Features for Active Directory

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Features for Active Directory

This topic contains a brief overview of the features of the Active Directory directory service in the Windows Server 2003 family. It is divided into three sections: New and updated features since Windows Server 2003 (without SP1), New and updated features since Windows NT 4.0, and New and updated features since Windows 2000.

For links to more information about the features in this release, see New Features. For more information about Active Directory, see Active Directory. For a more detailed list of new Active Directory features, see New features for Active Directory.

Active Directory is an enterprise-class directory service that is scalable, built from the ground up using Internet-standard technologies, and fully integrated at the operating-system level. Active Directory simplifies administration and makes it easier for users to find resources. Active Directory provides a wide range of features and capabilities.

Note

  • Computers running the Windows Server 2003, Web Edition operating system cannot function as domain controllers. For more information about Windows Server 2003, Web Edition, see Overview of Windows Server 2003, Web Edition.

New and updated features since Windows Server 2003 (without SP1)

Windows Server 2003 operating systems with Service Pack 1 (SP1) offer the following improvements (compared to Windows Server 2003 without SP1) that help provide increased levels of support for Active Directory:

  • Improved replication and DNS diagnostic testing capabilities
    Active Directory® has been updated to provide automatic directory service backup reminders, improved protection against replication errors, improvements to Install from Media (to facilitate adding new domain controllers that are DNS servers), improved DNS diagnostic testing capabilities, and access to a new platform for running domain controllers in virtual machines under Microsoft® Virtual Server 2005. For more information about these and other new Active Directory features and enhancements, see New features for Active Directory.

New and updated features since Windows NT 4.0

The Windows Server 2003 family offers the following improvements (in comparison to Windows NT 4.0) that help provide increased levels of support for Active Directory:

  • Simplified user and network-resource management
    Using Active Directory, you can build hierarchical information structures that make it easier for you to control administrative credentials and other security settings and that make it easier for your users to locate network resources, such as files and printers.
  • Flexible, secure authentication and authorization
    Flexible and secure authentication and authorization services provide protection for data while minimizing barriers to doing business over the Internet. Active Directory supports multiple authentication protocols, such as the Kerberos V5 protocol, Secure Sockets Layer (SSL) v3, and Transport Layer Security (TLS) using X.509 v3 certificates, and security groups that span domains efficiently.
  • Directory consolidation
    You can organize and simplify the management of users, computers, applications, and devices, and make it easier for users to find the information they need. You can take advantage of synchronization support through Lightweight Directory Access Protocol (LDAP)-based interfaces, and you can work with directory consolidation requirements specific to your applications.
  • Directory-enabled applications and infrastructure
    Active Directory features make it easier for you to configure and manage applications and other directory-enabled network components.
  • Scalability without complexity
    Active Directory scales to millions of objects per domain and uses indexing technology and advanced replication techniques to speed performance.
  • Use of Internet standards
    Active Directory provides access through LDAP and uses a Domain Name System (DNS)-based namespace.
  • A powerful development environment
    Active Directory provides a powerful development environment through Active Directory Service Interfaces (ADSI), which provides an object-oriented interface to Active Directory. ADSI makes it easy for programmers and administrators to create directory programs by using high-level tools such as Microsoft Visual Basic, Java, C, or Visual C++, without having to worry about the underlying differences between the different namespaces. For more information, see Programming interfaces.
  • Replication and trust monitoring
    Active Directory provides Windows Management Instrumentation (WMI) classes to monitor whether domain controllers are successfully replicating Active Directory information and whether trusts are functioning properly.
  • Message Queuing distribution lists
    Message Queuing (also known as MSMQ) enables you to send messages to distribution lists that are hosted in Active Directory.

New and updated features since Windows 2000

The Windows Server 2003 family offers several improvements (in comparison to Windows 2000) that help provide increased levels of support for and better management of Active Directory. For a list of the Active Directory features that are new in this release, see New features for Active Directory.