Active directory is a central component of the Windows platform, Active Directory service provides the means to manage the identities and relationships that make up network environments. After installing the Active Directory You can create centralized User & group for Whole Network. We can say Active Directory does the function in the form of a main switch board for Network operating System. Active Directory itself is more than just a database. It is a collection of supporting files that includes transaction logs and the system volume, or Sysvol, that contains logon scripts and Group Policy information.
Active Directory simplifies the security and administration of resources throughout a network (including the computers that are part of the network) by providing a single point of administration for all objects on the network. Active Directory organizes resources hierarchically in domains, which are logical groupings of servers and other network resources.
One big advantage that Active Directory provides is a single logon point for all network resources, so a user can log on to the network with a single user name and password, and then access any resources to which the user account is granted access. An administrator can log on to one computer and administer objects on any computer in the network.
A domain controller is a server that has been promoted by running the Active Directory Installation Wizard by running DCPROMO from the command line or using add remove a role from manage your server . Once a server has become a domain controller, it hosts a copy, or replica, of Active Directory and changes to the database on any domain controller are replicated to all domain controllers within the domain.
The core unit of logical structure in Active Directory is the domain. However, an enterprise might have more than one domain in its Active Directory.
Feature of Domains :-
- Domains allows administrators to divide the network into manageable boundaries.
- Administrators from different domains can establish their own security models (including password complexity and password-length requirements); security from one domain can then be isolated so that other domains security models are not affected.
- Domains provide a way to logically partition a network along the same administrative lines as an organization. Organizations that are large enough to have more than one domain usually have divisions that are responsible for maintaining and securing their own resources. Grouping objects into one or more domains enables your network to reflect your company’s organization.
- Domains are independent administrative units, with their own security and administrative policies.
- All network objects exist within a domain, and each domain stores information only about the objects that it contains.
- Theoretically, a domain directory can contain up to 10 million objects, but 1 million objects per domain is a more practical amount.
A tree is a hierarchical arrangement of one or more domains that share a common schema and a contiguous namespace. In the example shown in Figure all the domains in the tree under the Example.com root domain share the namespace Example.com.
The first domain you create in a tree is called the root domain. The next domain that you add becomes a child domain of that root. In this figure Lucknow.example.com and Jaiure.example.com are the child domains.
Feature of Tree
- Following DNS standards, the domain name of a child domain is the relative name of that child domain appended with the name of the parent domain.
- All domains within a single tree share a common schema, which is a formal definition of all object types that you can store in an Active Directory deployment.
- All domains within a single tree share a common Global Catalog, which is the central repository of information about objects in a tree.
A forest is a grouping or hierarchical arrangement of one or more domain trees that form a disjointed namespace, but might share a common schema and Global Catalog If domains in an Active Directory do not share a common root domain, they create multiple trees. That leads you to the largest structure in an Active Directory: the forest. An Active Directory forest includes all domains within that Active Directory. A forest might contain multiple domains in multiple trees, or just one domain. When more than one domain exists, a component of Active Directory called the Global Catalog becomes important because it provides information about objects that are located in other domains in the forest.
In the figure given above the namespace example.com is represented in one tree, and the namespace MothersNetwork.com is represented in another. There is always at least one forest on a network, and it is created when the first Active Directory enabled computer (domain controller) on a network is installed. This first domain in a forest, called the forest root domain, is special because it holds the schema and controls domain naming for the entire forest. It cannot be removed from the forest without removing the entire forest itself. Also, no other domain can ever be created above the forest root domain in the forest domain hierarchy.
Feature of Forests
- All trees in a forest share a common schema.
- Trees in a forest have different naming structures, according to their domains.
- All domains in a forest share a common Global Catalog.
- Domains in a forest operate independently, but the forest enables communication across the entire organization.