Active Directory (AD) is an implementation of LDAP directory services by
Microsoft for use primarily in Windows environments. Its main purpose is
to provide central authentication and authorization services for
Windows-based computers. Active Directory also allows administrators to
assign policies, deploy software, and apply critical updates to an
organization. Active Directory stores information and settings in a
central database. Active Directory networks can vary from a small
installation with a few hundred objects, to a large installation with
millions of objects.
Read More >>
Active Direcory management programs can be written using two methods.
i. Using the WinNT provider
ii. Using the LDAP provider
The WinNT provider is the older one and it is designed for Windows NT domains.
LDAP is the latest and can manage Windows Domains equal to or higher than Windows
2000. The following is a brief comparison between WinNT and LDAP.
| WinNT |
LDAP |
| Dessigned for Windows NT domains |
Designed for Windows 2000 and higher |
| Exposes fewer attributes |
Exposes all attributes |
| Slower and less efficient |
Faster and Efficient |
| Supports flat name space |
Supports hierarchichal name space |
| Cannot recognoze Organizational Units |
Can recognize OUs |
| Does not support nested global and universal security groups |
Supports all kinds of nested groups |
| WinNT can be used to access LDAP active directory |
LDAP cannot be used to access WinNT SAM database |
| Can manage local accounts on computers/servers |
Cannot be used to manage local accounts on computers/servers |
