1. 1 Active Directory Service in Windows 2000 Li Yang SID: 105164 November 2000

2. 2 What is a Directory Service? It is the central authority that manages the identities and brokers the relationships between the distributed resources, enabling them to work together.

3. 3 The role of the Directory Service  A place to store information about network- based entities.  A consistent way to name, describe, locate, access, manage, and secure information about these individual resources.

4. 4 Why Have a Directory Service?  local area networks (LANs) and wide area networks (WANs) grow larger and more complex.  networks are connected to the Internet.  applications require more from the network and are linked to other systems through corporate intranets.

5. 5 What Is Active Directory? Active Directory is an essential and inseparable part of the Windows 2000 network architecture that improves on the domain architecture of the Windows NT® 4.0 operating system to provide a directory service designed for distributed networking environments.

6. 6 What Is Active Directory? Active Directory is the first enterprise-class directory service that is scalable, built from the ground up using Internet-standard technologies, and fully integrated with the operating system.

7. 7 The roles of the Active Directory  Share and manage information about network resources and users.  Bring systems together and consolidate management tasks.  The central authority for network security.

8. 8 Why Have an Active Directory?  Because the directory services are targeted narrowly to the needs of the application or device and often lack standards-based interfaces.  For example:

9. 9 Why Have an Active Directory?  For the end users: must use multiple user accounts and passwords to log in to different systems.  For the administrators: must understand how to manage each directory within the network.  For the application developers: must write different logic for every directory that their applications need to access.

10. 10 Active directory Architecture  Hierarchical Organization  Object-oriented Storage  Multi-Master Replication

11. 11 Hierarchical Organization  It uses objects to represent network resources.  It uses containers to represent organizations.  It organizes information in a tree structure made up of these objects and containers.

12. 12 Hierarchical Organization

13. 13 Object-oriented Storage  These objects can be assigned attributes.  Administrators can assign access privileges.

14. 14 Object-oriented Storage

15. 15 Multi-Master Replication  Organizations create multiple copies of the directory and place them throughout the network.  User can locate resources using the local directory service rather than by traversing the WAN.

16. 16 Active Directory Features  Simplifies management  Strengthens security  Extends interoperability

17. 17 Simplifies management  Administrators have a single point of management for user accounts, clients, servers, and applications  Administrators can delegate specific administrative privileges and tasks to individual users and groups to make better use of system administration resources.  Organizations can automatically distribute software to users based on their role.

18. 18 Strengthens security  It supports a number of authentication mechanisms used to prove identity upon logon to Windows 2000.  It supports a fully integrated public key infrastructure and Internet secure protocols to let organizations securely extend selected directory information beyond their firewall to extranet users and e-commerce customers.

19. 19 Extends interoperability  Expose all of the Windows 2000 directory features through standards-based interfaces.  It provides a development platform for directory-enabled applications.

20. 20 Active Directory Benefits  Integration with DNS: It lets processes running on computers in TCP/IP networks identify and connect to one another.  Flexible querying: Users and Computers can quickly find an object on the network using object properties.

21. 21 Active Directory Benefits  Extensibility: Administrators can add new classes of objects to the schema and can add new attributes to existing classes of objects.  Policy-based administration: All Group Policy settings are contained in Group Policy Objects (GPOs) applied to Active Directory sites, domains, or organizational units.

22. 22 Conclusion Active Directory services within Windows 2000 provide a focal point for managing and securing Windows user accounts, clients, servers, and applications.