About Active Directory Domain Services

Writing Powerful Applications that Use Active Directory Domain Services

This guide provides essential information for integrating Active Directory Domain Services in distributed applications designed for operating systems that support Active Directory Domain Services, including:

• Windows 2000 Server, Windows 2000 Advanced Server, and Windows 2000 Datacenter Server.
• Windows Server 2003, Standard Edition, Windows Server 2003, Enterprise Edition, and Windows Server 2003, Datacenter Edition.
• Windows Server 2008, Windows Server 2008 Enterprise, and Windows Server 2008 Datacenter.

Fundamental Directory Features

A directory service is a fundamental service for distributed applications. A directory service must provide the features listed in the following table.

Feature	Description
Location transparency	Able to find user, group, networked service, or resource, data without the object address
Object data	Able to store user, group, organization, and service data in a hierarchical tree
Rich query	Able to locate an object by querying for object properties
High availability	Able to locate a replica of the directory at a location that is efficient for read/write operations

 

Advanced Features of Active Directory Domain Services

Active Directory Domain Services provides the features listed in the following table.

Feature	Description
Support for Internet standards	Active Directory Domain Services implements its features in accordance with published Internet standards such as LDAP and DNS.
Tightly integrated and flexible security	Advantages include: Choice of authentication packages. Kerberos, Secure Sockets Layer (SSL), or a combination; for example, establish an SSL channel for encryption and then use Kerberos for authentication. Central management of service and resource access by using the users and groups in Active Directory Domain Services. Delegation of administration so that central administrators can delegate administrative tasks such as password changing or specific object creation and deletion. The Active Directory server uses the same access control mechanisms used on file systems in the Windows NT Server 3.51 and later operating systems, Windows 2000 Server operating systems, and Windows Server 2003 operating systems. Thus, the same tools that manage access control on a file system work for Active Directory Domain Services. Comprehensive Public Key infrastructure. The Microsoft Certificate Server and Smart Card support are integrated with Active Directory Domain Services to provide Smart Card logon and Certificate management.
Easily programmable	The Active Directory server can be programmatically accessed and administered using the Active Directory Service Interfaces API, Lightweight Directory Access Protocol API, or the System.DirectoryServices namespace.
Directory enabled system services	Your client application can be easily deployed to distributed desktops by creating a Windows Installer package and using the application deployment feature available in the Windows 2000 Server, Windows Server 2003, and Windows Server 2008 operating systems.
Key application integration	Key distributed applications, such as Exchange, are integrated with Active Directory Domain Services. Thus, companies can reduce the number of directory services to be managed.
Rich and extensible schema	The schema defines what objects and properties can be written and read from a directory service. The Active Directory Schema is rich. Most of the objects and properties a service requires are available. If not, a distributed application can extend the schema to support the application requirements.

 

For more information about Active Directory Domain Services, see:

• Core Concepts of Active Directory Domain Services
• Active Directory Architecture
• Active Directory Schema

 

 

Send comments about this topic to Microsoft

Build date: 10/26/2012