3.4.1 Active Directory Support for Client Computers
Windows 2000, Windows XP and Windows Server 2003 computers can take full advantage of all the
features provided by Active Directory. However, you must enable client extensions for computers running
Windows 95, Windows 98, and Windows NT 4.0 Workstation to take advantage of some of these features.
Note: The Active Directory Client Extensions for Windows 95 and Windows
98 are can be located on the Windows 2000 Server installation disk while
the Active Directory Client Extensions for Windows NT 4.0 Workstation
must be downloaded from the Microsoft Web site.
Active Directory features that are supported by the Active Directory Client Extensions include:
Site Awareness which allows users to log on to domain controllers on the same site and thereby reduces
bandwidth usage across wide area network (WAN) links.
Active Directory Services Interface (ADSI), which enables scripting to Active Directory and other
Distributed File System (DFS) Fault Tolerance Client, which enables access to the fault-tolerant file
shares that are specified in Active Directory.
Active Directory Windows Address Book Property Pages, which enable users who have the required
permissions to change properties on user objects.
NTLM Version 2 Authentication, which is an improvement on the NTLM authentication feature of
Windows NT 4.0.
The Active Directory Client Extensions does not support:
Kerberos Authentication Protocol, which is the default authentication protocol for communication
between Windows 2000 computers.
Group Policy Support, which allows you to configure security permissions that apply to the domain or a
computer rather than to users.
Layer Two Tunneling Protocol (L2TP) over Internet Protocol security (IPSec), which is a set of
protocols used to secure transmissions on a Virtual Private Network.
Service Principal Name (SPN) or mutual authentication