A Primer to Active Directory: Microsoft's System Information Repository - Page 2

By Hallett German | Posted Jun 12, 2003
Page 2 of 3   |  Back to Page 1
Print ArticleEmail Article
  • Share on Facebook
  • Share on Twitter
  • Share on LinkedIn

Containers

An Active Directory container is an object repository that includes objects. Once a container is defined, it can be used for defining the scope replication and access control, including access policies. Containers and the objects within them are hierarchically organized. For example:

My Directory for The Mythical Company
  People
       Garfield Lemay 
  Groups
       Managers
  Applications
       Spreadsheets
  Other
Or in AD vernacular:
O=mythical.com
  Ou=People
       Cn=Garfield lemay  (other attributes left out like uid, sn, etc.)
  Ou=Groups
       Ou=Managers
  Ou=Applications
       Ou=Spreadsheets
  Ou=Other
The above directory has four containers: People, Groups, Applications, and Other. All directory entries for this company must reside in one of these containers. Container names typically start with ou= (or organization unit) -- a concept inherited from LDAP/X.500.

Sites
Active Directory's performance is heavily dependent on network topology. A site is a logical group of network subnets with fast and dependable connectivity. The connection between two sites is called the site link. Using site links optimizes Active Directory network traffic. Traffic on site links is usually reserved for directory replication and queries.

Domains
Domains are logical hierarchical groupings of containers. Administration, security policies, and replication do not span domains. If administration delegation needs to be done, it must be assigned at the OU level. Site structure is not always directly related to domain structure -- there may be multiple sites per domain and multiple domains per site.

Domain Controllers
The Domain Controllers (DCs) are one or more Windows 2000 servers managing the Active Directory function for a given domain. Each controller contains the entire directory for one domain and only that domain. This means that domain controllers are multi-mastered. Domain Controllers manage the network logon process, directory searches, and other domain operations.

Domain Trees
Domain Trees are logical hierarchical groupings of domains forming a contiguous namespace. All domains in the tree have the same schema, domain controller, global catalog, and two-way transitive trust relationship. You can have multiple trees that form disjoint namespaces (i.e. non-sharing) and that support a centralized or decentralized set of domains. The first domain created in the domain tree is the domain root.

Page 3: Forests

Comment and Contribute
(Maximum characters: 1200). You have
characters left.
Get the Latest Scoop with Enterprise Networking Planet Newsletter