Benefits of Windows domain accounts the advantages of a domain controller introduction _win server

In particular, when I first entered the company, I was studying how TFS, SharePoint, SQL Server is configured and managed, and the usefulness of domain accounts. I have a great shock, sometimes ideological subversion, I really was his admiration. If you don't have a domain account these jobs really don't know how much to bother. Discover what I feel and use for a while:

A domain account can log on to any computer that is already joined to a domain.
By adding a domain user group to a SQL Server login, all people in the domain user group can use the domain user to log on to the database and inherit the relevant permissions.
Domain users log on to the team Foundation Server, SharePoint, and so on can be automatically identified without entering a username password.
Domain user password is placed on the server, you can set permissions policy, not easy to be cracked, more secure than on the local.
AD, you can find all the departments, positions, mobile phones, extension, and so on.
You can set up mailboxes for domain users and domain user groups, and send mail to groups to all people in the group.

Again and again the result is: I want to study what other benefits he has! As a then, the following articles were found (simple modification and beautification):

Advantages of domain controllers

I. The concentration of authority management and the decrease of management cost

domain environment, all network resources, including users, are maintained on domain controllers to facilitate centralized management. As long as all users login to the domain, in the domain can be authenticated, managers can better manage computer resources, management network costs greatly reduced.
Preventing company employees from installing software at the client side can enhance client security, reduce client failures, and reduce maintenance costs.
Through domain management can effectively distribute and assign software, patches, etc., to achieve the installation within the network, to ensure the consistency of software within the network.
With the ISA, you can determine the Internet according to the user. Otherwise it can only be based on IP.

second, security can be strengthened, more clear authority

In favor of the management of some confidential information of the enterprise, for example, a disk allows a person to read and write, but the other person can not read and write, which file only let which person to see, or let some people can see, but can not delete/change/move etc.
Can be sealed off the client's USB port, to prevent the company confidential information leakage.
Security is fully integrated with Active Directory (Active Directory). Access control can be defined not only on each object in the directory, but also on the properties of each object. Active Directory (Active Directory) provides the storage and application scope for security policies. Security policies can contain account information, such as domain-wide password restrictions or access to specific domain resources, and the issuance and execution of security policies through Group Policy settings.

Iii. account roaming and Folder Redirection

Personal account of the working files and data can be stored on the server, a unified backup, management, the user's data more secure and secure. When a client fails, simply use a different client to install the appropriate software to log on with the user account, and the user will find that his or her file is still in the "original location" (for example, my document) and not lost so that it can be repaired faster.
Shadow copy technology allows users to retrieve previous versions of files or mistakenly deleted files (32 saved versions). When the server is offline (failure or otherwise), the Offline folders technology automatically lets users continue to work with a locally cached version of the file, synchronizing with the files on the server when logging off or logging on to the system, ensuring that the user's work is not interrupted.

four, user-friendly use of a variety of shared resources

The administrator can assign login scripts to map the distributed File system root directory and manage it uniformly. The user can log on and use the resources on the network like a local letter, and the user needs to remember a pair of username/password without having to enter the password again.
All kinds of resources access, read, modify permissions can be set, different accounts can have different access rights. Even if the resource location changes, the user does not need any action, only the administrator to modify the link point and set the relevant permissions, users will not even realize that the resource location changes, not as before, you must remember which resources on which server.

v. SMS Systems Management Services (System Management Server)

By being able to distribute applications, system patches, and so on, users can choose to install, or the system administrator can assign automatic installation. and centralized management of system patches (such as Windows Updates) without the need for each client server to download the same patch, which saves a lot of network bandwidth.

Six, flexible query mechanism

Users and administrators can use the Search command on the Start menu, Network Places, or Active Directory users and computers to quickly find objects on the network through object properties. For example, you can find users by first name, last name, e-mail name, office location, or other properties of the user account. Optimizes lookup information by using a global catalog.

Vii. Extended Performance is better

Win2K's Active Directory is highly scalable, and administrators can add new object classes to the plan or add new attributes to existing object classes. The schedule includes the definition of each object class and the properties of the object class that can be stored in the directory.

viii. Easy integration in MS software

such as Isa, Exchange, Team Foundation server, SharePoint, SQL Server, and so on.