The Windows Server 2003 Directory Service
Active Directory
is the directory service included in the Windows Server 2003 family. Active Directory includes the directory, which stores information about network resources, as well as all the services that make the information available and useful. Active Directory is also the directory service included in Windows 2000.

1-6 Chapter 1 Introduction to Active Directory
Active Directory Services Features
Active Directory in the Windows Server 2003 family is a significant enhancement over the flat domain model provided in Windows NT. Active Directory is integrated within the Windows Server 2003 family and offers the following features:
■ Centralized data store All data in Active Directory resides in a single, distributed data repository, allowing users easy access to the information from any location. A single distributed data store requires less administration and duplication and improves the availability and organization of data.
■ Scalability Active Directory enables you to scale the directory to meet business and network requirements through the configuration of domains and trees and the placement of domain controllers. Active Directory allows millions of objects per domain and uses indexing technology and advanced replication techniques to speed performance.
■ Extensibility The structure of the Active Directory database (the schema) can be expanded to allow customized types of information.
■ Manageability In contrast to the flat domain model used in Windows NT, Active Directory is based on hierarchical organizational structures. These organizational structures make it easier for you to control administrative privileges and other security settings, and to make it easier for your users to locate network resources such as files and printers.
■ Integration with the Domain Name System (DNS) Active Directory uses DNS, an Internet standard service that translates easily readable host names to numeric Internet Protocol (IP) addresses. Although separate and implemented differently for different purposes, Active Directory and DNS have the same hierarchical structure. Active Directory clients use DNS to locate domain controllers. When using the Windows Server 2003 DNS service, primary DNS zones can be stored in Active Directory, enabling replication to other Active Directory domain controllers.
■ Client configuration management Active Directory provides new technologies for managing client configuration issues, such as user mobility and hard disk failures, with a minimum of administration and user downtime.
■ Policy-based administration In Active Directory, policies are used to define the permitted actions and settings for users and computers across a given site, domain, or organizational unit. Policy-based management simplifies tasks such as operating system updates, application installation, user profiles, and desktop-system lock down.
■ Replication of information Active Directory provides multimaster replication technology to ensure information availability, fault tolerance, load balancing, and other performance benefits. Multimaster replication enables you to update the
Lesson 1 Active Directory Overview 1-7
directory at any domain controller and replicates directory changes to any other domain controller. Because multiple domain controllers are employed, replication continues, even if any single domain controller stops working.
■ Flexible, secure authentication and authorization Active Directory authentication and authorization services provide protection for data while minimizing barriers to doing business over the Internet. Active Directory supports multiple authentication protocols, such as the Kerberos version 5 protocol, Secure Sockets Layer (SSL) version 3, and Transport Layer Security (TLS) using X.509 version 3 certificates. In addition, Active Directory provides security groups that span domains.
■ Security integration Active Directory is integrated with Windows Server 2003 security. Access control can be defined for each object in the directory and on each property of each object. Security policies can be applied locally, or to a specified site, domain, or organizational unit.
■ Directory-enabled applications and infrastructure Features within Active Directory make it easier for you to configure and manage applications and other directory-enabled network components. In addition, Active Directory provides a powerful development environment through Active Directory Service Interfaces (ADSI).
■ Interoperability with other directory services Active Directory is based on standard directory access protocols, including Lightweight Directory Access Protocol (LDAP) version 3, and the Name Service Provider Interface (NSPI), and can interoperate with other directory services employing these protocols. Because the LDAP directory access protocol is an industry-standard directory service protocol, programs can be developed using LDAP to share Active Directory information with other directory services that also support LDAP. The NSPI protocol, which is used by Microsoft Exchange Server 4 and 5.x clients, is supported by Active Directory to provide compatibility with the Exchange directory.
■ Signed and encrypted LDAP traffic By default, Active Directory tools in Windows Server 2003 sign and encrypt all LDAP traffic by default. Signing LDAP traffic guarantees that the packaged data comes from a known source and that it has not been tampered with.