The Windows 2000 directory service that stores information about all objects on the computer network and makes this information easy for administrators and users to find and apply. With the Active Directory, users can access resources anywhere on the network with a single logon. Similarly, administrators have a single point of administration for all objects on the network, which can be viewed in a hierarchical structure.
Active Directory is an essential and inseparable part of the Windows 2000 network architecture that improves on the domain architecture of the Windows NT® 4.0 operating system to provide a directory service designed for distributed networking environments. Active Directory lets organizations efficiently share and manage information about network resources and users. In addition, Active Directory acts as the central authority for network security, letting the operating system readily verify a user's identity and control his or her access to network resources. Equally important, Active Directory acts as an integration point for bringing systems together and consolidating management tasks.

Combined, these capabilities let organizations apply standardized business rules to distributed applications and network resources, without requiring administrators to maintain a variety of specialized directories.

Active Directory provides a single point of management for Windows-based user accounts, clients, servers, and applications. It also helps organizations integrate systems not using Windows with Windows-based applications, and Windows-compatible devices, thus consolidating directories and easing management of the entire network operating system. Companies can also use Active Directory to extend systems securely to the Internet. Active Directory thus increases the value of an organization's existing network investments and lowers the overall costs of computing by making the Windows network operating system more manageable, secure, and interoperable.
 

How Does Active Directory Work?
Active Directory lets organizations store information in a hierarchical, object-oriented fashion, and provides multi-master replication to support distributed network environments.

Hierarchical Organization

Active Directory uses objects to represent network resources such as users, groups, machines, devices, and applications. It uses containers to represent organizations, such as the marketing department, or collections of related objects, such as printers. It organizes information in a tree structure made up of these objects and containers, similar to the way the Windows operating system uses folders and files to organize information on a computer.

In addition, Active Directory manages the relationships among objects and containers to provide a single, centralized, comprehensive view. This makes resources easier to find, manage, and use in a highly distributed network. The Active Directory hierarchy is flexible and configurable, so organizations can organize resources in a way that optimizes their usability and manageability.

In Figure 1 above, containers are used to represent collections of users, machines, devices, and applications. Containers can be nested (created one-inside-the-other) to reflect accurately the company's organizational structure. In this case, marketing and personnel organization containers represent those respective departments, and their relationship to one another, within the company. Grouping objects in the directory lets administrators manage objects on a macro-level (as collections) rather than one-by-one. This increases management efficiency and accuracy while letting organizations align network management with their business processes.