Basic Features of NDS and AD

The basics of Novell Directory Services and Active Directory: installation and design principles.

 By Drew Bird
Page 1 of 3
Print Article

As an instructor for both Microsoft and Novell courses, I'm often asked which I think is better: Active Directory (AD) or Novell Directory Services (NDS). In general, it's a loaded question. If I'm teaching a Microsoft course, students want to hear that AD is king; the same goes for NDS in a Novell course. In both instances, my answer is simple: There is no simple answer. Both have advantages over the other, and both have disadvantages. The "right" one depends on many factors, including your personal perspective.

In this two-part article, I will look at AD and NDS as they fit into a working environment. I'll start by looking at basics such as installation and design principles, before moving on to the some of the standard day-to-day activities involved with managing network objects like users, groups, and printing. I am not seeking to conclude whether one is better than the other; instead, I hope to illustrate how each deals with certain technical issues and aspects. Rather than trying to quantify performance by measuring the millions of directory lookups per second, or the ability to search through a couple of million objects to find a phone number, I will look at more practical and relevant issues such as how easy it is to create users, grant permissions to a printer in another location, and so on.

The Basics

NDS and AD are both examples of directory services systems. Both provide the capability to manage network objects and can also act as a data repository for external applications. In both cases, scalability is not an issue; each supports a massive number of objects. Unlike AD, which will run only on Windows 2000, a version of NDS is available for NetWare, Linux, Windows NT/2000, and Solaris. For the purposes of this discussion, I'll assume that NDS is being used on a NetWare platform. The fact that AD is available on only one platform may be an influencing factor for some, but you must remember that AD is a newcomer to the directory services scene--NDS has been around since 1994.

Logical and Physical Structure

The distributed nature of directory services systems changes the way that a network must be configured. In essence, the big picture must be considered, with individual servers simply performing a role within this picture.

In AD, the directory is defined by one or more trees, which in turn are comprised of one or more domains. Within the domains, servers are nominated as domain controllers. The first domain that is created is referred to as the root domain, and each subsequent domain is called a child. Information is propagated between the domains by two-way, transitive trusts, enabling resources to be assigned transparently to other objects between domains. Within each domain, it is possible to create subcontainers called Organizational Units (OUs) that can be used to group network objects together. If, for some reason, an organization has more than one tree, trees can be grouped together into a forest.

NDS is also based around a tree structure, but it does not use the concept of domains. Instead, NDS allows the creation of Organization objects and Organizational Unit objects to logically organize network resources. Unlike AD, in which domains are the central points of information storage and replication, NDS allows you to create partitions in the database at any container. The point at which the partition is created then becomes the replication point.

From a physical perspective, Windows 2000 stores files that relate to AD in subdirectories under the WINNT directory. NDS stores its information in a similar way, in a set of files, by using a directory called _NETWARE located at the root of the SYS: volume that exists on each Novell server.

This article was originally published on Dec 21, 2000
Get the Latest Scoop with Networking Update Newsletter