Platform SDK: Active Directory, ADSI, and Directory Services
New Run-time Features for Microsoft Windows 2000
Effective with Windows® 2000, the LDAP run time supports the following features not available on Windows NT® 4.0 or Windows 98:
Auto-reconnect
Client certificate support for SSL connections (QUERYCLIENTCERT).
Extensible match search filters: These filters give clients the powerful new ability to go beyond the standard comparison operators like "equal to adam" to complex comparators like "sounds like adam".
Explicit kerberos authentication: This gives users the ability to explicitly select any authentication package and thus avoid having the Simple Protected Negotiation (SPNEGO) package choose one for them.
Parallel connect for performance improvement: This vastly improves connect times to domain controllers (DCs). Especially when some DCs are down.
Multithreaded error handling in LDAP: This gives users access to the custom error messages sent out by the server on a per-thread basis.
Secure Sockets Layer (SSL) strength testing: this gives users the ability to obtain all interesting parameters of an SSL connection.
Service Principle Names for directory authentication: This lets us connect to the intended domain controller irrespective of bad records in DNS
Handler for notice of disconnect: This recognizes a special message sent asynchronously from the server and changes the connection state accordingly.