NT Domains to Active Directory - Time to Upgrade? - Page 3

By Hallett German | Posted Jun 23, 2003
Page 3 of 4   |  Back to Page 1
Print ArticleEmail Article
  • Share on Facebook
  • Share on Twitter
  • Share on LinkedIn

"Active Directory Lite"

Active Directory in Application Mode (ADAM) is a new capability of Active Directory in Windows 2003 that addresses certain deployment scenarios related to directory-enabled applications. Popularly nicknamed "Active Directory Lite," ADAM supports a number of useful features for the smaller shop that does not have the expertise to create a full AD schema for their company. Think of it as the "un-directory" because it does not have to use domains or run as an operating system service.

Having the ability to create a standalone directory can be very useful. You can build an Active Directory "development sandbox" where applications can be tested before production deployment. It also gives you a safe place to test and enable unique schema extensions. This feature allows local control as needed, even allowing construction of an extranet with no connection to the internal Active Directory network. Since application partitions can also replicate to any domain in a forest, this allows support for application dynamic data transfer between domains within the forest, including:

  • Deactivation of selected object classes and attributes in the schema. Use this feature to save disk space and speed up some operations.

  • Ability to rename domains while maintaining forest integrity. This has been a major problem in NT Domains. Note that this does not apply to the root domain, however.

  • Support for Inter-Forest Transitive Trusts. Both one- and two-way trusts are supported.

  • Cross-Forest Authorization that allows groups of users to access objects across forests. This feature can be invaluable for department relocations and reorganizations.

Why Active Directory?

Now that you know something about the differences between Active Directory and NT Domains, why should your company even bother with an AD implementation? It seems overly complex and difficult to administer, so what advantages does AD offer over NT Domains or NDS? Active Directory has many significant enhancements and advantages that will reduce the overall administration headache once it is deployed, including:

  • Because millions of objects can be stored in a directory, Active Directory provides a scalable solution that can meet future growth requirements.

  • Compared to the more primitive NT domains, AD provides a more stable directory infrastructure, and far fewer servers are needed to manage it.

  • It has new features that allow improved desktop configuration control.

  • Users can administer Windows 2000 and other Microsoft applications from a single point, which can translate into a significant reduction of IT overhead headaches.

  • Active Directory supports both centralized and decentralized administration models, an important difference from NT Domain.

  • AD provides improved access and identity management with extremely granular rights administration.

  • AD provides extensive customization tools through the ADSI programming interface and MMS.

Page 4: Active Directory Tips

Comment and Contribute
(Maximum characters: 1200). You have
characters left.
Get the Latest Scoop with Enterprise Networking Planet Newsletter