Designing the Active Directory Structure

Previous Topic Next Topic

Primary Active Directory Features

Windows 2000 Active Directory features offer many advantages for your network, including the following:

Security

Active Directory provides the infrastructure for a variety of new security capabilities. Using mutual authentication, clients can now verify the identity of a server before transferring sensitive data. Using public key security support, users can log on using smart cards instead of passwords.

Simplified and Flexible Administration

Objects in the Active Directory have per-attribute access control, which allows fine-grained delegation of administration. Delegation of administration allows you to more efficiently distribute administrative responsibility in your organization, and reduce the number of users that must have domain-wide control.

Scalability

Active Directory uses the Domain Name System (DNS) as a locator mechanism. DNS is the hierarchical, distributed, highly scalable namespace used on the Internet to resolve computer and service names to Transmission Control Protocol/Internet Protocol (TCP/IP) addresses.

The directory stores information using domains, which are partitions that let you distribute the directory over a large network of varying speed and reliability. The directory uses database technology and has been tested to accept millions of objects (users, groups, computers, shared file folders, printers, and more). This combination of scalable locator, partitioning, and scalable storage ensures that the directory scales gracefully as your organization grows.

High Availability

Traditional directories with single master replication offer high availability for query operations, but not update operations. With multimaster replication, Active Directory offers high availability of both query and update operations.

Extensibility

The schema, which contains a definition for every object class that can exist in a directory service, is extensible. This allows both administrators and software developers to tailor the directory to their needs.

Open Standards Support

Active Directory is built on standards-based protocols such as:

This support for open standards makes it possible to use a wide variety of software with Active Directory, such as LDAP-based address book clients.

Simple Programmatic Access

The Active Directory Service Interfaces (ADSI) are accessible from a variety of programming platforms, including script languages such as Visual Basic Script. When using ADSI, administrators and software developers can quickly create powerful directory-aware applications. An example of a directory-aware application is an application that reads the directory for data or configuration information.

© 1985-2000 Microsoft Corporation. All rights reserved.