Product Information

Windows Server 2003 R2 Helps Simplify Identity and Access Management

Published: July 25, 2005 | Updated: February 3, 2006

Windows Server 2003 R2 offers functionality that extends connectivity and control of identity management for internal and external collaboration. Experience the difference yourself by downloading the Windows Server 2003 R2 trial software.

*
**
Related Links
Windows Server 2003 R2
Windows Server 2003 R2 Product Information
Windows Server 2003 R2 UNIX Interoperability Components
Windows Server 2003 Active Directory Application Mode
**
On This Page
IntroductionIntroduction
Windows Server 2003 R2 Identity and Access Management Features Windows Server 2003 R2 Identity and Access Management Features
Additional Resources Additional Resources

Introduction

IT administrators today face exponential growth in service requests involving identity and access management. Organizations need to both manage how users access applications on a variety of application platforms and to extend their IT infrastructure to provide partners, suppliers, customers, and remote employees access to an increasing number of applications.

At the same time, IT organizations are expected to positively impact their business by improving customer loyalty and retention, reducing operational costs, and responding quickly and efficiently to change.

Managing many applications on multiple platforms for a growing number of internal and external users presents the following administrative and security challenges:

1.

Providing business partners access to applications and collaboration tools without sacrificing security to the applications or to the internal network.

2.

Limiting the number of passwords users need to get secure access to applications. Having too many passwords often leads users to employ poor security practices, such as writing passwords on sticky notes.

3.

Managing the administrative burden of keeping duplicate user data in multiple application directories, while not overloading a centralized directory with application-specific data.

4.

Leveraging existing administrative tools across a larger set of application environments.

Top of pageTop of page

Windows Server 2003 R2 Identity and Access Management Features

Windows Server 2003 R2 offers functionality that extends connectivity and control of identity management for internal and external collaboration. The following Windows Server 2003 R2 features deliver distinct advantages for identity and access management:

1.

Active Directory Federation Services (ADFS): ADFS provides Web-based extranet authentication/authorization, single sign-on (SSO), and federated identity services for Windows Server environments, which increases the value of existing Active Directory deployments to B2C extranet, intra-company (multi-forest) federation, and B2B internet federation scenarios.

Extranet authentication and SSO services extend the strong authentication and distributed session capabilities Windows has for internal networks to internet-facing perimeter networks. Identity federation makes it possible for two organizations to share a user's Active Directory identity information securely over federation trusts, facilitating collaboration with partners and delegating user management.

2.

Active Directory Application Mode (ADAM): ADAM, an independent mode of Active Directory without infrastructure features, provides directory services for applications. Operating as a stand-alone data store or interacting with an Active Directory domain controller, ADAM's flexibility enables administrators to tailor their directory services infrastructure to varying degrees of local control/autonomy or shared services. ADAM provides a data store and services for accessing that data store, uses standard application programming interfaces (APIs) for accessing application data, and works with ADFS to provide a user store for extranet application authentication.

3.

UNIX Identity Management: Windows Server 2003 R2 provides Windows and UNIX integration, which helps to establish uninterrupted user access and efficient management of network resources across operating systems, through the following updated identity management solutions:

Server for NIS helps integrate Windows and UNIX-based Network Information Service (NIS) servers by enabling an Active Directory domain controller to act as a master NIS server for one or more NIS domains. Identity Management for UNIX includes an easy-to-use wizard that a Windows domain administrator can use to export NIS domain maps to Active Directory entries.

Password Synchronization helps integrate Windows and UNIX servers by simplifying the process of maintaining secure passwords. With Password Synchronization, users do not need to maintain separate passwords for their Windows and UNIX accounts or remember to change the password in multiple locations. Password Synchronization automatically changes a user password on both UNIX and Windows networks whenever the user changes his or her password.

Top of pageTop of page

Additional Resources

Overview of ADFS in Windows Server 2003 R2
Learn how the ADFS solution in Windows Server 2003 R2 helps administrators address challenges by enabling organizations to more securely share a user's identity information.

The .NET Show: ADFS and Authorization Manager
Watch David McPherson and Don Schmidt describe how using Authorization Manager in your solutions today helps you prepare for ADFS, which will help you support identity and access management capabilities in the future.

Identity and Access Management Demo
See how identity federation in ADFS enables single sign-on to web applications hosted by business partners.

Webcast: Web Single Sign-On and Identity Federation with Active Directory Federation Services (level 200)
Attend this session to get an overview of Windows Server 2003 R2 Active Directory Federation Services, which enables single sign-on to extranet Web sites and identity federation.


Top of pageTop of page