1. Technical Overview of Windows Server 2003 Active Directory Che-song Lee

2. New Features and Improvements Integration and productivityIntegration and productivity Performance and ScalabilityPerformance and Scalability Administration and configuration managementAdministration and configuration management Group Policy featuresGroup Policy features Security enhancementsSecurity enhancements

3. Integration and Productivity Making AD Easier to Use and ManageMaking AD Easier to Use and Manage –Edit multiple user objects –Save queries (XML) –Quickly select objects using the improved object picker component

4. Integration and Productivity (Additional) ACL List User Interface ChangesACL List User Interface Changes Extensibility EnhancementsExtensibility Enhancements User Objects from other LDAP DirectoriesUser Objects from other LDAP Directories Passport Integration (via IIS)Passport Integration (via IIS) Terminal Server Usage with ADSITerminal Server Usage with ADSI Replication and Trust Monitoring WMI ProvidersReplication and Trust Monitoring WMI Providers MSMQ Distribution ListsMSMQ Distribution Lists

5. Performance and Scalability Improving Performance for Branch OfficesImproving Performance for Branch Offices –no longer requiring access to the central GC –DC does cache the universal group membership of logging on users –Provides added reliability if a GC is unavailable

6. Performance and Scalability (Additional) Disabling Compression of Inter-Site Replication TrafficDisabling Compression of Inter-Site Replication Traffic Clustered Virtual Server SupportClustered Virtual Server Support Concurrent LDAP BindsConcurrent LDAP Binds Domain Controller Overload PreventionDomain Controller Overload Prevention Global Catalog Replication TuningGlobal Catalog Replication Tuning Group Membership Replication ImprovementsGroup Membership Replication Improvements LDAP Extended to Support Time to Live (TTL) for Dynamic EntriesLDAP Extended to Support Time to Live (TTL) for Dynamic Entries Support for 64-bit DeploymentSupport for 64-bit Deployment

7. Administration and Configuration Management New Setup WizardsNew Setup Wizards –Set up the first server on a network by automatically configuring DHCP, DNS, and Active Directory using basic default settings –Help users configure member servers on a network by pointing to the features they need to set up

8. Administration and Configuration Management (Additional) Automatic Creation of DNS ZoneAutomatic Creation of DNS Zone Improved Inter-Site Replication Topology GenerationImproved Inter-Site Replication Topology Generation DNS Configuration EnhancementsDNS Configuration Enhancements Install Replica from MediaInstall Replica from Media Migration Tool Enhancements (ADMT)Migration Tool Enhancements (ADMT) –Password migration –New scripting interface –Command-line support –Security translation improvements

9. Administration and Configuration Management (Additional) – Cont’d Application Directory PartitionsApplication Directory Partitions Integrated DNS Zones Stored in Application PartitionsIntegrated DNS Zones Stored in Application Partitions DirSync Control ImprovementsDirSync Control Improvements Functionality LevelsFunctionality Levels Deactivation of Schema Attributes and ClassesDeactivation of Schema Attributes and Classes Domain RenameDomain Rename Upgrading Forest and DomainsUpgrading Forest and Domains Replication and Trust MonitoringReplication and Trust Monitoring

10. Group Policy Features (GPMC) GPMC (Group Policy Management Console)GPMC (Group Policy Management Console) –GPMC is planned to be available as a separate component Single place for managing core aspects of Group PolicySingle place for managing core aspects of Group Policy “One-stop shopping location" for managing Group Policy“One-stop shopping location" for managing Group Policy

11. GPMC features A user interface (UI) that makes Group Policy much easier to use.A user interface (UI) that makes Group Policy much easier to use. Backup/restore of Group Policy objects (GPOs).Backup/restore of Group Policy objects (GPOs). Import/export and copy/paste of GPOs and Windows Management Instrumentation (WMI) filters.Import/export and copy/paste of GPOs and Windows Management Instrumentation (WMI) filters. Simplified management of Group Policy–related security.Simplified management of Group Policy–related security. HTML reporting for GPO settingsHTML reporting for GPO settings HTML reporting for Group Policy Results and Group Policy Modeling data (formerly known as Resultant Set of Policy).HTML reporting for Group Policy Results and Group Policy Modeling data (formerly known as Resultant Set of Policy). Scripting of GPO operations that are exposed within this tool—but not scripting of settings with a GPO.Scripting of GPO operations that are exposed within this tool—but not scripting of settings with a GPO.

12. GPMC Applicability Managing Windows 2000 and Windows Server 2003 DomainsManaging Windows 2000 and Windows Server 2003 Domains Administrative Computer must beAdministrative Computer must be –Windows Server 2003. –Windows XP Professional with Service Pack 1 (SP1), plus an additional post-SP1 hotfix, and the Microsoft.NET Framework. see Enterprise Management with the Group Policy Management Console (http://www.microsoft.com/windows.netserver/gpmc)see Enterprise Management with the Group Policy Management Console (http://www.microsoft.com/windows.netserver/gpmc)http://www.microsoft.com/windows.netserver/gpmc

13. Additional Group Policy Features and Improvements Redirecting Default User and Computer ContainersRedirecting Default User and Computer Containers Group Policy ResultsGroup Policy Results Group Policy ModelingGroup Policy Modeling New Policy SettingsNew Policy Settings Web View Administrative TemplatesWeb View Administrative Templates Manage DNS ClientManage DNS Client “My Documents” Folder Redirection“My Documents” Folder Redirection

14. Additional Group Policy Features and Improvements – Cont’d Full Install of User Assigned Applications at Logon TimeFull Install of User Assigned Applications at Logon Time NetlogonNetlogon Network and Dial-up ConnectionsNetwork and Dial-up Connections Distributed Eventing PoliciesDistributed Eventing Policies Disable Credential ManagerDisable Credential Manager Support URL for Software DeploymentSupport URL for Software Deployment WMI FilteringWMI Filtering Terminal ServerTerminal Server

15. Security Enhancement Forest TrustForest Trust –A new trust type that allows all domains in one forest to (transitively) trust all domains in another forest Trust ManagementTrust Management –Introduces Wizard Interface Trusted NamespacesTrusted Namespaces –Trusted namespaces are used to route authentication and authorization requests for security principals whose accounts are maintained in a trusted forest

16. Additional Security Features and Improvements Cross-Forest AuthenticationCross-Forest Authentication Cross Forest AuthorizationCross Forest Authorization Cross Certification EnhancementsCross Certification Enhancements IAS and Cross-Forest AuthenticationIAS and Cross-Forest Authentication Credential ManagerCredential Manager

17. Summary Active Directory toActive Directory to –Take advantage of existing investments and consolidation management of directories. –Extend administrative control and reduce redundant management tasks. –Simplify remote integration and use network resources more efficiently. –Provide a robust development and deployment environment for directory-enabled applications. –Reduce TCO and improve the leverage of IT resources.