About Active Directory

ILOM supports Active Directory, the distributed directory service included with Microsoft Windows Server 2003 and Microsoft Windows 2000 Server operating systems. Like an LDAP directory service implementation, Active Directory is used to authenticate user credentials. Using Active Directory, network administrators also can securely add, modify, and delete policies and software across an organization. In addition, Active Directory uses a centralized directory service database system, called a directory store, which enables administrators to locate information about users, devices, and resources on the network.

Active Directory provides both authentication of user credentials and authorization of user access levels to networked resources. Active Directory uses authentication to verify the identity of a user, a device, or other entity in a computer system, before that entity can access system resources. Active Directory uses authorization to grant specific access privileges to a user in order to control a user’s rights to access networked resources. User access levels are configured or learned from the server based on the user’s group membership in a network domain, which is a group of hosts identified by a specific Internet name. A user can belong to more than one domain. Active Directory authenticates users in the order in which the user’s domains were configured.

Active Directory is typically used for one of three purposes:

Active Directory can be used to authenticate user credentials. Access levels can be configured or learned from the server based on group membership. More than one user “domain” can be used, and the configured domains will be tried in the order in which they are configured.