Section 4.2: Active Directory Support for Client Computers

Windows 2000, Windows XP and Windows Server 2003 computers can take full advantage of all the features provided by Active Directory. However, you must enable client extensions for computers running Windows 95, Windows 98, and Windows NT 4.0 Workstation to take advantage of some of these features.

Note: The Active Directory Client Extensions for Windows 95 and Windows 98 are can be located on the Windows 2000 Server installation disk while the Active Directory Client Extensions for Windows NT 4.0 Workstation must be downloaded from the Microsoft Web site.

Active Directory features that are supported by the Active Directory Client Extensions include:

• Site Awareness which allows users to log on to domain controllers on the same site and thereby reduces bandwidth usage across wide area network (WAN) links.

• Active Directory Services Interface (ADSI), which enables scripting to Active Directory and other directory services.

• Distributed File System (DFS) Fault Tolerance Client, which enables access to the fault-tolerant file shares that are specified in Active Directory.

• Active Directory Windows Address Book Property Pages, which enable users who have the required permissions to change properties on user objects.

• NTLM Version 2 Authentication, which is an improvement on the NTLM authentication feature of Windows NT 4.0.

The Active Directory Client Extensions does not support:

• Kerberos Authentication Protocol, which is the default authentication protocol for communication between Windows Server 2003 computers.

• Group Policy Support, which allows you to configure security permissions that apply to the domain or a computer rather than to users.

• Layer Two Tunneling Protocol (L2TP) over Internet Protocol security (IPSec), which is a set of

protocols used to secure transmissions on a Virtual Private Network.

• Service Principal Name (SPN) or mutual authentication