Probably Microsoft's most ambitious part of the Windows 2000 Server project. Active Directory is suppose to finally beat the last advantage Novell had over NT - Novell's Directory Services. AD resolves the names of objects on a network to their actual locations, using the Lightweight
Directory Access Protocol (LDAP). Instead of your directory structure being flat (as it is in NT4.0), the new directory structure is hierarchical and looks like an inverted tree. The new Active Directory can store millions of objects, making it possible for large corporation to track
all the resources available on the network. Users, Workstations, and Servers can all be managed via a single consistent interface. Using a "Global Catalog", you can search all of the objects, from all domains, by searching for
its attributes. Click
here for more information.
Active Directory Services Interface (ADSI)
A single, consistent, interface used to manage the resources within a directory service. This makes things easier for developers who create directory-enabled applications, and supports ActiveX, COM, LDAP, MAPI, and Java (JADSI) Click here for more
Distributed File System (Dfs)
Allows Administrators to map a single drive letter that may really represent multiple locations on a network, spanning different folders on several different servers, and have the whole process appear transparent to the user. Click here for more information.
This has long been a feature of Novell that is finally part of NT. Disk quotas allow administrators to allocate a specific amount of space on a disk to a user or groups of users. There are also 2 settings. A quota threshold will create an alert in the event log, but allow the user to
continue until they hit the actual quota limit, which will keep them from adding additional files.
Encrypted File System (EFS)
Data on drives can now be encrypted to keep sensitive information locked down using a combination of DES and public key encryption through the new Crypto API. You can encrypt files or folders on an NTFS drive via a single check box. Click here for more information.
Group Policy Objects
Windows 2000 will allow more granular permissions to be set to user groups, workstations, or just about any object on the network. Click here for more information.
Windows 2000 will ship with IIS 5.0. Its new features are too much to list here, but suffice to say it's a huge improvement over IIS 4.0 Click here for more information.
This is an interesting evolution to the idea of roaming profiles in NT 4.0. IntelliMirror is suppose to solve the problem of clients who are unable to connect to their servers, or clients who cannot access their normal workstations by mirroring both resources. The clients files which reside
on the server are also synchronized and stored locally on the client's workstation (Client-Side caching). Files that reside on a clients workstation, are also copied to a server. If the network is down, the client should still be able to work with their normal files, which will be re-synched
when the server is available again. If the users workstation crashed, they should be able to sit down at a fresh PC, login, and their applications and files will automatically be restored from the network. Anyone who has worked in a large environment can probably instantly think of about 100
things that can go wrong with this scenario. Don't worry. Windows 2000 allows you to turn off these functions, or just choose the components that make the most sense for your organization. Click here for more information.
Finally, Microsoft is replacing LanManager for authentication. Kerberos assigns an encrypted key to users when they login, so they don't have to authenticate again every time they need to access a resource. This should make Windows 2000 networks more secure, and reduce WAN traffic.
Since Kerberos is an Internet standard and not a proprietary Microsoft products, other clients who support Kerberos (Unix) should be able to authenticate as well.
Allows administrative changes to be made on any domain controller in the domain, which will then replicate the changes to other designated domain controllers. This not only improves the availability of the directory, but is suppose to improve replication bandwidth efficiency across WAN
links. Click here for more information.
Remote Installation Service
A big step up from NT 4.0's automated installation scripts, Windows 2000 can handle Workstation installations automatically via IntelliMirror. With very little configuration, you should be able to set up a Workstation without any OS on it, log into the network via a boot disk (or without a
floppy if they have a pre boot execution boot ROM called PXE), and IntelliMirror and your DHCP servers handle the rest.
Smart Card Support
Windows 2000 supports logon via SmartCards (encoded/encrypted cards that are swiped through a 3rd party reader, instead of the user remembering a password.)
Windows NT Terminal Server is now available as a service in Windows 2000 Server, allowing thin clients to attach to any Server configured to run the service. Click here for more information.
Transitive Domain Trusts
This should greatly simplify domain management. Trusts in NT are now transitive by default, so you don't have to make/break/reinitialize and map out complicated domain trust relationships anymore.
One of the failed promises of NTFS was that it would eliminate or minimize defragmentation. Microsoft has finally admitted that defragmentation is a problem and integrated a "light" version of Diskkeeper into Windows 2000. Click here for more information.
Enterprise Memory Architecture (EMA)
Large application and Database servers hog memory, and memory allocation can cause bottlenecks. On Windows 2000 Server, EMA allows up to 32 GB of memory to be addressed by servers (NT 4.0 supports only 4 GB) with 64-bit (Alpha and Intel Pentium II Xeon) processors. Unfortunately,
applications must also be written to take advantage the VLM (Very Large Memory) API's
Intelligent I/O Architecture is a new development that allows for a second dedicated processor that is optimized for input/output operations, which reduces the load on the system CPU and improves I/O performance.
Multiple applications running on a single server can step on each other, and start hogging CPU. Throttling limits how much CPU time an out of process application can consume.
Although applications have to be specifically written to taken advantage of it, this boosts application performance by moving discontiguous (scattered) space in RAM and "gathering" it to a contiguous space on the hard drive.
Service Pack Releases
Microsoft has promised to improve the method in which service packs are released. Not only are service packs going to be released regularly, they are designed to be bug fixes only. OS improvements will be made available separately. Click here for more
Spin Count regulates how many times a process will attempt to access a resource before waiting. This should improve performance on multiprocessor systems when several programs attempt to access the same resource at the same time.
Advanced Power Management
A big boost for laptop users, who have wanted to run NT but had to use add on Power Management components. The
OnNow/ACPI initiative has been built directly into the Windows Driver Model, so now they're native to Windows 2000.
If you've ever used Partition Magic, you'll know exactly what this is. Dynamic Volumes allow you to resize drive volumes (even mirrored volumes) on the fly, without rebooting. And unlike partitions, you can have more than 4 per hard drive.
Gone are all the reboots required every time you add or remove a service. Microsoft has removed more than 30 reboots from Windows NT, leaving the count at 5.
Microsoft Management Console (MMC)
Finally a unified interface for all of the Administrative functions in NT. The MMC combines all of the Control Panel, Administrative, and configuration tools in a single place with an Explorer look and feel to it. It also supports "snap-ins" so third party utilities can utilize the
same interface. Click here for more information.
Plug and Play
A big step in Microsoft's Zero Administration effort, Windows 2000 supports plug and play. In our tests, we found it worked even better than Windows 98.
Windows Driver Model (WDM)
There are several improvements here. First, Windows 98 and Windows 2000 systems will use the same drivers so vendors don't have to write and test 2 separate drivers. Second, the new WDM supports Kernel streaming. If an application is written to support it, processing of multimedia
applications has been moved from the application to kernel mode, which is much faster. A third improvement, Still Image Architecture, supports scanners and digital cameras at the Operating System Level. This provides tighter integration for these devices, and frees up the hardware
manufacturers from having to write additional software to perform this function.
This is a standard created by the Unicode consortium (http://www.unicode.org) that created a new standard (similar to ANSI) that states what bytes will correspond to what characters. This allows a single character set to be
used for all languages. (Currently Unicode supports almost 40,000 characters.) Integrating this into the Operating System will help Windows 2000 to become a more global product.