Active Directory is what implements the Domain functionality from Windows NT on
Windows 2000/Windows Server 2003 Domain Controllers.
The primary new pieces are LDAP (a data repository with a relatively simple
query structure) and Kerberos (an authentication protocol). These were chosen as
MS has been pushed over the years towards using more standards based interfaces.
There are a ton of changes that this allows in the area of stability,
scalability, extensibility, cross platform capability, and manageability while
still allowing most legacy functionality to work correctly. If you don't mind
forgoing some of the new functionality such as universal security groups and
same group scope nesting legacy functionality is identical.
A lot of folks like to talk about GPOs and file replication when talking about
AD. However that stuff isn't new, Microsoft has simply used AD to help further
the technologies so they have more far reaching and intrusive capabilities to
give you stronger capability to manage your environment. Note that GPOs are not
actually an AD technology, they use AD like Microsoft Exchange uses AD.
Microsoft has moved from WINS as the primary name resolution mechanism and have
focused instead on DNS. With AD you can set up a global DNS infrastructure that
consists of all primaries and has secure updates (i.e. updates require
authentication). However again, DNS is not an AD technology, it is just
substantially enhanced when used with AD and AD has strong dependencies on it.
Any list of what AD can do or what it can do for you would necessarily be
incomplete as the services can be used in all sorts of ways. Basically the
answer to the question, what can AD do for me has an answer of it depends.
