The Next Generation Directory: DNS and X.500

The Windows NT next generation Directory Service architecture is designed to take advantage of the best features of both DNS and X.500, while not imposing the limitations of either.

DNS

Windows NT Directory Service (NTDS) takes advantage of DNS for name resolution. The next generation of Windows NTDS uses DNS as the location service that allows a client to find a directory server containing the desired copy of the directory.

DNS, the Internet Domain Name System (DNS) service, is the most widely used directory service in the world. DNS is the location service used on the Internet and in most private intranets. The location service is used to translate a name, for example MyMachine.ArcadiaBay.Com, into a TCP/IP address. DNS is designed to scale to very large numbers of entries (it supports the entire Internet), while remaining "lightweight" enough for use in a system with just a few computers.

The Windows NT next generation Directory Service uses DNS as its location service; that is, Windows NT Domain Names are DNS names. Users will find the same simple naming used on the Internet in NTDS. ArcadiaBay.Com can be both a DNS domain (e.g., an area of addressing) and a Windows NT Domain. JamesSmith@ArcadiaBay.Com is both an Internet e-mail address and a user name in the ArcadiaBay.Com domain. Windows NT domains can be located on the Internet and intranet the same way any resource is located on the Internet: by means of DNS.

X.500

The X.500 family of standards was developed jointly by the International Standards Organization (ISO) and the International Telecommunications Union (ITU). It was designed to promote the development of an international white pages directory service made of up of large numbers of Directory System Agents (DSAs) connected in an Open Systems Interconnection (OSI) network using protocols defined in the standard. There have been several significant barriers to the deployment of X.500 directories:

• TCP/IP, and not OSI, has become the de facto network protocol.
• X.500 assumes a global directory structure and requires some defined authority to manage the top of the tree internationally and in each country.
• X.500 names are complex in structure and difficult to use. For example, a typical X.500 name might be: "C=US,O=ArcadiaBay,OU=Platforms,OU=Division,CN=JamesSmith
  which many users find cumbersome when compared to the Internet form: "JamesSmith@ArcadiaBay.COM".
• X.500 defines only protocols, not APIs. This has obstructed the development of tools that can work with X.500 directories.

The X.500 family of standards is most useful for providing interoperability among directories. The communications protocols can be carried over a TCP/IP network, thus eliminating the dependence on OSI. The existence of well-defined protocols and formats makes interoperation among different directory services practical.

The Windows NT next generation Directory Service will provide subsets of the 1993 X.500 protocols that are required to enable participation in an existing X.500 directory; and it will interoperate with directories and tools that support the X.500 protocols. The relevant X.500 protocols are:

• Directory Access Protocol (DAP)
• Directory System Protocol (DSP)
• Directory Information Shadowing Protocol (DISP)

Support for these protocols allows the Windows NT next generation Directory Service to participate in mixed Internet and X.500 environments. The end user benefits from the implementation features of the next-generation Windows NT Directory Service without the burdensome overhead of X.500.