Enterprise Computing
Active Directory
Active Directory Structure
- Domains: A domain as a central security database that is used by all computers that are members of the domain. It stores information about user accounts and computers. Active Directory uses the same naming convention for domains and objects as DNS.
- Organizational units: Each domain can be subdivided into organizational units (OUs). OUs allow you to organize the objects in a domain and can be used for delegating management permissions. Organizational units can be used to apply Group Policies.
- Trees and forests: You can create more complex Active Directory structures by combining multiple domains into a tree and multiple trees into a forest.
- Some of the reasons to use multiple domains include:
- Decentralized administration: Domain boundaries serve as security boundaries for domain administrators.
- Unreliable WAN links: If the WAN links between locations are often unavailable, then separate domains minimize replication traffic across the WAN links.
- Multiple password policies: Unless all domain controllers are in a domain are running Windows server 2008 or later, a domain can have only a single password policy.
- Server roles: Within Active Directory, Windows servers can be either a member server or a domain controller.
Forest root domain is the first Active Directory domain created in an organization. When multiple domains exist in a forest, trust relationships are generated automatically between the domains.
In a forest, each domain trusts its own parent and subdomains.
Read more about the structure of an Active Directory at:
http://technet.microsoft.com/en-us/library/cc978008.aspx.
Member servers are integrated into Active Directory, and can participate in the domain by sharing files and printers with domain users.
Domain controller is a server that stores a copy of Active Directory information.