Active Directory

In Microsoft Windows 2000, a system for large-scale network management that views the network as a hierarchy of objects. Active Directory does the following:

• Provides a hierarchy for the management of all network objects, including users, servers, services, file shares, Web pages, printers, and so on.
• Divides administration and security into subdomains, domains, and trees of domains.
• Scales to 10 million users per domain.
• Implements MIT's Kerberos authentication system based on private key encryption and also supports public key encryption for authentication of clients and business partners.
• Emulates Windows NT 4.x directory services for backward compatibility.
• Uses DNS rather than WINS, and requires all user and host names to be in DNS form.
• Uses LDAP rather than a proprietary protocol so that non-Microsoft applications can query the name database.
• Interoperates with Novell NetWare Directory Services.

See also forest; Kerberos; Lightweight Directory Access Protocol; NetWare Directory Services; Microsoft Windows 2000; tree.