Saturday 10 November 2012
Components Of Active Directory
The server where we install our Active Directory is known as Active Directory Domain Controller and in Server 2008 we can say it Active Directory Domain Services. In Windows Server 2008, one or more than one server are available where Active Directory Domain Services can be Install.
So, for better Administration and security we can categorize these Active Directory Objects in two categories such as:
1. Container Objects 2. Leaf Objects
First we will discuss the Container Objects.
Container Objects:
are those Active Directory Objects which can contain other objects in them. Such as:
- Domain
- Forest
- Tree
- OU (Organizational Unit )
Leaf Objects:
which cannot contain other objects in them. Such as:
- Users
- Computers
- Printers,etc.
Now, here we discus just Container Object in detail.
Domain:
Active Directory Domain is the Logical group of computers which shares a central directory database where only Microsoft Windows Operating Systems are running such as (Windows 7 , Vista and other Microsoft Operating Systems). For more clarity see the figure below:
We put the combination of computers and logical groups in a triangle. So Windows Server Domain is the collection of computers where different versions of Microsoft Operating System can use Active Directory.
Tree:
Active Directory Tree is also a collection of Active Directory objects. It is the Logical Group of network resources and devices. Actually Active Directory Tree is the collection of one or more than one domains and there should be relationship between them known as Parent Child relationship (just like Tree has Branch and Branch has Sub branches). Active Directory Tree must have the Same Namespace which explain in the figure below
First domain is known as Forest Root because all the child domain start from first domain.
So, as you can see the Domain in the above figure has same name space like, Forest Root starts from (Microsoft.com) and the Child Domains are ( exchange.Microsoft.com, nwtrader.Microsoft.com and jp.nwtrader.microsoft.com ) has the same Name Spaces ( .Microsoft.com ). It is mandatory to put the Forest Root domain name in the child domain.
Forest:
In the real world, a Forest contains a lot of trees so same as in the Active Directory has a lot of Active Directory Trees.
Active Directory Forest is the largest container object within Active Directory. It is the fundamental security boundary within Active Directory. It means a user can access resources across an entire Active Directory forest using a single log on/password combination. An additional log on would be required to access resources across more than one Forest.
See the below figure to understand a Forest.
Regarding the above figure a user can access to the network where ever he want and he can use just single log on/password combination beside different log on/password combination.
So Active Directory Forest is the collection of one or more Trees, a largest container object and seems as a security boundary with in Active Directory.
OU (Organizational Unit ):
An OU is a container that represents a logical grouping of resources that have similar security or administrative guidelines.
You can put a small container object in a single domain which is known as Organizational Unit.
Organizational Unit (OU) has two benefits:
1.Delegation
If you want to Delegate Authority to someone else and want to give small level administrative control then you use Organizational Unit (OU) .
2. Applying Security Policy:
If you want to apply Group Policy object (GPO) then OU is the only container object where you can apply GPO.
I hope you like my post. Keep visit Votive blog for more Active Directory Tutorials. Please Like us on Face Book ,Follow us on Twitter and subscribe via Email. Enjoy!!
SHARE THIS POST
Authors: Junaid Afzal and Muhammad Taimur Adil
Subscribe to:
Post Comments (Atom)
0 comments: