Active Directory is Microsoft’s trademarked directory service, an integral part of the Windows 2000 architecture. Like other directory services, such as Novell Directory Services (NDS), Active Directory is a centralized and standardized system that automates network management of user data, security, and distributed resources, and enables interoperation with other directories. Active Directory is designed especially for distributed networking environments.
A better representation of the network Centralization sums up my primary reason for implementing Active Directory. The Active Directory structure makes it possible for you to achieve truly centralized management of users, regardless of how big your client’s network has become. If you’ve worked with Windows NT before, you know that in Windows NT a domain is a completely independent entity. While it’s possible to create a trust relationship between domains that exist on a common network, the domains are never truly integrated with each other because there is no higher authority that manages the domains.
Active Directory uses domains, but rather than each domain remaining independent, you can place multiple domains in an AD “forest.” This brings the entire network under the control of a single domain that oversees the others. AD allows an administrator of a forest to administer multiple domains, reducing cost and complexity while providing greater security. This also can help to reduce the number of domain controller servers in the organization.
Active Directory’ forest architecture allows communication between domains and facilitates centralized user management. The users in one domain are known to the forest domain controller, improving the flexibility of user credential management. This allows much more flexibility for employees who must travel from site to site, each with its own domain. An employee in Domain A that travels to Domain B can just log in with his normal credentials and gain access to his network resources.
The Active Directory structure includes support for organizational units (OU) that represent business units within the organization. AD allows an administrator to delegate some amount of authority for administering organization units. For example, an AD administrator can delegate the authority to reset passwords to the administrative assistant in the Sales department OU. This relieves the network administrator and the help desk of spending time on routine tasks.
AD provides Rights Management Services to protect files and other resources from unauthorized access. Administrators grant file access and control rights for authorized users and unauthorized users are prevented from accessing those files. This is an essential feature for organizations that require higher levels of security