In the following
paragraphs we will discuss some features of Microsoft’s Windows Server 2003
Windows Server 2003.
With the
Windows-Server-2003 domain functional level, you do get some new features. The
first feature is the ability to rename the domain controller. Previously you
would have had to remove Active Directory from the domain controller, rename
the domain controller, and then get the server return to the domain controller.
With the Windows-Server-2003 domain functional level, you don’t have to demote
the domain controller to a server in order to rename it.
The second feature
adds new attributes to Active Directory.
One new attribute is last login time stamp. This is a useful feature
that allows you to determine when a particular user logged on to server’s
domain. Using this feature, you can run a query on your domain, helping you to
find any users that have not logged on for a long time and thus clean out some
inactive users.
Every object in Active
Directory has attributes and Open ADSI can be edited from the admin tools. This
tool allows you to view and edit attributes in Active Directory.
If you open the
users’ folder and then open the properties of the administrator account, this
will show all the attributes that are assigned to the administrator account. If
you go down to Last Logon Time Stamp, you will see the date and time the
administrator last logged on. This is only one of the attributes each user has.
You can see how Active Directory can be extended to embrace novel attributes.
Windows-Server-2003
domain functional level also includes support for an additional attribute
called user password. This is added to an object called INetOrgPerson. The
INetOrgPerson object is a storage object for a user from a non Active Directory
system. If you use another directory service, you may want to migrate to Active
Directory or use both systems together. The problem with using another active
directory service is the user password.
This domain
functional level adds support to store a password from a 3rd party directory
service inside the INetOrgPerson object. This essentially means that you can
import a user and their data from another directory service into Active
Directory via the INetOrgPerson object. Since this now contains a user password
attribute, Active Directory can use the password in the INetOrgPerson object to
log the user on to the domain. Previously the user would have needed to have
their password reset or they would have needed to use two passwords, one for Active
Directory and one for the other system. With the new user password attribute,
linking other directory systems with Active Directory is a lot easier.
The next feature
added is selected authentication. This feature allows you to specify the users
and groups from a trusted forest who are allowed to access resources. This
allows you to put more controls on access when you work with multiple forests.
Another feature
that Windows-Server-2003 domain functional level adds is support to store
authorization manager polices. Authorization manager is a flexible framework
for integrating access controls into applications. With this domain functional
level, you can now store authorization manager polices in the Active Directory
database.
Other remaining
features will be discussed in Windows Server 2003 (Part 2) Windows Server 2003
(Part 2).
No comments:
Post a Comment