Active Directory

Orwig, Paul PORWIG at
Tue Oct 30 14:47:59 GMT 2001

I keep seeing questions about Windows Active Directory, so I will pass along
what info I have been able to gather.

Active Directory is billed as Microsoft's LDAP service, used to hold user,
group, and other such data and is standard with Windows 2000.

While billed as LDAP, Active Directory does not conform to standard LDAP
schema, which will break some ldap clients written specifically to those
standards. ( Technically, the LDAP protocol is standard, however the data
format is not.)

Windows 2000 can be installed in three modes:
	1)  NT mode - PDC/BDC responds to old-fasioned NT domain requests.

	2)  Mixed Mode - Domain services respond to both NT and Active
Directory requests.

	3)  Native Mode - Domain only responds to Active Directory requests.

One caveat here is that ( at least in my experience ) Native mode still
includes NT services for user and group for compatability with older Windows
clients. (unless the admin shuts NT services down. If so, I expect that
older Windows versions would stop working along with Samba and any SMB
enabled PAM modules i.e. and )

Active Directory can be secured using Kerberos, however Microsoft has
modified the kerberos protocol to suit their needs, thus making it
incompatable with other "standard" kerberos implementations.

While this is the limit to what I know about Active Directory, it is as
accurate as I have been able to determine.

Feel free to correct me. I am not an expert. Just a frustrated UNIX admin.

Paul Orwig
Pacific Life

More information about the samba mailing list