A Primer to Active Directory: Microsoft's System Information Repository - Page 2
An Active Directory container is an object repository that includes objects. Once a container is defined, it can be used for defining the scope replication and access control, including access policies. Containers and the objects within them are hierarchically organized. For example:
My Directory for The Mythical Company People Garfield Lemay Groups Managers Applications Spreadsheets OtherOr in AD vernacular:
O=mythical.com Ou=People Cn=Garfield lemay (other attributes left out like uid, sn, etc.) Ou=Groups Ou=Managers Ou=Applications Ou=Spreadsheets Ou=OtherThe above directory has four containers: People, Groups, Applications, and Other. All directory entries for this company must reside in one of these containers. Container names typically start with ou= (or organization unit) -- a concept inherited from LDAP/X.500.
Active Directory's performance is heavily dependent on network topology. A site is a logical group of network subnets with fast and dependable connectivity. The connection between two sites is called the site link. Using site links optimizes Active Directory network traffic. Traffic on site links is usually reserved for directory replication and queries.
Domains are logical hierarchical groupings of containers. Administration, security policies, and replication do not span domains. If administration delegation needs to be done, it must be assigned at the OU level. Site structure is not always directly related to domain structure -- there may be multiple sites per domain and multiple domains per site.
The Domain Controllers (DCs) are one or more Windows 2000 servers managing the Active Directory function for a given domain. Each controller contains the entire directory for one domain and only that domain. This means that domain controllers are multi-mastered. Domain Controllers manage the network logon process, directory searches, and other domain operations.
Domain Trees are logical hierarchical groupings of domains forming a contiguous namespace. All domains in the tree have the same schema, domain controller, global catalog, and two-way transitive trust relationship. You can have multiple trees that form disjoint namespaces (i.e. non-sharing) and that support a centralized or decentralized set of domains. The first domain created in the domain tree is the domain root.