AD Replaces SAM Essay -- essays research papers

Windows 2000 Active Directory replaced Windows NT 4.0 Security Account Manager Database, providing not only increased functionality and scalability, but also enhanced security through more-granular levels of permissions, sophisticated encryption, and two-way, resilient authentication protocol (with Kerberos). With the Windows 2003 platform, Microsoft takes full advantage of these features by allowing more flexibility in the way Active Directory information is partitioned and replicated. Starting with Windows 2000, Active Directory has been divided into three "logical" partitions (physically residing in the NTDS.DIT file on each domain controller) -- domain, configuration, and schema. The domain partitions store information specific to each domain (accessible primarily via Active Directory users and computers) and shared among all domain controllers in the same domain (partially replicated to all Global Catalogs in the forest). The configuration partition contains forest-wide information (accessible primarily via Active Directory sites and services) and is shared among all domain controllers in the forest. The schema partition consists of definitions of all objects and their properties that can exist in the other two partitions; it is also shared forest-wide. This mechanism for partitioning Active Directory data has been extended in Windows 2003 domains by the introduction of the application partition. Several features differentiate it from its three older cou... AD Replaces SAM Essay -- essays research papers Windows 2000 Active Directory replaced Windows NT 4.0 Security Account Manager Database, providing not only increased functionality and scalability, but also enhanced security through more-granular levels of permissions, sophisticated encryption, and two-way, resilient authentication protocol (with Kerberos). With the Windows 2003 platform, Microsoft takes full advantage of these features by allowing more flexibility in the way Active Directory information is partitioned and replicated. Starting with Windows 2000, Active Directory has been divided into three "logical" partitions (physically residing in the NTDS.DIT file on each domain controller) -- domain, configuration, and schema. The domain partitions store information specific to each domain (accessible primarily via Active Directory users and computers) and shared among all domain controllers in the same domain (partially replicated to all Global Catalogs in the forest). The configuration partition contains forest-wide information (accessible primarily via Active Directory sites and services) and is shared among all domain controllers in the forest. The schema partition consists of definitions of all objects and their properties that can exist in the other two partitions; it is also shared forest-wide. This mechanism for partitioning Active Directory data has been extended in Windows 2003 domains by the introduction of the application partition. Several features differentiate it from its three older cou...