Active Directory Structure
Unlike Windows NT, Active Directory is designed for you to create a functional and usable hierarchy for your environment. Not only does this make the environment look cleaner, but it also allows central system administrators to delegate specific authority over areas to other administrators, team members, and groups. AD has a very flexible structure, allowing you to build a hierarchy in whatever way you wish – one big unit, broken down by geographic location, by department, by astronomical sign, or however you desire.
Achieving this flexibility in hierarchical design is a defined structure. The structure of Active Directory starts with forests and domains and goes down to organizational units and individual objects (such as a user or computer account). The flexibility in hierarchical design is a benefit to network architects, but if you do not design the structure correctly in the beginning, it can be a nightmare down the road. We recommend spending a lot of time thinking about the best hierarchical structure for your Active Directory environment before diving in and building it.
In this section, we are going to look at the basic building blocks of Active Directory – all those things which make it such a flexible directory service.