Active Directory Logical Structure – Part 2
The most basic components of logical structure of Active directory are
a) Leaf objects which do not have any child objects
b) Container objects which has child objects.
The major reason behind these objects is to manage data. The understanding of these logical components helps engineers to
to design active directory and troubleshoot AD efficiently. The logical structure consists of
In Active directory Forest holds the top-level container in which it stores all the domain containers. There can be
any number of domains in a forest so any number of domain containers can be stored in Forest container. Domain containers share common
global catalog, schema , directory configuration , logical structure and two way transitive trust.
Note : First domain in the forest acts as root domain eg: sai.com.
Domain is a container object which holds millions of objects. These objects share common database.As explained in my earlier post every domain has its own datastore, schema and database.
Domain also defines the security policies for the objects and the trust relationship
Domain Tree :
AD provides flexibility of creating child domains under parent domain / root domain which is called as domain tree. eg: test.sai.com
Organizational Unit :
A company has 1000 users and all these users share different privliges , administrator have tough time identifying
theh priviliges of user, so with the help of OU he can group the users with similar privilges which makes management easy.
OU’s are container objects which helps in arranging different types of objects under it.
AD replication is achieved by the site objects. They fall into both container object and leaf object. These site objects are top most object to implement
AD replication. The site object stores objects that are used by KCC ( knowledge consistency checker ). Some of the well known objects are
NTDS, subnet objects, connection objects , server objects and site object ( one object per site ) .
In order to view , manage , manipulate the above objects, you can
a) install the AD
b) create a domain
c) manage users using Active directory users and computers MMc
d) Active directory domains and trust for managing trust
e) Active directory schema MMC