1, the security of information greatly enhanced
The security of the information after the installation of the Active Directory is fully integrated with the Active Directory, and user authorization management and Directory access control are integrated into the Active Directory (including user access and logon rights), which are key security measures for the Win2K operating system. The Active Directory centrally controls user authorization, and directory entry control is not only defined on objects in each directory, but can also be defined on each attribute of each object, which is not possible in any previous system, including Winnt 4.0. In addition, the Active Directory provides security policies for storage and application scopes that provide the storage and application of security policies. Security policies can contain account information, such as domain-wide password restrictions or access to specific domain resources. So you can say so from a certain program. Win2K Security is the security of the Active Directory, so how to configure the security of objects and attributes in the Active Directory is the key of a network management configuration of Win2K system.
2, the introduction of policy-based management, so that the management of the system more clear
The Active Directory service consists of a directory object data store and a logical hierarchy (a hierarchy of directories, directory trees, domains, domain trees, domain forests, etc.) as a directory that stores policies assigned to specific environments, called Group Policy objects. As a logical structure, it provides a layered environment for policy applications. A Group Policy object represents a set of business rules that includes settings related to the environment to be applied, and Group Policy is the configuration settings that are used when a user or computer initializes. All Group Policy settings are included in the Group Policy object (GPOs) that is applied to the Active Directory, domain, or organizational unit. The GPOs setting determines the access to directory objects and domain resources, what domain resources can be used by users, and how these domain resources are used. For example, a Group Policy object can determine what applications the user sees on their computers when they log on, how many users can connect to the server when it starts on the servers, and what files or services they can access when the user moves to a different department or group. Group Policy objects allow you to manage a small number of policies rather than large numbers of users and computers. The Active Directory allows you to apply Group Policy settings to the appropriate environment, whether it is your entire organization or a specific department in your organization.
3, has the very strong scalability
Win2K's Active Directory is highly scalable, and administrators can add new object classes to the plan or add new attributes to existing object classes. The schedule includes the definition of each object class and the properties of the object class that can be stored in the directory. For example, in E-commerce you can add a shopping authorization attribute to each user object, and then store each user's purchase permission as part of the user account.
4, has the very strong scalability
The Active Directory can be contained in one or more domains, each with one or more domain controllers, so that you can resize the directory to meet the needs of any network. Multiple domains can be composed of domain trees, and multiple domain trees can be composed of trees, the Active Directory will expand with the expansion of the field, well adapted to the changes in the Unit network. The directory distributes its schema and configuration information to all domain controllers in the directory, stored in the domain's first domain controller, and replicated to any other domain controller in the domain. When the directory is configured as a single domain, adding a domain controller changes the size of the directory without affecting the administrative overhead of other domains. Adding a domain to a directory allows you to classify directories for different policy environments and resize the directory to accommodate a large number of resources and objects.
5. Intelligent Information Reproduction Ability
Information replication provides information availability, fault tolerance, load balancing, and performance benefits for the directory, which uses multiple host replication, allowing you to synchronize updates to the directory on any domain controller rather than on a single primary domain controller. Multi-host mode has the advantage of greater fault tolerance because the use of multiple domain controllers allows replication to continue even if any individual domain controller stops working. Because of multiple host replication, they will update a single copy of the directory, and after the directory information is created or modified on the domain controller, the newly created or changed information is sent to all other domain controllers in the domain, so its directory information is current. Domain controllers require the latest directory information, but to be efficient, their own updates must be limited to new or changed directory information to avoid synchronization during peak periods of the network and affect network speed. The indiscriminate exchange of directory information between domain controllers can quickly overwhelm any network. Directory information that replicates only changes can be achieved through the Active Directory without a significant increase in the load on the domain controllers.
6, with DNS integrated tightly
The Active Directory uses Domain Name System (DNS) to name the server directory, and DNS is an Internet standard service that converts more easily understood host names, such as Mike.Mycompany.com, to digital IP addresses, and facilitates mutual identification and communication between computers in a TCP/IP network. DNS's domain name is based on the DNS hierarchical naming structure, an inverted tree structure, a single root domain under which it can be parent and child domains (branches and leaves). On this point I will be in a special chapter in detail, here is only a brief introduction.
7. Interoperability with other directory services
Because the Active Directory is a standards-based Directory Access protocol, many application interfaces (APIs) allow developers to access these protocols, such as Active Directory Service Interface (ADSI), the Lightweight Directory Access Protocol (LDAP) third edition, and the Name Service Provider Interface (NSPI). It can therefore interoperate with other directory services that use these protocols. LDAP is a directory Access protocol used to query and retrieve information in the Active Directory. Because it is an industrial standard service agreement, you can use the LDAP development program to share Active Directory information with other directory services that support LDAP at the same time. The Active Directory supports the NSPI protocol used by the Microsoft Exchange 4.0 and 5.x clients to provide compatibility with the Exchange directory.
8, has the flexible inquiry
Any user can use the Search command on the Start menu, Network Places, or Active Directory Users and Computers to quickly find objects on the network through object properties. If you can find users by first name, last name, e-mail name, office location, or other properties of the user account, and vice versa.