Hierarchy of information about network objects (such as computers, users, groups, domains, and trees) in a given network environment. It is extensible, interoperable (uses LDAP), scalable, and secure (from Microsoft Technet). The database behind active directory is stored as various schema, which can be adapted and added to by third-party software to allow complete integration into the directory.

Below is a sample hierarchy in ADS:

Tree1 Tree2 site1.com (domain) <=====trust=====> theman.com (domain) | | | damn.theman.com (child-domain) | | jimbo (OU) maingroup1 (OU) | | |-- l33t_box (computer) |-- printer1 (printer) | (l33t_box.site1.com) | (printer1.damn.theman.com) | | |-- jimbo-users (group) |-- subgroup1 (OU) | (jimbo-users@site1.com) | | | | |-- bobs_box (computer) |-- service_pack_1 (GPO) | | (bobs_box.damn.theman.com) | | | |-- jimbob (user) | |-- bob (user) (jimbob@site1.com) | (bob@damn.theman.com) | |-- subgroup2 (OU)

Some definitions:

  • A Forest is a collection of trees.
  • A Tree is a hierarchy of domains and its subordinates.
  • A Domain (similar to NT 4.0) contains child-domains, OU's, computers, users, etc.
  • An OU is an Organizational Unit (similar to Domain, but with no need for a domain controller).
  • A GPO is a group policy object, with which administrators can apply rules, updates, and installations on any computer or OU to which the GPO applies.
  • Users, computers, printers, and groups are all basic objects in the directory. It is to these basic objects that GPO's can be applied.
  • FQDN's (Fully Qualified Domain Name) are not assigned to OU's or GPO's, only domains, computers, and printers (and somewhat groups and users).

A few things about AD:

No need for a PDC unless you're in mixed mode, in which case you'll have to run a PDC simulator to maintain backwards compatibility with your NT 4.0 network.
The RAS security policies are NOT stored in AD
They are much the same as NT domains, except you can further break users down into OUs to better organise them and apply policies. In addition two way transitive trusts become possible.

Log in or register to write something here or to contact authors.