Framework of Active Directory
The Active Directory structure is built on the domain level. The framework that holds the objects can be viewed at different levels namely forest, domain trees and domains.
At the top of the level is the forest. A forest holds all the Active directory data. The first domain added to the forest is the forest root domain. Information exchange happens within a forest. All domains within a forest have a common schema, common global catalog and have trust relationships among the domains. The forest acts as a security boundary. To communicate with data in other forests, external trust relationship is required.A domain tree is formed when a combination of domains share the schema, configuration and have contiguous namespace. The domains inside a tree have implicit trust relationships with each other. A trust is the potential to allow access to resources.The logical structure of Active directory is built around domains. A domain is a grouping of objects. Each domain has a name, its own database, policies that are applicable to all the resources within that domain. A domain functions as a boundary for policies, authentication and authorization. A domain controller (DC) is the supreme authority for controlling all operations within a domain.
Organizational units (OU) are containers that hold other Active Directory objects like users, computers, printers, shared folders and even other organizational Units. The advantage with OU is that it can be used to set security policies and delegate administrative control.
While forests, trees, domains are all logical grouping of objects, the physical grouping of objects is made possible using a site. A site groups objects based on IP addresses. Hence it cannot span across different physical locations. For example, if there are various branches of your organization located at different places, each location can be identified using a site. A site is mainly used for replication and traffic control purpose. It is important to understand that site and domains are not interrelated – a site can contain multiple domains and a single domain could span across multiple sites.
Related Articles
Active Directory Object Class
An object class is a component of Active Directory schema which defines the “type” for an object or in other words it defines the set of mandatory and optional attributes an object can have. Say for example when a new user object is being created, it ...What is Active Directory
With the rapid adoption of distributed computing, there existed a need for developing a multipurpose directory service catering to the different needs of enterprise IT management. This video breaks down the basics of Active Directory services, ...Active Directory Computer
Real-world entities like Active Directory computers are fundamentally represented as objects. This video walks through Active Directory computer objects and will also give you a brief insight of its common and important attributes. Active Directory Objects
Objects are the building blocks of an Active Directory environment. Watch this video to get a brief idea on Active Directory objects, the different types of objects, along with their properties and permissions. Benefits of Active Directory
The benefits of Active directory usage are manifold. It makes the task of network administration simpler by maintaining a central repository of information. It provides Off-Site a single destination to look out for information. Highly secured access ...