What does the logical component of the Active Directory structure include?
Objects:-Resources are stored in the
Active Directory as objects.
Sub category: object class
An object is really just a collection
of attributes. A user object, for example, is made up of attributes such as name,
password, phone number, group membership, and so on. The attributes that make
up an object are defined by an object
class. The user class, for example, specifies the attributes that make up
the user object.
The Active Directory Schema:-
The classes and the attributes that
they define are collectively referred to as the Active Directory Schema—in
database terms, a schema is the structure of the tables and fields and how they
are related to one another. You can think of the Active Directory Schema as a
collection of data (object classes) that defines how the real data of the directory
(the attributes of an object) is organized and stored
■ Domains
The basic organizational structure of
the Windows Server 2003 networking model is the domain. A domain represents an
administrative boundary. The computers, users, and other objects within a
domain share a common security database.
■ Trees
Multiple domains are
organized into a hierarchical structure called a tree. Actually, even if you
have only one domain in your organization, you still have a tree. The first
domain you create in a tree is called the root domain. The next domain that you
add becomes a child domain of that root. This expandability of domains makes it
possible to have many domains in a tree. Figure 1-1 shows an example of a tree.
Microsoft.com was the first domain created in Active Directory in this example
and is therefore the root domain.
Figure 1-1 A tree is a
hierarchical organization of multiple domains.
All domains in a tree share a common
schema and a contiguous namespace. In the example shown in Figure 1-1, all of
the domains in the tree under the microsoft.com root domain share the namespace
microsoft.com. Using a single tree is fine if your organization is confined
within a single DNS namespace. However, for organizations that use multiple DNS
namespaces, your model must be able to expand outside the boundaries of a
single tree. This is where the forest comes in.
■ Forest
A forest is a group of one or more
domain trees that do not form a contiguous namespace but may share a common
schema and global catalog. There is always at least one forest on a network,
and it is created when the first Active Directory–enabled computer (domain
controller) on a network is installed.
This first domain in a forest, called
the forest root domain, is special because it holds the schema and controls domain
naming for the entire forest. It cannot be removed from the forest without
removing the entire forest itself. Also, no other domain can ever be created
above the forest root domain in the forest domain hierarchy.
Figure 1-2 shows an example of a
forest with two trees. Each tree in the forest has its own namespace. In the
figure, microsoft.com is one tree and contoso.com is a second tree. Both are in
a forest named microsoft.com (after the first domain created)
Figure 1-2 Trees in a forest share the
same schema, but not the same namespace.
A forest is the outermost boundary of
Active Directory; the directory cannot be larger than the forest. However, you
can create multiple forests and then create trust relationships between
specific domains in those forests; this would let you grant access to resources
and accounts that are outside of a particular forest.
■Organizational
Units
Organizational Units (OUs) provide a
way to create administrative boundaries within a domain. Primarily, this allows
you to delegate administrative tasks within the domain.
OUs serve as containers into which the
resources of a domain can be placed. You can then assign administrative
permissions on the OU itself. Typically, the structure of OUs follows an
organization’s business or functional structure. For example, a relatively
small organization with a single domain might create separate OUs for
departments within the organization.