1) What's known as "ADSI" or "Active Directory Service Interface" ?
Active Directory Service Interface (ADSI) is used to add new users, modify attributes and browse Active Directory, as well as other activities. You can use ADSI to govern the lifecycle of abstract directory objects (such as computers and user groups) as well as access these objects, even if they are located on a different operating system. Using ADSI, you can update user information from a Web page and distribute it across a multi-operating system network.
ADSI uses the capabilities of directory services from different network providers to present a single set of directory service interfaces for accessing and managing network resources. You can use ADSI services to number and manage resources in a directory service, regardless of which network environment contains the resource. This can be an LDAP-based, NDS-based, or NTDS-based directory.
ADSI is a standard Windows-based interface for meta-directory applications. A meta-directory is a high-level network directory service designed to unite account and resource information from multiple network operating environments. The goal of ADSI is to synchronize this information across differing directories. Meta-directories extract security and account data from each directory, and then manage this information as part of an external database.
ADSI is comprised of a series of client-side DLLs that provide a common set of directory management functions. You can access these functions from almost any environment. As a result, you can add or remove user accounts, configure shared resources, and browse the directory tree all from a single, integrated console. Exchange 2000 uses ADSI to integrate application services with Active Directory's security and account functions. You can also access ADSI using Microsoft Visual Basic, Scripting Edition (VBScript) and Microsoft Windows Script Host to perform directory maintenance tasks.