Distributed Networks Distributed Networks




Active Directory  «Prev  Next»
Lesson 5 Logical structure of Active Directory
Objective Understand the structural areas of Active Directory.

Logical Structure and Areas of Active Directory

The logical structure of Active Directory is flexible and provides a method for designing a directory hierarchy that makes sense to both its users and those who manage it. In Windows NT, locating objects was based on knowing their physical locations on servers. With Windows 2000, the Directory provides a logical hierarchy, independent of physical location. You can create an organizational unit and place all printers into it, for instance, regardless of to which computers they are physically attached.
At its most basic, Active Directory contains objects and attributes, all of which are hierarchically arranged, so that you can view your directory's contents with ease. But in order to use and administer Active Directory with competence, you will need to know its logical structure in detail and the different layers of its content pool.
The structure of Active Directory
The principal areas of Active Directory's structure include:
  1. Domains
  2. Organizational units
  3. Trees
  4. Forests
Here you can see their relationship to one another.
This is the structure of Active Directory.
The figure above describes the principal areas of Active Directory's structure which includes
1)Domains , 2)Organizational units, 3) Trees and 4) Forests.


Active Directory: Designing, Deploying, and Running Active DirectoryActive Directory
The basic unit of organization and security in Active Directory is the domain.
  1. Domain: The basic administrative unit in a Windows 2000 network. domain is a collection of computers defined by an administrator that share a common directory database.
    It's important because objects are maintained in a domain. Within a domain, objects can be organized into logical containers called organizational units (OUs), as shown above.
  2. Organizational unit: An organizational unit (OU) is a container object that you use to organize objects within a domain. An OU contains objects, such as user accounts, groups, computers, printers, and other OUs.
    Furthermore, domains can be multiplied into groups of domains, called trees,
  3. Trees: A tree is a collection of domains that share a contiguous namespace and into collections of domains, called forests.
  4. Forests: Two or more domain trees which do not share a contiguous namespace can be joined in a forest. Domains within a forest share two-way transitive trust relationships and share a common schema and global catalog.

The Slideshow below gives you a closer view of these organizational areas and their relative place within Active Directory.

Multiple Domains in Active Directory
As this Slideshow illustrates, the areas of Active Directory may proliferate easily, but they will always be organized in a visibly recognizable and readable way. In the next lesson, you will learn more about the function and purpose of domains.