Active Directory is included in each of the Windows 2000 server products. It extends the features of previous Windows-based directory services, and is designed to work well in any size installation, from a single server with hundreds of objects to thousands of servers and millions of objects.
Active Directory provides a single, consistent, open set of interfaces for performing common administrative tasks, such as adding new users, managing printers, and locating resources throughout an enterprise.
Active Directory addresses the following business needs:
- Reduced TCO. Group Policy within Active Directory allows you to configure desktop environments and install applications from an administrative console. This reduces the time normally needed to visit each computer independently to configure settings and install applications.
- Simplified administration. Active Directory provides a single location to store information about users and resources. This simplifies administration and makes it easier for users to find resources throughout a network.
- Flexible administration. Active Directory increases administrative flexibility by allowing you to delegate the authority of users and computers to other users or groups, such as administrators. This allows you to specify the users who will have administrative authority over portions of your network.
- Scalability. In Windows NT 4.0, domains have a practical limit of 40,000 objects. Therefore, you must create many domains for a large organization. In Windows 2000 Server, an Active Directory domain can contain millions of objects.
- Standards-based protocol. Access to Active Directory is achieved through the Lightweight Directory Access Protocol (LDAP) protocol. Applications use LDAP rather than proprietary protocols to access and change information in Active Directory.