Sunday, October 2, 2011

Containers in Active Directory

Forests
Highest level in an Active Directory
One or more Active Directory trees that are in a common relationship
Forest Main Characteristics:
  • The trees can use disjointed namespace
  • All trees use the same schema
  • All trees use the same global catalog
  • Domains enable administration of commonly associated objects, such as accounts and other resources within the forest
  • Two-way transitive trust are automatically configured between domains within a single forest
Forest functional level
Active Directory functions supported forest-wide
The functional levels are:
Windows 2000 native forest functional level
Provides active directory functions compatible with a network that has a combination of Windows Server 2000, Window Server 2003 and Windows Server 2008 DCs
Windows Server 2003 forest functional level
Intended for Windows Server 2003 and 2008 DCs only
Windows Server 2008 forest functional level
Contains only Windows Server 2008 DCs


Trees
  • Contains one or more domains that are in a common relationship
  • Domains in a tree typically have a hierarchical structure whereas parent domain at the top can have multiple child domains under the parent domain
  • These domains use the contiguous namespace format in that the child domain inherit a portion of their namespace from the parent domain


Domains
  • Logical partition within an Active Directory forest
  • Primary container within Active Directory
  • It groups objects that exist in the domain
Basic functions
  • To provide an AD partition to house objects
  • To establish a set of information to be replicated from one DC to another one
  • To expedite management of a set of objects
  • Small and Medium Size companies should have one Domain
  • Large companies should have more than one Domain



Organizational units (OUs)

Grouping of related objects within a domain (Similar to folders and sub-folders)
Allow the grouping of objects so that they can be administered using the same group policies
  • Such as security and desktop setup
  • Also, OUs allow to delegate administration to a different user
Can be nested within other OUs
  • Group policies can be inherit into different levels



Trusted domain
Granted access to resources
Trusting domain
One granting access to another domain
Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)