Active Directory is the feature which enable you to add/del users, roles, organizational units,group policies, security etc.
A central component of the Windows platform, Active Directory directory service provides the means to manage the identities and relationships that make up network environments. Windows Server 2003 makes Active Directory simpler to manage, easing migration and deployment.
An active directory is a directory structure used on Microsoft Windows based computers and servers to store information and data about networks and domains. It is primarily used for online information and was originally created in 1996. It was first used with Windows 2000.
An active directory (sometimes referred to as an AD) does a variety of functions including the ability to provide information on objects, helps organize these objects for easy retrieval and access, allows access by end users and administrators and allows the administrator to set security up for the directory.
An active directory can be defined as a hierarchical structure and this structure is usually broken up into three main categories, the resources which might include hardware such as printers, services for end users such as web email servers and objects which are the main functions of the domain and network.
Understanding Active Directories
It is interesting to note the framework for the objects. Remember that an object can be a piece of hardware such as a printer, end user or security settings set by the administrator. These objects can hold other objects within their file structure. All objects have an ID, usually an object name (folder name). In addition to these objects being able to hold other objects, every object has its own attributes which allows it to be characterized by the information it contains. Most IT professionals call these settings or characterizations schemas.
The type of schema created for a folder will ultimately determine how these objects are used. For instance, some objects with certain schemas cannot be deleted, they can only be deactivated. Others types of schemas with certain attributes can be deleted entirely. For instance, a user object can be deleted, but the administrator object cannot be deleted.
When understanding active directories, it is important to know the framework that objects can be viewed at. In fact, an active directory can be viewed at either one of three levels, these levels are called forests, trees or domains. The highest structure is called the forest because you can see all objects included within the active directory.
Within the Forest structure are trees, these structures usually hold one or more domains. Going further down the structure of an active directory are single domains. To put the forest, trees and domains into perspective, consider the following example.
A large organization has many dozens of users and processes. The forest might be the entire network of end users and specific computers at a set location. Within this forest directory are now trees that hold information on specific objects such as domain controllers, program data and system, among others. Within these objects are even more objects which can then be controlled and categorized.
Active Directory Benefits for Smaller Enterprises
Summary
Although many organizations have completed their Microsoft Active Directory deployment, there remain organizations that have either not completed deployment or have yet to take advantage of some of the important features of Active Directory. This white paper is designed to help small- and medium-sized organizations understand the business advantages that can be realized through the use of Windows Server 2003 and Active Directory. The paper was written based on feedback from business executives on the reasons why they chose to migrate to Active Directory and the ongoing benefits they have realized.
Included in This Document
| • | What is Active Directory? |
| • | Benefits of Active Directory and Windows Server 2003 |
| • | Increasing the Productivity of Users |
| • | Reducing the Burden of IT Administration |
| • | Improving Fault Tolerance to Minimize Downtime |
| • | Enhancing Security to Provide Better Peace of Mind |
| • | Leveraging the Capabilities of Active Directory-enabled Applications |
What's New in Active Directory
The Active Directory directory service provides single-logon capability and a central repository for information for your entire infrastructure, vastly simplifying user and computer management and providing superior access to networked resources. This article provides an overview of benefits, new features, and improvements for Active Directory in Windows Server 2003.
Benefits
Improvements in Active Directory deliver key strategic benefits for medium and large enterprises, enabling greater administrator and user productivity. Expanding on the foundation established in Windows 2000, Windows Server 2003 improves the versatility, manageability, and dependability of Active Directory. Organizations can benefit from further reductions in cost while increasing the efficiency in which they share and manage the various elements of the enterprise.
| Benefit | Description |
Greater Flexibility | Active Directory introduces important new features ensuring that it is one of the most flexible directory structures in the marketplace today. As directory-enabled applications become more prevalent, organizations can utilize the capabilities of Active Directory to manage the most complicated enterprise network environments. Internet data centers, extranet application deployments, large distributed branch office enterprises – the improvements provided by Windows Server 2003 simplify administration and increase performance and efficiency, making it a very versatile solution. |
Reduced Total Cost of Ownership | Active Directory has been enhanced to reduce total cost of ownership (TCO) and operation within the enterprise. New features and enhancements have been provided at all levels of the product to extend versatility, simplify management, and increase dependability. |
New Features in Windows Server 2003 R2
With Windows Server 2003 R2, Active Directory enables additional flexible deployment options, facilitating interoperability with Unix environments, extranet application deployments, cross-domain identity federation, and decentralized application directory deployments
| Benefit | Description |
Active Directory Federation Services (ADFS) | ADFS provides Web-based extranet authentication/authorization, single sign-on (SSO), and federated identity services for Windows Server environments, increasing the value of existing Active Directory deployments in scenarios involving B2C extranets, intracompany (multiforest) federation, and B2B internet federation. |
Active Directory Application Mode (ADAM) | Previously available as a Web download, Active Directory Application Mode (ADAM) is now included on the Windows Server media. An independent mode of Active Directory without infrastructure features, ADAM provides directory services for applications. Operating as a stand-alone data store or interacting with an Active Directory domain controller, the flexibility of ADAM enables administrators to tailor their directory services infrastructure to varying degrees of local control/autonomy or shared services. |
UNIX Identity Management | UNIX integration helps to establish uninterrupted user access and efficient management of network resources across operating systems, by enabling AD domain controllers to act as master NIS servers, and synchronizing user passwords in Unix and Windows environments. |
