Major Features of Active Directory

Since many of you are working with Active Directory, or will be soon, here is a tip that details some of the major features.

From Windows 2000 Active Directory by Alistair G. Lowe-Norris, O'Reilly and Associates, 2000.

Major Features of Active Directory

New domain model
Domains in Windows were flat structures limited to about 40,000 objects, and this had some unfortunate consequences. For one thing, the assigning of privileges tended to be an all-or-nothing matter at the domain level; there was no delegation or inheritance within the domain. For another, the resource limitation often meant that the number of domains in an organization would grow into an unmanageable network over time. Active Directory domains are hierarchical and virtually without limitation. This means that administrators can delegate authority within a smaller number of more manageable domains.

Transitive trusts
Under Windows NT4, managing trust relationships could easily become a nightmare. All trusts were manual and unidirectional, and they had to be individually specified. If domain A trusted domain B, it was still necessary to separately specify that domain B trusted domain A, if that was your desire. Moreover, if A trusted B and B trusted C, A did not trust C without a separate specification. Active Directory domains include automatic bidirectional trusts and transitive trusts to rationalize and simplify trust management.

    Requires Free Membership to View

Group policies
Using new group policies, you can specify roles complete with configuration information within the domain hierarchy. This means that you can define things so that, whenever you add a new user to a group, you can trigger automatic configuration and software installation for that user.

Multimaster replication
Each domain controller automatically propagates all the objects defined on it to every other participating domain controller. Because each controller contains all the data for the domain, Active Directory access will continue should one domain controller fail.

Global catalog
To facilitate efficient searching of Active Directory, all the objects and their frequently used attributes are stored in a partial replica of each Windows 2000 domain in a directory. This is the Global Catalog, and it is built automatically during Active Directory replication.

Standards compliance
Because Active Directory is based on the Lightweight Directory Access Protocol (LDAP) and other standards, it is possible for you to integrate Active Directory with other directory services and for third-party vendors to integrate their components with Active Directory.

Go to http://www.oreilly.com/catalog/win2000ads/ to purchase Windows 2000 Active Directory.

This was first published in March 2000

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.