Integration and Productivity

As the principal means to manage enterprise identities, objects, and relationships, the interfaces in Active Directory (both programmatic and user interfaces) have been improved to increase administration efficiency and integration capabilities.

Managing Active Directory

Active Directory contains many enhancements that make it easier to use, such as improvements to Microsoft Management Console (MMC) snap-ins and the object picker component. MMC plug-ins will be able to facilitate management of multiple objects. For example, administrators can do the following tasks :

• Edit multiple user objects.

  Select and edit multiple object properties at once.

• Save queries.

  Save queries against the Active Directory service for future use. Results are exportable in XML.

• Quickly select objects using the improved object picker component.

  The component has been redesigned and enhanced to improve workflow, increase efficiency in finding objects in a large directory, and provide a more flexible query capability. It is used by numerous user interfaces and is available for use by third-party developers.

More Productivity Features

Additional productivity features of Active Directory include the following:

• ACL user interface changes.

  The ACL user interface has been enhanced to improve usability as well as improve inherited versus specific object permissions.

• Extensibility enhancements.

  An administrator who has an independent software vendor (ISV) or OEM device that uses Active Directory has enhanced management capabilities and can add any class of object to be a member of a group .

• User objects from other Lightweight Directory Access Protocol (LDAP) directories.

  User objects defined in LDAP directories that use the inetOrgPerson class as defined in RFC 2798 (such as those developed by Novell and Netscape) can be defined using the Active Directory User Interfaces. The user interface that works with Active Directory user objects will work with inetOrgPerson objects. Now any application or customer that needs to use the inetOrgPerson class can do so easily.

• Passport integration (via IIS).

  Passport authentication is now available for Internet Information Services (IIS) 6.0 and enables Active Directory user objects to be mapped to their corresponding Passport identification (if it exists). A token is created by the Local Security Authority (LSA) for the user and is set by IIS 6.0 for the HTTP request. Internet users who have a corresponding Passport identification can now use their Passport to access resources as if they were using their Active Directory credentials.

• Terminal Server usage with ADSI.

  Terminal Server user-specific properties can be scripted using the Active Directory Services Interface (ADSI). User properties can be scripted with ADSI in addition to being set manually through the directory, a benefit that makes it easy to implement bulk or programmatic changes through ADSI.

• Replication-monitoring and trust-monitoring WMI providers.

  Windows Management Instrumentation (WMI) classes can monitor whether domain controllers are successfully replicating Active Directory information among themselves . Because many Windows 2000 components , such as Active Directory replication, rely on interdomain trust, this feature also provides a method to verify that trusts are functioning correctly. Administrators or operations staff can be easily alerted to replication problems through WMI now.

• MSMQ distribution lists.

  Message Queuing (MSMQ) adds support for sending messages to distribution lists that are hosted in Active Directory. MSMQ users can easily manage distribution lists from within Active Directory.