Since many of you are working with Active Directory, or will be soon, here is a tip that details some of the major features.
From Windows 2000 Active Directory by Alistair G. Lowe-Norris, O'Reilly and Associates, 2000.
Major Features of Active Directory
New domain model
Domains in Windows were flat structures limited to about 40,000 objects, and this had some unfortunate consequences. For one thing, the assigning of privileges tended to be an all-or-nothing matter at the domain level; there was no delegation or inheritance within the domain. For another, the resource limitation often meant that the number of domains in an organization would grow into an unmanageable network over time. Active Directory domains are hierarchical and virtually without limitation. This means that administrators can delegate authority within a smaller number of more manageable domains.
Under Windows NT4, managing trust relationships could easily become a nightmare. All trusts were manual and unidirectional, and they had to be individually specified. If domain A trusted domain B, it was still necessary to separately specify that domain B trusted domain A, if that was your desire. Moreover, if A trusted B and B trusted C, A did not trust C without a separate specification. Active Directory domains include automatic bidirectional trusts and transitive trusts to rationalize and simplify trust management.
Using new group policies, you can specify roles complete with configuration information within the domain hierarchy. This means that you can define things so that, whenever you add a new user to a group, you can trigger automatic configuration and software installation for that user.
Each domain controller automatically propagates all the objects defined on it to every other participating domain controller. Because each controller contains all the data for the domain, Active Directory access will continue should one domain controller fail.
To facilitate efficient searching of Active Directory, all the objects and their frequently used attributes are stored in a partial replica of each Windows 2000 domain in a directory. This is the Global Catalog, and it is built automatically during Active Directory replication.
Because Active Directory is based on the Lightweight Directory Access Protocol (LDAP) and other standards, it is possible for you to integrate Active Directory with other directory services and for third-party vendors to integrate their components with Active Directory.
Go to http://www.oreilly.com/catalog/win2000ads/ to purchase Windows 2000 Active Directory.