Implement an Active Directory Directory Service Forest and Domain Structure
The directory service of Active Directory fulfills the directory needs of an organization. Just like any other directory service, it also stores the objects of a similar kind. Because Active Directory directory service is implemented in a distributed environment, the objects it stores are network objects such as file servers, print servers, fax servers, databases, users, groups, computers, security policies, and applications.
Active Directory directory service serves as a main switchboard for an entire organization. It centrally organizes, manages, and simplifies access to all the objects it stores with great security and privacy. It plays an important role in managing the organizations network infrastructure.
The Active Directory contains various components that allow it to build a directory structure. It contains both physical and logical components. The physical components include domain controllers and sites and logical objects include domains, forests, and trees.
The Logical Components of Active Directory
The logical components in Active Directory are stored in a logical structure, which allows the grouping of resources of an organization and thereby helps in finding a resource easily. The logical components of an Active directory include:
- Domain: A most important logical structure. It stores the most important information of an organization – the network objects. A domain can span different physical locations. Access to objects is decided by the access control list (ACL) of an object. An object can be a file, folder, printer, shares, or any other AD object.
- Organizational units (OU): A container object that is used to organize objects into logical administrative group. It allows administrators to manage users and resources of an organization efficiently. It can contain objects such as user accounts, groups, computers, printers, applications, file shares, and other OUs.
- Trees: A hierarchical grouping of domains. The domains that belong to a same tree share contiguous namespace and hierarchical naming structure, as shown in Figure 1.
Figure 1
- Forests: A hierarchical grouping of one or more independent trees. The characteristics of a forest are that all the domains in a forest share a common schema and a common global catalog. Although all the domains in a forest operate independently, they are linked by implicit two-way transitive trusts and thus the communication across all the domains of an organization is possible. The trees in a forest can have their own naming structure according to their domains, as shown in Figure 2:
Figure 2
The Physical Components of Active Directory
The physical components of an Active Directory are used to develop physical structure of an organization. These components include
· Domain Controllers: A domain controller is a computer that stores the local database of a domain or domain directory. A domain can have one or more domain controllers to provide fault tolerance and manage network traffic, but one domain controller can serve only one domain. Each domain controller in a domain stores a complete copy of the AD information of that domain and is responsible for replicating the directory information of all the objects in a domain to each other.
· Sites: A site is a combination of one or more IP subnets which connect together to ensure replication between the objects it contains. It is not a part of a namespace. Since sites are not part of the namespace in Active Directory, you cannot see objects grouped in sites when you browse a logical namespace in AD. The objects in a namespace are grouped into domains and OUs, and not sites. A site can span one or more physical separated locations, multiple domains, or single domain. Besides, a single domain can have multiple sites, as shown in Figure 3:
Figure 3
