The logical structure of Active Directory will vary based on the needs of an organization. Logical elements include forests, trees, domains, and organizational units.
A domain in Windows 2000 is very similar to what a domain was in NT 4. For all intents and purposes, a domain is still a logical group of users and computers (objects) that forms an administrative and replication boundary. That means two things. First of all, a domain is an administrative unit. As such, an administrator from one domain is only the administrator of that domain, and not necessarily any others. Secondly, all domain controllers in the same domain must replicate with one another. We refer to this as a replication boundary. In Windows 2000, domains are named according to DNS naming conventions, instead of conventions based on Netbios. An example of an Active Directory domain name would be 2000trainers.com. In Windows NT, domains had a restriction on how large they could grow, based on the size of the domain SAM database (40MB or thereabouts). As such it was often necessary to create multiple domains if a company had tens of thousands of users and computers. By comparison, multiple domains wouldn’t actually be required in such a scenario under Windows 2000, since Active Directory can contain literally millions of objects. In the same manner that a user account existed within a domain in Windows NT, the same is true in Windows 2000. A given user should be given only one account, and that account exists within only one domain, even if multiple domains exist. Active Directory does allow you to have multiple domains, forming structures referred to as trees and forests, to be discussed next.