Active Directory Logical and Physical Components
|
Rather Have Fast and Secure Remote
Control?
|
Active Directory can be considered to have both a logical and physical structure, and there is no correlation between the two. The logical parts of Active Directory include forests, trees, domains, OUs and global catalogs. Each element of the logical structure of Active Directory is defined below:
Domain – a domain in Windows 2000 is very similar to a domain is Windows NT. It is still a logical group of users and computers that share the characteristics of centralized security and administration. A domain is still a boundary for security – this means that an administrator of a domain is an administrator for only that domain, and no others, by default. A domain is also a boundary for replication – all domain controllers that are part of the same domain must replicate with one another. Much like NT 4, trust relationships can exist that allow users from one domain to access resources in another. Domains in the same forest automatically have trust relationships configured, but you should also note that you could create trust relationships to external domains (including NT 4-based domains) if necessary. In Active Directory, domain naming follows DNS naming conventions – domain.com as an example.
Tree – a tree is a collection of Active Directory domains that share a contiguous namespace. In this configuration, domains fall into a parent-child relationship, which the child domain taking on the name of the parent. For example, I could create a child domain named Canada under company.com – making the full name of the domain Canada.company.com. Child domains automatically have a transitive two-way trust relationship configured with their parent. This means that the trust relationship can be used by all other domains in the forest as a means to access the domain. Note that Canada.company.com is still a separate domain in this example, which means that it is still a security and replication boundary. As such, an administrator from company.com cannot administer the Canada.company.com domain unless explicitly granted the ability to do so.
Written by Dan DiNicolo - Visit Website
Next post in Windows 2000:
Planning DNS for Active Directory
Next post in Active Directory:
Planning DNS for Active Directory
Previous post in Windows 2000:
Active Directory Distinguished Names
Previous post in Active Directory:
Active Directory Distinguished Names
All Tutorials by Category:
- CCDA Study Guide
- CCNA Study Guide Chapter 01
- CCNA Study Guide Chapter 02
- CCNA Study Guide Chapter 03
- CCNA Study Guide Chapter 04
- CCNA Study Guide Chapter 05
- CCNA Study Guide Chapter 06
- CCNA Study Guide Chapter 07
- CCNA Study Guide Chapter 08
- CCNA Study Guide Chapter 09
- CCNA Study Guide Chapter 10
- CCNA Study Guide Chapter 11
- CCNA Study Guide Chapter 12
- Cognos
- Computer Hardware
A
C
D
E
F
G
H
I
L
M
N
Entire site Copyright © 1999-2007 2000Trainers.com, all rights reserved.
Content on this site may not be copied or reproduced in any way without permission.
