Active Directory Logical and Physical Components

Active directory introduced in windows 2000 operating system(little old stuff).
Active Directory can be considered to have both a logical and physical structure, and there is no correlation between the two. The logical parts of Active Directory include forests, trees, domains, OUs and global catalogs. Each element of the logical structure of Active Directory is defined below:

Domain – a domain in Windows 2000 is very similar to a domain is Windows NT. It is still a logical group of users and computers that share the characteristics of centralized security and administration. A domain is still a boundary for security – this means that an administrator of a domain is an administrator for only that domain, and no others, by default. A domain is also a boundary for replication – all domain controllers that are part of the same domain must replicate with one another. Domains in the same forest automatically have trust relationships configured.

Tree – a tree is a collection of Active Directory domains that share a contiguous namespace. In this configuration, domains fall into a parent-child relationship, which the child domain taking on the name of the parent.

Forest – a forest is the largest unit in Active Directory and is a collection of trees that share a common Schema, the definition of objects that can be created. In a forest all trees are connected by transitive two-way trust relationships, thus allowing users in any tree access to resources in another for which they have been given appropriate permissions and rights. By default the first domain created in a forest is referred to as the root domain. Amongst other things, this is where the Schema is stored by default.
There are two types of active directory forest :-
I) Single Forest
2) Multiple forest

Organizational Unit – An organizational unit (OU) is a container object that helps to organize objects for the purpose of administration or group policy application. An OU exists within a domain and can only contain objects from that domain. OU can be nested, which allows for more flexibility in terms of administration. Different methods for designing OU structures exist including according to administration (most common), geography, or organizational structure. One popular use of OUs is to delegate administrative authority – this allows you to give a user a degree of administrative control over just the OU, and not the entire domain.

Global Catalogs – Global Catalogs are listings of every object that exists within an Active Directory forest. By default, a domain controller only contains information about objects in that domain. A Global Catalog server is a domain controller that contains information about every object (though not every attribute for each) stored in the entire forest. This facilitates and speeds up the search for information in Active Directory. By default only the first domain controller created in a forest has a copy of the global catalog – others much be designated manually.

The physical structure of Active Directory helps to manage the communication between servers with respect to the directory. The two physical elements of Active Directory are domain controllers and sites. Each is described below.

Domain Controllers – domain controllers are Windows 2000 Server-based systems that store the Active Directory database. Every Windows 2000 domain controller has a writable copy of the directory. This is different that in NT 4, where only the PDC had this capability. Domain controllers in the same domain contain replicas of the directory that must be synchronized periodically.

Site – a site is a concept that did not exist in an NT directory service structure. In Active Directory, sites are groups of IP subnets that are connected at high speed. Although the definition of ‘high speed’ is open, it is generally considered to be subnets that are connected at LAN speeds (say 10 Mb) or higher. The purpose of defining sites in Active Directory is to control network traffic relating to directory synchronization, as well as to help ensure that users connect to local resources. For example, domain controllers located in the same site replicate with one another on a 5-minute change notification interval similar to in NT 4. However, replication between domain controllers in different sites can be scheduled according to your needs. This allows a much greater degree of flexibility that in NT 4. For example, you could set things up such that replication between sites could only happen between midnight and 6am – thus ensuring that replication traffic would not interfere with normal data transfer during business hours. Sites also help ensure that users avoid accessing resources over the WAN by having client systems access servers (such as domain controllers) that are in the same physical site first.


Posted on October 25, 2013, in Uncategorized, Windows. Bookmark the permalink. 1 Comment.

  1. thank u for this information.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: