Visit the Windows 2000 Server site for Active Directory summary information and more technical details. Active Directory scales: Grow your customer's network without worry. Active Directory is highly scalable, providing services for the small business with a few employees as well as the corporation with offices spanning the world.

Active Directory:
A Necessary Windows 2000 Platform Component for Future System Administration

Remember when answering machines came out on the market? At the time they weren't a necessity, but they certainly made life easier—and now they're staples in households and offices worldwide.

Similarly, this may be the case with Active Directory™. This directory component of the Microsoft® Windows® 2000 operating system platform is laying the groundwork for future directory-based systems.

"Active Directory gives us a foundation and we can only imagine just what we'll be able to build on it in another few years," says Scott Sinclair, a Microsoft Certified Systems Engineer (MCSE) and value-added provider (VAP). "As technology evolves, this kind of open architecture will allow for really tremendous opportunities."

Part of the Windows 2000 Server family, Active Directory consolidates the management of directories in one place, so you can spend less time on tedious like tasks.

• juggling dozens of application directories,
• updating user logons and e-mail accounts,
• creating directories for multiple apps, and
• logging in repetitively to access e-mail and the Internet.

Active Directory will make your life and your customer's easier. As a network administrator, you'll only have to set up one main directory per user. This provides a more secure network and simplifies management tasks.

In addition, end users will now only have to log on once to access applications and servers on their company network. Active Directory automatically knows what applications each user can access.

Active Directory Infrastructure

As you can see in the diagram below, Active Directory is made up of a tree-like structure of containers and objects within those containers. Containers can represent machines, devices and applications while the objects represent the people who are allowed to use them. For example, you can plug into the Active Directory the names of all the users allowed to access the color printer located on the third floor.

Figure 1: Active Directory stores information about objects on the network. Objects include shared hardware resources, network users and computer accounts, applications, security policies and just about everything else in the network. For a more in-depth look at the hierarchical structure used in Active Directory, see "How Does Active Directory Work?"

Simplifying Windows Management with Active Directory

Active Directory benefits include network replication, single log on and increased network security.

Network replication. Active Directory simplifies the tasks of managing network directories. In the past, system administrators typically managed several different directories for applications located on several different servers.

Not anymore. With Active Directory's multi-master replication feature, you work with one main directory, which you can copy and distribute throughout a network over either LAN or WAN connections. Any changes made to the directory are reflected throughout the network. So if you create or change a user name in New York, for example, you can view the changes at the home office in Los Angeles.

What's more, the single hierarchical model within Active Directory holds millions of objects and supports hundreds of simultaneous queries.

Ease of use. Tell your customers about the lack of redundant log ons and management issues previously mentioned. You can also tell them about features such as single sign on for users, easy query capability, single point of administration and delegated management tasks. These features are described in more depth in our Quick List below.

Security. The security of key company data is an ever-increasing issue for all types of organizations. It's easier than ever to manage user authentication and access with Active Directory. The directory acts as the central authority for network security, letting the operating system readily verify a user's identity and control his or her access to network resources.

In addition, Active Directory supports a number of industry-standard authentication mechanisms for Windows security. Access to the system comes in various forms, including system passwords, ATM-like cards that require PINs, and sophisticated devices that require fingerprints to identify the user. These technologies also make using an extranet easier, so you can give people outside the company access to select portions of the internal network.

Extends interoperability of Windows 2000. You're probably currently working with a diverse collection of e-mail servers, application network devices, firewalls and e-commerce applications—each with a separate directory. One of the most exciting aspects of Active Directory is its interoperability with these third party applications.

Keep in mind that Active Directory consolidates directories by exposing all of its Windows features through standards-based interfaces such as LDAP, ADSI, JADSI and MAPI. An example is Microsoft Exchange, which has been integrated with Active Directory, enabling you to manage user accounts and Exchange mailboxes as the same account.

The Future

Active Directory consolidates and synchronizes with many directories, making your life and the lives of your customers much easier.

Just as answering machines became a staple feature in most households and workplaces, Active Directory is expected to quickly become a necessity as the move toward directory-based systems unfolds in the future.

Additional Feature Quick List: Single sign on. With Active Directory, a user only has to remember one user account name and one password to log on to different systems. Furthermore, the Active Directory component doesn't require the exact location of information on the network to access it. Easy query capability. Let your customers know that since the directory can store attributes about objects, the location of a resource, such as a printer, is easily found using the search procedure. The user simply searches from the Start menu in Windows. Printer and fax setup is also easier than ever. Single point of administration. You'll no longer have to input redundant information. Active Directory lets administrators manage containers or groups of objects rather than each object individually. Administrators input information once to be placed in the hierarchy, rather than inputting the same information, into a Windows NT— domain, e-mail directory, fax directory and so on. Delegated management tasks. Gone are the days of completely centralized administration. Point out to your customers that with Active Directory, you can give some control to managers, allowing them to handle tasks such as resetting passwords for users in their departments while restricting control to other management tasks, as well as other Active Directory containers.

 What's Your View?

What did you think about this article? Do you agree? Got more ideas? Share your thoughts and experiences with Microsoft and your peers, and we'll post them on this page!

There are currently no opinions on this topic: be the first!