Major Features of Active Directory

Since many of you are working with Active Directory, or will be soon, here is a tip that details some of the major features.

From Windows 2000 Active Directory by Alistair G. Lowe-Norris, O'Reilly and Associates, 2000.

Major Features of Active Directory

New domain model
Domains in Windows were flat structures limited to about 40,000 objects, and this had some unfortunate consequences. For one thing, the assigning of privileges tended to be an all-or-nothing matter at the domain level; there was no delegation or inheritance within the domain. For another, the resource limitation often meant that the number of domains in an organization would grow into an unmanageable network over time. Active Directory domains are hierarchical and virtually without limitation. This means that administrators can delegate authority within a smaller number of more manageable domains.

Transitive trusts
Under Windows NT4, managing trust relationships could easily become a nightmare. All trusts were manual and unidirectional, and they had to be individually specified. If domain A trusted domain B, it was still necessary to separately specify that domain B trusted domain A, if that was your desire. Moreover, if A trusted B and B trusted C, A did not trust C without a separate specification. Active Directory domains include automatic bidirectional trusts and transitive trusts to rationalize and simplify trust management.

Group policies
Using new group policies, you can specify roles complete with configuration information within the domain hierarchy. This means that you can define things so that, whenever you add a new user to a group, you can trigger automatic configuration and software installation for that user.

Multimaster replication
Each domain controller automatically propagates all the objects defined on it to every other participating domain controller. Because each controller contains all the data for the domain, Active Directory access will continue should one domain controller fail.

Global catalog
To facilitate efficient searching of Active Directory, all the objects and their frequently used attributes are stored in a partial replica of each Windows 2000 domain in a directory. This is the Global Catalog, and it is built automatically during Active Directory replication.

Standards compliance
Because Active Directory is based on the Lightweight Directory Access Protocol (LDAP) and other standards, it is possible for you to integrate Active Directory with other directory services and for third-party vendors to integrate their components with Active Directory.

Go to http://www.oreilly.com/catalog/win2000ads/ to purchase Windows 2000 Active Directory.


This was first published in March 2000

Dig deeper on Windows Operating System Management

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchServerVirtualization

SearchCloudComputing

SearchExchange

SearchSQLServer

SearchWinIT

SearchEnterpriseDesktop

SearchVirtualDesktop

Close