Active Directory Features

Active Directory is a true network directory service and includes features and benefits not available in traditional directory services. Here is an overview of the major features of Active Directory:

• Hierarchy  The information contained within Active Directory can be arranged in hierarchies. For example, administrators can arrange network users to follow the same organizational hierarchy that the company uses. Active Directory uses constructs called domains, trees, and forests to represent different divisions of data, all within the same directory. I'll describe these constructs in more detail in Chapter 2.
• Scalability  Active Directory is based on a domain model. Each domain consists of one or more workstations and servers linked together. Special servers, known as domain controllers (DCs), hold local copies of directory data and make it available to clients. As an organization grows, and the data contained in the directory expands, more domains can be added to meet the needs of the enterprise. I'll touch on Active Directory's ability to scale in Chapter 2.
• Replication  The information contained in Active Directory is replicated to all the domain controllers within the organization. Each domain can have multiple DCs for fault tolerance and load balancing. In Chapter 2 I'll describe replication and the related issues that programmers should keep in mind.
• Interoperability  The use of LDAP as the directory access protocol ensures that a wide range of clients can use the information stored in the directory. The Active Directory Service Interfaces (ADSI) uses LDAP to get information to and from the directory. ADSI is based on the Component Object Model (COM) and allows scripting. In Chapter 3, I'll provide an overview of LDAP and ADSI programming. Throughout the book, the code samples will show you more specific examples.
• Security  Each object within Active Directory can be individually secured to control access. Directory objects can have multiple levels of security, allowing certain users the ability to update some information, but not all of it. Security in Active Directory is tightly integrated with the overall Windows 2000 security model, which uses the Kerberos v5 authentication protocol. I'll touch on security issues throughout the book when describing various programming techniques.
• Integration  Active Directory is woven into the very essence of Windows 2000. The server management tools depend on Active Directory, and end users will notice that all applications that employ common user interface elements based on the operating system contain references for accessing and using information from Active Directory. In Chapter 8, I'll discuss some of the user interface components provided in Active Directory that developers can use when creating applications.
• Extensibility  Active Directory provides dozens of object classes and hundreds of attributes. Each class, such as computer, user, or printer, represents a data object. The class also specifies which attributes are available to objects of that class. Developers can add their own object classes and even add new attributes to existing classes. I discuss extending Active Directory in Chapter 9.

Microsoft is clearly headed in the right directory, uh, direction with Active Directory. The extensibility, security, and integration features alone are enough to warrant a close examination of the possibilities for developers and network administrators. In the next chapter, I'll delve into the details of Active Directory.