a user or assign applications to a user or computer. Published applications are made available through Add/Remove Programs in Control Panel. This gives users the option to install the software themselves. Assigned applications, on the other hand, are advertised on the computer, meaning that users see the application icons on their desktop, but initially the software is not installed. When a user runs an assigned application the first time, the software is installed from the network.
Since documents and applications follow users, it makes sense to ensure that the users' preferences or settings also roam. User Settings Management makes sure that user preferences follow the individual regardless of what workstation the network user is currently working from. Things like favorite Web sites, cookies, and color preferences are stored in a user profile and kept on a designated server.
All these IntelliMirror services are enabled via Active Directory and a group policy. A group policy defines a set of rules or policies that concern what users can and cannot do with their computers. Administrators use polices to provide a consistent environment for users. A group policy object (GPO) contains one or more policies to be enforced. GPOs are linked to objects in the directory to enforce the polices. For example, a GPO can enforce a Windows setting that prevents users from using the Run command on the Start Menu. GPOs can control a vast number of settings. A in-depth discussion of group policy is outside of the scope of this book. To learn more, refer to the Windows 2000 Server Resource Kit.
A wonderful example of how IntelliMirror can improve a user's productivity can be drawn from my own experience when I began writing this book. Here at Copper Software headquarters I have set up my network and laptop to utilize IntelliMirror. When I need to travel, I can simply pick up my laptop and go. By using a virtual private networking (VPN) connection to tunnel into the Copper Software network over the Internet, the laptop synchronizes the data it needs and makes my project documents and files available. When I return home, I have a painless transition back to my primary workstation, which picks up the synchronized changes to the documents.
When developing applications for Active Directory, it's important that you be a good network citizen by making your application work well with IntelliMirror. By using the Microsoft Windows Installer technology, you can make your applications easy to deploy. Never assume that user data or settings will be in a fixed location. If your application looks up the user's current My Documents path and statically stores that location, the application will fail or begin to behave improperly if that path is changed in the future.