Advantages of the Windows 2000 Active Directory

1. Policy-based Management

Directory services for active directories include data storage and logical hierarchies. The logical structure provides a context hierarchy for policy applications. The directory stores a policy (called Group Policy) that is assigned to a specific context. Group Policy expresses a set of business rules that contain settings that apply to contexts, which determine access to directory objects and domain resources, which domain resources users can use, such as applications, and how these domain resources are configured. For example, Group Policy determines which applications users can see on the computer after they log on, how many users can connect to it when Microsoft SQL server starts on a server, and what content users can access when a document or service moves to a different department or group. Group Policy allows you to manage only a few policies, not a large number of users and computers. The Active Directory can apply Group Policy to the appropriate context, whether it is an entire organization or some units in an organization.

2. Extensibility

The Active Directory is extensible, which means that administrators can add new classes of objects to the plan, and you can add new attributes to an existing object class. For example, you can add the recurring access permission attribute to the user object type, and then make the periodic access permissions for each user stored as user accounts.

You can add objects and properties to a directory by using the Active Directory planning plug-in or by creating scripts that are based on ADSI, LDIFDE, or csvde command-line utilities.

3. Adjustable Sex

The Active Directory can include one or more domains, each with one or more domain controllers, allowing the administrator to adjust the directory to meet the requirements of any network. Multiple domains can be grouped into domain trees or directory forests.

The Active Directory assigns planning and configuration information to all domain controllers in the directory. This information is stored on the initial domain controller and can be replicated to any other domain controller in the directory. When a directory is configured as a single domain, adding a domain controller can adjust the directory when upper management does not involve other domains.

Configuring a directory as a domain tree or forest allows administrators to partition the directory's namespace for different context policies and to adjust the directory to accommodate a large number of resources and objects.

4. Information replication

The Active Directory uses multiple master replications. The directory is stored in the initial domain controller and can be replicated to each domain in the domain, domain tree, or domain forest. Changes made to the catalog data are replicated to all domain controllers. Each domain controller stores and retains a full copy of the directory.

Information replication provides the benefits of effectiveness, fault tolerance, and load balancing. Assigning multiple domain controllers in one domain provides fault tolerance and load balancing. If a domain controller in a domain slows down, stops, or fails, other domain controllers in the same domain can provide the necessary directory access because they contain the same directory data. Multiple nodes in the domain can improve the performance of the directory. In a wide area network (WAN), directory Access can be performed by the closest domain controller to each network client.

5. Integration with DNS

Active Directory using DNS makes it easy to translate readable host names, such as beijing.kangbo.com, into digital TCP/IP addresses. This allows you to use the computer and the user's name directly on the TCP/IP network for network connectivity.

DNS domains and computers use the "friendly" name of the hierarchy. For example, Lwh.kangbo.com is both a DNS and a Windows 2000 domain name. The domain name is based on the DNS hierarchical naming structure, which is an inverted directory tree structure: The first is a single root domain, and the following can be parent and child domains (branches and leaves). For example, a domain named WJ for Windows 2000 domain names such as wj.lwh.kangbo.com, which is a subdomain named LWH domain, and the LWH domain itself is a subdomain of the root domain kangbo.com.

Each computer in the domain is identified by its complete qualified domain name. For example, a fully qualified domain name for a computer located in the wj.lwh.kangbo.com domain should be computername.wj.lwh.kangbo.com.

Internal operations with other directory services.

Because the Active Directory is an industry-standard directory Access Protocol, it can and uses such as Lightweight Directory Access Protocol (LDAP) and name Service Provider Interface (NSPI) The other directory services of the Protocol implement internal operations.

LDAP is a directory Access protocol for querying and retrieving Active Directory information, and because it is an industry-standard directory service protocol, programs that use LDAP can share Active Directory information with other directory services, which also support LDAP.

The NSPI protocol is used for Microsoft Exchange Server and client computers, which are supported by the Active Directory to provide compatibility for Exchange directories.

7. Flexible Query

Users and administrators can use the search tool to quickly find objects on the network and set object properties, such as first name, last name, email address, office location, or other properties of the user account. You can also use the Active Directory-generated global catalog optimization to find information.