Active Directory is a "Directory Service" which can be optionally installed on Windows 2000 and Windows 2003 Servers. It maintains a database with information on the users and computers on your network. When a user logs into the the network, Active Directory checks the user's credentials (username and password), and then allows or denies the user access to the network. Similary, when a computer boots up, it must authenticate with Active Directory. If it doesn't or fails to provide the Active Directory service with valid credentials, it is denied access to certain network recources (e.g. File Shares, Printers, SQL Databases, etc.)
Although setting up an Active Directory infrastructure can be a daunting and initially time-consuming task, there are a number of benefits which give it a high return on investment (ROI).
Besides authenticating users and computers, Active Directory also stores a great deal of information about the users and computers in its database, enabling it to implement the following: