Platform SDK: Active Directory, ADSI, and Directory Services

Users in Active Directory

In Windows® 2000, Active Directory™ is a generalized directory service that includes storage of domain, user, user group, and security information.

In Windows NT® 4.0 and earlier, you used the Net functions (such as NetUserAdd, NetUserEnum, NetUserDel, and so on) to manage users, user groups, and other network items. With Windows 2000, ADSI provides uniform and secure access to these items and their properties. Note that ADSI provides a Windows NT 4.0 provider that enables you to use ADSI to manage user, user groups, and computers on Windows NT 4.0 systems. There are also providers for Microsoft® Exchange 5.5, Microsoft Internet Information Server, Novell NetWare® Directory Services (NDS) and Novell NetWare® 3. This means a single set of standardized methods for managing users and user groups for Windows NT, NDS, and NetWare 3.

In addition, Windows 2000 is a multi-master directory. This means that changes to users, user groups, and other information stored in the directory can be made at any domain controller. On Windows 2000, you no longer need to locate the primary domain controller (PDC) and make user and user group changes on the PDC.

Windows 2000 also introduces a new hierarchical namespace within a domain called an organizational unit (OU). An OU can contain computers, users, user groups, and other network objects. Usually, an OU is used for the purpose of grouping things for administrative purposes, such as delegating administrative rights and assigning policies to the group as a single unit.

Domains, OUs, users, user groups, computers, and other network items are stored as objects in Active Directory. In Windows 2000, you still add users, user groups, and computers to a domain. However, you now have the option of adding these objects to an OU container or any other type of container that the object you want to add defines in its classSchema object's Poss-Superiors attribute (this is a property on an object's classSchema object and this property restricts what types of objects can contain that object).