A Primer to Active Directory: Microsoft's System Information Repository - Page 2

By  Hallett German | Jun 12, 2003
Page 2 of 3   |  Back to Page 1
Print ArticleEmail Article
  • Share on Facebook
  • Share on Twitter
  • Share on LinkedIn

Containers

An Active Directory container is an object repository that includes objects. Once a container is defined, it can be used for defining the scope replication and access control, including access policies. Containers and the objects within them are hierarchically organized. For example: 

My Directory for The Mythical Company
  People
       Garfield Lemay 
  Groups
       Managers
  Applications
       Spreadsheets
  Other
Or in AD vernacular: 
O=mythical.com
  Ou=People
       Cn=Garfield lemay  (other attributes left out like uid, sn, etc.)
  Ou=Groups
       Ou=Managers
  Ou=Applications
       Ou=Spreadsheets
  Ou=Other
The above directory has four containers: People, Groups, Applications, and Other. All directory entries for this company must reside in one of these containers. Container names typically start with ou= (or organization unit) -- a concept inherited from LDAP/X.500.

Sites
Active Directory's performance is heavily dependent on network topology. A site is a logical group of network subnets with fast and dependable connectivity. The connection between two sites is called the site link. Using site links optimizes Active Directory network traffic. Traffic on site links is usually reserved for directory replication and queries.

Domains
Domains are logical hierarchical groupings of containers. Administration, security policies, and replication do not span domains. If administration delegation needs to be done, it must be assigned at the OU level. Site structure is not always directly related to domain structure -- there may be multiple sites per domain and multiple domains per site.

Domain Controllers
The Domain Controllers (DCs) are one or more Windows 2000 servers managing the Active Directory function for a given domain. Each controller contains the entire directory for one domain and only that domain. This means that domain controllers are multi-mastered. Domain Controllers manage the network logon process, directory searches, and other domain operations.

Domain Trees
Domain Trees are logical hierarchical groupings of domains forming a contiguous namespace. All domains in the tree have the same schema, domain controller, global catalog, and two-way transitive trust relationship. You can have multiple trees that form disjoint namespaces (i.e. non-sharing) and that support a centralized or decentralized set of domains. The first domain created in the domain tree is the domain root.

Page 3: Forests

hrgerman@gte.net

Comment and Contribute
(Maximum characters: 1200). You have
characters left.
Get the Latest Scoop with Enterprise Networking Planet Newsletter
Helpful Links

  • Yankee Group Mobile WAN Optimization Report

    Mobile work continues to evolve. Your organization must keep up with the demands of its mobile workforce. This report introduces the concept of mobile WAN optimization and provides three case studies including RCM, PRTM and Einstein that highlight how this emerging technology can help IT departments achieve what previously appeared to be conflicting goals. Read >

  • Network Security Resources

    More threats than ever before pose a danger to today's enterprise network. Get the latest tips and intel on the newest risks in our guide to network security resources. Read >

  • Extreme Savings: Cutting Costs with WAN Optimization

    Did you know it's possible to cut IT costs without impacting day-to-day IT operations? In fact, when you download this whitepaper from Riverbed on cost-savings through WAN optimization, you'll discover how businesses of all different sizes have realized a return on investment in just a few months through significant hard cost savings in areas such as bandwidth reduction and IT consolidation. It's called Extreme Savings and its only from Riverbed. Read >