Directory Services

About Active Directory

Writing Powerful Applications that Use Active Directory

This guide provides essential information for integrating Active Directory in distributed applications designed for operating systems that support Active Directory, including:

Windows 2000 Server, Windows 2000 Advanced Server, and Windows 2000 Datacenter Server.
Windows Server 2003, Standard Edition, Windows Server 2003, Enterprise Edition, and Windows Server 2003, Datacenter Edition.

Fundamental Directory Features

A directory service is a fundamental service for distributed applications. A directory service must provide the following features.

Feature	Description
Location transparency	The ability to find user, group, networked service, or resource, data without knowing the object address
Object data	The ability to store user, group, organization, and service data in a hierarchical tree
Rich query	The ability to locate an object by querying for object properties
High availability	The ability to locate a replica of the directory at a location that is efficient for read/write operations

Advanced Features of Active Directory

Active Directory provides the following features.

Feature	Description
Support for Internet standards	Active Directory global namespace roots in the domain name system (DNS), and then uses LDAP to access objects within the directory service data store.
Tightly integrated and flexible security	Advantages include: Choice of authentication packages. Kerberos, Secure Sockets Layer (SSL), or a combination; for example, establish an SSL channel for encryption and then use Kerberos for authentication. Central management of service and resource access by using Active Directory users and groups. Delegation of administration so that central administrators can delegate administrative tasks such as password changing or specific object creation and deletion. Active Directory uses the same access control mechanisms used on file systems in the Windows NT Server 3.51 and later operating systems, Windows 2000 Server family operating systems, and the Windows Server 2003 family operating systems. Thus, the same tools that manage access control on a file system work for Active Directory. Comprehensive Public Key infrastructure. The Microsoft Certificate Server and Smart Card support are integrated with Active Directory to provide Smart Card logon and Certificate management.
Easily programmable	Active Directory can be programmatically accessed and administered using the Active Directory Service Interfaces API, Lightweight Directory Access Protocol API, or the System.DirectoryServices namespace.
Directory enabled system services	Your client application can be easily deployed to distributed desktops by creating a Windows Installer package and using the application deployment feature available in operating systems in the Windows 2000 Server family or in the Windows Server 2003 family operating systems.
Key application integration	Key distributed applications, such as Exchange, are integrated with Active Directory. Thus, companies can reduce the number of directory services to be managed.
Rich and extensible schema	The schema defines what objects and properties can be written and read from a directory service. The Active Directory schema is rich. Most of the objects and properties a service requires are available. If not, a distributed application can extend the schema to support the application requirements.

For more information about Active Directory, see: