The Impact of Active Directory

Previous page
Table of content
Next page
[Previous] [Next]

Active Directory is both a database about resources on a network—such as computers, users, and printers—and a directory service that makes the information in the database available to users and applications. Active Directory provides enterprise-level directory service features such as an extensible information source, naming conventions for directory objects, a common set of policies, and tools for administering the service from a single point of access. Secure, distributed, partitioned, and replicated, it is designed to work well in any size installation, from a single server with a few hundred objects to thousands of servers and millions of objects. Active Directory has many features that make it easy to manage large amounts of information, reducing management overhead for administrators and making the service easier to use for end users.

By default, a machine running Windows 2000 Server does not have Active Directory installed. To install it, you must run the Active Directory Installation wizard, either by using the Dcpromo.exe tool at the command line or like so:

  1. Click Start.

  2. Select Programs, Administrative Tools, and then Configure Your Server.

  3. Select Active Directory, and click Start to start the wizard.

Once Active Directory is installed, a world of security possibilities opens up, as described in Table 3-1.

Table 3-1. Some of the advantages of Active Directory.

Feature Benefits
Kerberos V5 authentication Single sign-on to multiple Windows 2000-based servers and other operating systems running the MIT Kerberos V5 authentication protocol. (Kerberos V5 is a fast, secure authentication protocol.)
Account delegation Kerberos authentication allows Windows 2000 to delegate user's account information from one machine to another. This capability was not available in previous versions of Windows, including Microsoft Windows NT.
Extensive public key support Windows 2000 supports certificates and other public key technologies, but it is much more scalable and flexible when Active Directory is used because certificates can be associated automatically with the user accounts and machine accounts in the directory.
Smartcard logon Windows 2000 can use smartcards as an authentication mechanism when used in conjunction with Active Directory.
Easier administration Group Policy can be used to define default settings that will be automatically applied to users and computers. These settings can determine security options and control what software can be installed on particular computers and what software is available to particular groups of users.

In addition, an entire domain can be managed from a small number of tools.
Scalability Active Directory is designed to hold millions of objects, such as users, computers, and printers, stored across thousands of machines.


Previous page
Table of content
Next page
Designing Secure Web-Based Applications for Microsoft Windows 2000 with CDROM
Designing Secure Web-Based Applications for Microsoft Windows 2000 with CDROM
ISBN: N/A
EAN: N/A
Year: 1999
Pages: 138
BUY ON AMAZON
ADO.NET 3.5 Cookbook (Cookbooks (OReilly))
The .NET Developers Guide to Directory Services Programming
Lotus Notes and Domino 6 Development (2nd Edition)
SQL Hacks
Pocket Guide to the National Electrical Code(R), 2005 Edition (8th Edition)
The Oracle Hackers Handbook: Hacking and Defending Oracle
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy