|
Microsoft Active Directory is the integrated,
distributed directory service that is included with Microsoft
Windows Server 2003 and Microsoft Windows 2000 Server.
Integrated with Active Directory are many of the applications
and services that previously required a separate, distinct
directory and userid/password to be managed for each application
or service. In Windows NT 4.0, for example, a directory was
required for the domain itself, a separate directory for
Exchange mailboxes and distribution lists, and separate
directories for remote access, database, and other applications.
In some cases, separate passwords were required for each
application.
With Active Directory, the administrator of the organization can
add a user to Active Directory and through that single entry
enable remote access to the network, enable the same user
account for Exchange messaging, that same user for database
access for accounting, client relationship management, or other
applications. Not only is it possible to use Active Directory as
a multi-purpose directory in this fashion but by doing so a
company enables single sign-on for its users. Once a user logs
in to Windows their Active Directory credential is the key that
will automatically unlock all of the applications or services
that they have been enabled for, including 3rd party
applications that utilize Windows integrated authentication.
By creating a link between user accounts, mailbox accounts, and
applications, Active Directory simplifies the task of adding,
modifying, and deleting user accounts. When an employee gets
married and changes their name, a single change in Active
Directory can change the user information for all applications
and services. When a user changes their password in Active
Directory, they do not have to remember different passwords for
their other applications. When a group of users is created such
as the “sales group,” users can e-mail the group to send a
message to all users, administrators can allow security access
to resources based on the group name, and users can look-up
members of a group by expanding the group information. This is
just one example of how Active Directory simplified many
administrative tasks and processes that, in the past, involved
disparate applications, servers, and services |