Active Directory directory service is built into Windows Server 2003 R2, Standard Edition; Windows Server 2003 R2, Enterprise Edition; and Windows Server 2003 R2, Datacenter Edition. It stores information about objects on a network and makes this information easy for administrators and users to find and use. Active Directory uses a structured data store as the basis for a logical, hierarchical organization of directory information.
ADAM, an independent mode of Active Directory without infrastructure features, provides directory services for applications. Operating as a stand-alone data store or interacting with an Active Directory domain controller, ADAM's flexibility enables administrators to tailor their directory services infrastructure to varying degrees of local control/autonomy or shared services. ADAM provides a data store and services for accessing that data store, uses standard application programming interfaces (APIs) for accessing application data, and works with ADFS to provide a user store for extranet application authentication.
Active Directory Federation Services (ADFS) provides extranet authentication/authorization, single sign-on (SSO) and federated identity services for Windows Server environments. ADFS extends the value of Active Directory deployments to facilitate collaboration with partners, resulting in increased user productivity, greater IT efficiency, and better security. ADFS also extends the value of Windows Server identity services in internet-facing Web environments, enabling stronger authentication for extranet deployments, native delegated administration, and close integration with Microsoft technologies
Active Directory Migration Tool (ADMT) 2.0 allows password migration from Windows NT Server 4.0 to Windows 2000 and Windows Server 2003 R2 domains as well as from Windows 2000 to Windows Server 2003 R2 domains. A new scripting interface simplifies common migration tasks, such as migration of users, groups, and computers. ADMT supports Component Object Model (COM) interfaces and supports any language, including Visual Basic Scripting Edition, Visual Basic, and Visual C++. The scripting interface extends to provide command-line support. All scriptable tasks can be executed directly from a command line or through batch files.
In the Active Directory service, administrators can quickly create replica domain controllers for a preexisting domain from media. That is, instead of replicating a complete copy of an Active Directory database over a network, this feature allows an administrator to initiate replication from files created when backing up an existing domain controller or global catalog server. The backup files are generated by any Active Directory-aware backup utility and can be transported to the candidate domain controller using tape, CD, DVD, or by performing a file copy over a network.
The ADFS Proxy capability enables an ADFS federation server to perform authentication events in a perimeter network without being physically resident in that perimeter network, instead more heavily protected behind a firewall.
the ADFS Web Agents (one for Claims-Aware applications, and another for NT Token-based applications) provide access control services for web applications by intercepting user requests to a web server, forwarding those requests to the ADFS federation server, and subsequently consuming and applying the resulting security tokens from the ADFS federation server at the web application.
Cross-forest trust provides a new type of Windows trust for managing the security relationship between two Active Directory forests. This feature vastly simplifies cross-forest security administration and enables the trusting forest to enforce constraints that determine which security principal names it trusts other forests to authenticate.
Lightweight Directory Access Protocol (LDAP) support
Industry-standard Lightweight Directory Access Protocol (LDAP) is the primary access protocol for Active Directory. LDAP version 3 was defined by the Internet Engineering Task Force (IETF). Windows Server 2003 R2 adds support for the latest version of LDAP, which features the new IETF RFC updates that were standardized since the release of Windows 2000 Server.
Microsoft Identity Integration Server 2003 (MIIS) support
MIIS is a centralized service that stores and integrates identity information from multiple directories in an organization. The goal of a MIIS is to provide an organization with a unified view of all known identity information about users, applications, and network resources. MIIS solves important business issues that result from having information stored in multiple, disparate data repositories throughout an organization. It is available only for Windows Server 2003 R2, Enterprise Edition. For further information about MIIS please visit http://www.microsoft.com.
Password Synchronization helps integrate Windows and UNIX servers by simplifying the process of maintaining secure passwords. With Password Synchronization, users do not need to maintain separate passwords for their Windows and UNIX accounts or remember to change the password in multiple locations. Password Synchronization automatically changes a user password on both UNIX and Windows networks whenever the user changes his or her password.
Server for NIS helps integrate Windows and UNIX-based Network Information Service (NIS) servers by enabling an Active Directory domain controller to act as a master NIS server for one or more NIS domains. Identity Management for UNIX includes an easy-to-use wizard that a Windows domain administrator can use to export NIS domain maps to Active Directory entries.
;
imageSwap(Img1,"/windowsserver2003/images/collapse.gif","/windowsserver2003/images/expand.gif","Collapse","Expand")
){kind=link}
;
imageSwap(Img2,"/windowsserver2003/images/collapse.gif","/windowsserver2003/images/expand.gif","Collapse","Expand")
){kind=link}
;
imageSwap(Img3,"/windowsserver2003/images/collapse.gif","/windowsserver2003/images/expand.gif","Collapse","Expand")
){kind=link}
;
imageSwap(Img4,"/windowsserver2003/images/collapse.gif","/windowsserver2003/images/expand.gif","Collapse","Expand")
){kind=link}
;
imageSwap(Img5,"/windowsserver2003/images/collapse.gif","/windowsserver2003/images/expand.gif","Collapse","Expand")
){kind=link}
;
imageSwap(Img6,"/windowsserver2003/images/collapse.gif","/windowsserver2003/images/expand.gif","Collapse","Expand")
){kind=link}
;
imageSwap(Img7,"/windowsserver2003/images/collapse.gif","/windowsserver2003/images/expand.gif","Collapse","Expand")
){kind=link}
;
imageSwap(Img8,"/windowsserver2003/images/collapse.gif","/windowsserver2003/images/expand.gif","Collapse","Expand")
){kind=link}
;
imageSwap(Img9,"/windowsserver2003/images/collapse.gif","/windowsserver2003/images/expand.gif","Collapse","Expand")
){kind=link}
;
imageSwap(Img10,"/windowsserver2003/images/collapse.gif","/windowsserver2003/images/expand.gif","Collapse","Expand")
){kind=link}
;
imageSwap(Img11,"/windowsserver2003/images/collapse.gif","/windowsserver2003/images/expand.gif","Collapse","Expand")
){kind=link}
;
imageSwap(Img12,"/windowsserver2003/images/collapse.gif","/windowsserver2003/images/expand.gif","Collapse","Expand")
){kind=link}