A directory service is a tool that connects directories across the network and acts like a big phone book for all users. Using general input (for example, "where are the printers?"), a user can receive a listing of printer resources. The directory services in Windows NT 4 provide important functions in the form of a single logon and a single point of administration and replication. Although these are critical, the Windows NT 4 directory services don't scale well enough. Active Directory is the next generation of Microsoft's directory services and offers great advances in scalability, extensibility, and security while providing a hierarchical view of the directory and multimaster replication.
Active Directory combines X.500 naming standards, the Internet's Domain Name System (DNS) as a locating device, and Lightweight Directory Access Protocol (LDAP) as the core protocol. Active Directory allows a single point of administration for all resources, including users, files, peripheral devices, host connections, databases, Web access, services, and network resources. It supports a hierarchical namespace for user, group, and machine account information and can encompass and manage other directories to reduce the administrative burdens and costs associated with maintaining multiple namespaces.
As you can see, there's a lot of good news about Active Directory—including that it paves the way for eliminating the concept of domains. The actual migration to Active Directory is not very difficult, but planning the design of your new directories can be vexatious. Design mistakes can harm the stability and efficiency of the network. Fortunately, you don't need to get rid of your existing domains to take advantage of Active Directory, and migration can be piecemeal. Servers can be upgraded from Windows NT 4 to Windows 2000 without the users being aware of any changes.
Chapters 2 and 3 explore the concepts behind Active Directory—including namespace design. Specific implementation is discussed in Chapters 11 and 12.