Active Directory Logical Structure — Part 2

Active Directory Logical Structure – Part 2





The most basic components of logical structure of Active directory are


a) Leaf objects which do not have any child objects


b) Container objects which has child objects.



The major reason behind these objects is to manage data. The understanding of these logical components helps engineers to

to design active directory and troubleshoot AD efficiently. The logical structure consists of





In Active directory Forest holds the top-level container in which it stores all the domain containers. There can be

any number of domains in a forest so any number of domain containers can be stored in Forest container. Domain containers share common

global catalog, schema , directory configuration , logical structure and two way transitive trust.


Note : First domain in the forest acts as root domain eg:





Domain is a container object which holds millions of objects. These objects share common database.As explained in my earlier post every domain has its own datastore, schema and database.

Domain also defines the security policies for the objects and the trust relationship



Domain Tree :


AD provides flexibility of creating child domains under parent domain / root domain which is called as domain tree. eg:




Organizational Unit :


A company has 1000 users and all these users share different privliges , administrator have tough time identifying

theh priviliges of user, so with the help of OU he can group the users with similar privilges which makes management easy.


OU’s are container objects which helps in arranging different types of objects under it.



Site Objects:


AD replication is achieved by the site objects. They fall into both container object and leaf object. These site objects are top most object to implement

AD replication. The site object stores objects that are used by KCC ( knowledge consistency checker ). Some of the well known objects are

NTDS, subnet objects, connection objects , server objects and site object ( one object per site ) .





In order to view , manage , manipulate the above objects, you can


a) install the AD


b) create a domain


c) manage users using Active directory users and computers MMc


d) Active directory domains and  trust for managing trust


e) Active directory schema MMC



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s