Advantages of Windows domain accounts and Domain Controllers

Since entering the new company, I have been using domain accounts, although at first I have been very reluctant to use the XP system and domain accounts. However, after a period of Running-in and adding domain users to the local administrator. I feel that domain accounts are getting better and better to use. Especially when I first started my company, my first task was to study how to configure and manage TFS, SharePoint, and SQL Server, the use of domain accounts once and again shocked me a lot. Sometimes it was an ideological disruption and I was really impressed by him. If you do not have a domain account, you do not know how much it will take. After using it for a while, I found that my domain account can log on to any computer that has been added to the domain. Add the domain user group to SQL Server logon. All users in the domain user group can use the domain user to log on to the database and inherit the relevant permissions. Domain users log on to Team Foundation Server, SharePoint, and so on without entering the user name and password, which can be automatically identified. The domain user password is stored on the server. You can set the Permission Policy in a centralized manner, which is not easy to crack and is safer than locally. AD, you can find the Department, position, mobile phone number, extension, and so on. You can set email addresses for Domain Users and domain user groups, and send emails to all users in the group. The shocking result of www.2cto.com is: I want to study the advantages of it! As a result, I found the following article (simple modification and beautification): Advantages of Domain Controller 1. Centralized permission management and reduced management costs domain environment, all network resources, including users, they are all maintained on the domain controller to facilitate centralized management. All users only need to log on to the domain to perform authentication within the domain. administrators can better manage computer resources and greatly reduce the cost of network management. Prevent employees from installing software on the client at will, enhance client security, reduce client faults, and reduce maintenance costs. Through domain management, you can effectively distribute and assign software and patches, and install software in the network together to ensure the uniformity of software in the network. With ISA, you can determine whether or not you can access the Internet. Otherwise, only IP addresses are allowed. 2. Enhanced security performance and clear permissions are conducive to the management of confidential data of enterprises. For example, a disk allows one person to read and write data, but another person cannot read or write data; which file can be viewed by only one person, or some people, but cannot be deleted, modified, or moved. You can disable the USB port of the client to prevent leakage of confidential company information. Security is fully integrated with Active Directory. You can not only define access control on each object in the directory, but also on the attributes of each object. The Active Directory provides the storage and application scope of security policies. Security policies can contain account information, such as password restrictions within a domain or access to resources in a specific domain. Security Policies can be set to issue and execute security policies through group policies. Www.2cto.com 3. Account roaming and Folder Redirection work files and data of personal accounts can be stored on servers for unified backup and management. User data is more secure and secure. When the client fails, you only need to use other clients to install the corresponding software and log on with the user account. You will find that your files are still in the "original location" (for example, my documents ), no loss, so that the fault can be repaired more quickly. The Shadow Copy technology allows you to retrieve previous versions of a file or delete files by mistake (only 32 versions have been saved ). When the server is offline (in fault or other cases), the "offline folder" technology will automatically allow users to continue working using the local Cache version of the file, when logging out of the system or logging on to the system, the system synchronizes the files on the server to ensure that the user's work is not interrupted. 4. To facilitate users to use various shared resources, the administrator can assign logon scripts to map the root directory of the Distributed File System for unified management. After a user logs on, the user can use resources on the network like a local drive letter without entering the password again. The user only needs to remember a pair of user names/passwords. You can set the access, read, and modify permissions for various resources. Different accounts can have different access permissions. Even if the resource location changes, the user does not need to perform any operations. The Administrator only needs to modify the link and set the relevant permissions. the user does not even realize that the resource location is changed, you must remember which resources are on which server. 5. By distributing applications and System patches, you can choose to install the SMS System Management Server or assign automatic installation by the System administrator. It can also centrally manage system patches (such as Windows Updates) without the need to download the same patches for each client server, thus saving a lot of network bandwidth. Www.2cto.com 6. flexible query mechanism users and administrators can use the "Start" menu, "Network neighbors", or "Search" command on "Active Directory users and computers, quickly search for objects on the network using object properties. For example, you can search for a user by name, last name, email name, office location, or other attributes of the user account. Optimize search information by using global catalogs. VII. good scalability the WIN2K Active Directory has strong scalability. The administrator can add new object classes in the plan or add new attributes to the existing object classes. The plan includes the definition of each object class that can be stored in the Directory and the attributes of the object class. 8. Easy integration of MS software such as ISA, Exchange, Team Foundation Server, SharePoint, SQL Server, etc. This article is from the guest Network Customer Alliance