The first questions you may ask when hunkering down to study Active Directory is, “What is it?” and “Why have it?” This section answers the second question. The remainder of the chapter answers the first.
Account administration in a classic NT network is hampered by many limitations. The most important of these limitations are the following:
Restricted SAM size
Multiple logon IDs
Single point of failure at the primary domain controller
Poor operational performance
Poor replication performance
Lack of management granularity
The fact that security databases differ between servers and domain controllers
Nontransitive trust relationships
I'm going to discuss each of these limitations to show exactly how they hinder classic ...