publishing resources in Active Directory you can allow users to locate resources even if the physical
location of the resources changes. Furthermore, because a shared resource and the published object that
refers to the shared resource are two different objects, each of these objects has its own discretionary access
control list (DACL), which is used to control access to that shared resource. A user requires Read
permission on the DACL of a published object to view the published object in the results list when searching
for a published resource but may not be able to access the shared resource, depending on the DACL on the
shared resource.
3.4.7 Publishing Resources
Publishing resources is the process of creating objects in Active Directory that either directly contain the
information that you want to make available, or provide a reference to that information. This will make it
easier for users to locate network resources. Resources should be published in Active Directory when the
information contained in them is useful to a user or when it must be highly accessible. However, you do not
need to publish resources, such as user accounts, that already exist in Active Directory. Though, you must
publish resources that do not exist in Active Directory such as printers on a pre-Windows 2000 computer,
and shared folders.
Note: You should only publish information that is relatively static and does
not change frequently in Active Directory. This will prevent excessive
replication traffic across a network.
The object that is published in the directory is completely separate from the shared resource that it
represents. The published object contains a reference to the location of the shared resource. When a user
accesses the published object, Windows Server 2003 redirects the user to the shared resource. Therefore, by
|