Next generation Windows NT Directory Services also support the use of X.509 v3 Public Key Certificates for granting access to resources for subjects (for example, users) that do not have Kerberos credentials. This class of user is most often someone from outside an organization who needs access to resources within the organization. For example, an aerospace firm might hire subcontractors who would need access to specifications, plans, and so forth. Next generation Windows NT Directory Services allow X.509 v3 certificates issued by a trusted authority to be mapped onto Windows NT security groups. Thus, a non-Windows NT user with a certificate can be granted access to resources in the same way as a user with Kerberos credentials.
Drag-and-Drop Administration
Next generation Windows NT Directory Services provide intuitive and powerful administration tools. Objects can be hierarchically organized so that they can model large organizations. And the graphical user interface delivers one of the most requested administrative tools—a drag-and-drop control console. This console has a graphical user interface that provides an object-view of administration. For example, to do pruning and grafting, the administrator would grab the top of the merge-from tree and drag it over and drop it into the target domain. A dialog box asks the administrator to confirm the action. Of course, the administrator must have rights in the merge-from tree to merge it with another tree, and in the merge-to domain to bring new trees into it.
Scripting and OLE Automation
Anything that can be done through a UI should be able to be done programmatically or from a script. To allow an administrator to write command procedures, next Generation Windows NT Directory Services provide full support for OLE automation and scripting. This makes it possible to add, change, move, copy, and perform other administrative functions by scripted manipulation using Active Directory, and a scripting language such as Visual Basic, Java, or others.
Assuring Backwards Compatibility
A critical need for customers who have installed Windows NT Server 3.5x/4.x is backwards compatibility. Next generation Windows NT Directory Services have been designed from the start with backwards compatibility to earlier versions of Windows NT built-in. Next generation Windows NT Directory Services provide complete emulation of the Windows NT 3.5x and 4.0 directory services; administrative tools and applications written to the Win32® API will continue to work unmodified in next Generation Windows NT Directory Services environments.
A next generation Windows NT Domain Controller installed in a Windows NT 3.5x or 4.0 Domain looks and acts exactly like a Windows NT 4.0 Domain Controller. This means that an investment in existing Windows NT network infrastructure and applications is protected. Customers can deploy Windows NT Server 4.0 today with complete confidence that their investment in Windows NT Server 4.0 will support a smooth migration to next Generation
Windows NT Directory Services.