Active Directory
Active Directory, the directory service that is included with Windows 2000, stores network object information and implements the services that make this information available and usable to users. Active Directory presents this information through a standardized, logical structure that helps you establish the organization of domains and domain resources in a useful way. It is the foundation of Windows 2000 distributed networks.
How your organization defines sites, domains, organizational units , and the users and computers that are located in all of these areas in Active Directory is going to affect the resources available on each user's desktop. An organizational unit (OU) is an Active Directory container object used within domains. OUs are logical containers into which you can place users, groups, computers, and other organizational units; you can control what appears on the desktop. Organizational units can contain objects only from its parent domain.
.gif "note-icon")
Note
An organizational unit is the smallest scope to which you can apply a Group Policy or delegate authority.
Active Directory Users and Computers is a Microsoft Management Console (MMC) snap-in that enables you to find, add, modify, delete, and organize Windows 2000 user accounts, computer accounts, security and distribution groups, and published resources in your organization's directory.
Computers configured as domain controllers are the only computers that the Active Directory Users and Computers console can view. However, the Active Directory Users and Computers snap-in can run on any Windows 2000 Computer. To administer Active Directory components from a computer that is not a domain controller, you can use the optional Administration Tools package to install the Active Directory Users and Computers snap-in.
Table 21.1 lists areas for managing user, computer, and group network access and the administrative tools in Active Directory where this takes place. It also provides you a reference to the management tools in Microsoft® Windows NT® Server version 4.0 where these tasks are performed.
Table 21.1 Active Directory Administrative Tools and Tools Used in Windows NT Server 4.0 for Managing Network Access
Task |
Windows NT Server 4.0 Tool |
Windows 2000 Tool |
|---|---|---|
Manage user accounts |
User Manager |
Active Directory Users and Computers |
Manage groups |
User Manager |
Active Directory Users and Computers |
Manage computer accounts |
Server Manager |
Active Directory Users and Computers |
Add a computer to a domain |
Server Manager |
Active Directory Users and Computers |
Create or manage trust relationships |
User Manager |
Active Directory Domains and Trusts |
Manage account policy (such as password criteria) |
User Manager |
Active Directory Users and Computers |
Manage user rights (access rights) |
User Manager |
Active Directory Users and Computers |
For more information about Active Directory, see "Active Directory Logical Structure" in this book.