- Active Directory uses domains, but rather than each domain remaining independent, you can place multiple domains in an AD "forest." This brings the entire network under the control of a single domain that oversees the others. AD allows an administrator of a forest to administer multiple domains, reducing cost and complexity while providing greater security. This also can help to reduce the number of domain controller servers in the organization.
- Active Directory' forest architecture allows communication between domains and facilitates centralized user management. The users in one domain are known to the forest domain controller, improving the flexibility of user credential management. This allows much more flexibility for employees who must travel from site to site, each with its own domain. An employee in Domain A that travels to Domain B can just log in with his normal credentials and gain access to his network resources.
- The Active Directory structure includes support for organizational units (OU) that represent business units within the organization. AD allows an administrator to delegate some amount of authority for administering organization units. For example, an AD administrator can delegate the authority to reset passwords to the administrative assistant in the Sales department OU. This relieves the network administrator and the help desk of spending time on routine tasks.
- AD provides Rights Management Services to protect files and other resources from unauthorized access. Administrators grant file access and control rights for authorized users and unauthorized users are prevented from accessing those files. This is an essential feature for organizations that require higher levels of security.
previous post