Finding directory information

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Finding directory information

Active Directory is designed to provide information to queries about directory objects from both users and programs. Administrators and users can easily search for and find information in the directory by using the Search command on the Start menu. Client programs can access information in Active Directory by using Active Directory Service Interfaces (ADSI).

One of the principal benefits of Active Directory is its rich store of information about network objects. Information published in Active Directory about users, computers, files, and printers is available to network users. This availability is controlled by security permissions to view information. For information about publishing information in the directory, see Publishing resources.

Everyday tasks on a network involve communication with other users and connection to published resources. These tasks require finding names and addresses to send mail or connect to shared resources. In this respect, Active Directory functions as a shared address book for the enterprise. For example, you can find a user by first name, last name, e-mail name, office location, or other properties of that person's user account. Finding information is optimized by use of the global catalog. For more information, see The role of the global catalog.

Restricting directory information access

In some cases, such as for security or privacy reasons, you may want to restrict access to certain directory information. Access control permissions provide you with detailed control over the visibility of information stored in Active Directory. Using permissions, you can ensure that only users who need particular directory information have access to it. For information on assigning permissions to Active Directory objects or properties, see Assign, change, or remove permissions on Active Directory objects or attributes. In addition, see Best practices for assigning permissions on Active Directory objects.

Efficient search tools

Administrators can use the advanced Find dialogs in Active Directory Users and Computers to perform management tasks with greater efficiency and to easily customize and filter data retrieved from the directory. For more information, see Search Active Directory.

Additionally, administrators can add objects to groups quickly and with minimal network impact by utilizing browse-less queries to help find likely members. For more information, see Add a member to a group.