Hierarchical grouping of data:Objects can be stored inside other container objects. Instead of havinga single, large list of users, you can group users inside organizational units. An organizational unitcan contain other organizational units, so you can build a tree.
Multimaster replication:With Active Directory, every domain controller (DC) is a master.With multiple masters, updates can be applied to any DC. This model is much more scalable than asingle - master model because updates can be made to different servers concurrently. The disadvantageof this model is more complex replication.
Flexible replication topology:This supports replications across slow links in WANs. How often datashould be replicated is confi gurable by the domain administrators.
Open standards:Active Directory supports open standards. The Lightweight Directory AccessProtocol (LDAP) is an Internet standard that can be used to access many different directory services,including the data in Active Directory. With LDAP, a programming interface, LDAP API, is alsodefi ned. The LDAP API can be used to access Active Directory with the C language. Another standardused within Active Directory is Kerberos , which is used for authentication. The Windows ServerKerberos service can also be used to authenticate UNIX clients.
Active Directory Service Interface (ADSI):ADSI defi nes COM interfaces to access directoryservices. ADSI makes it possible to access all features of Active Directory. Classes from the namespaceSystem.DirectoryServices wrap ADSI COM objects to make directory services accessible from.NET applications.
Directory Service Markup Language (DSML):DSML is another standard to access directory services.It is a platform - independent approach and is supported by the OASIS group.
Fine - grained security:With Active Directory, fi ne - grained security is available. Every object storedin Active Directory can have an associated access control list that defi nes who can do what with thatobject.