Active Directory Summary – Systems Engineering & Integration

Active Directory is a centralized database that contains user account and security information. In a workgroup, security and management take place on each computer, with each computer holding information about users and resources. With Active Directory, all computers share the same central database.

The Active Directory structure has the following components:

Component	Description
Trees and Forests	Multiple domains are grouped together in the following relationship: A tree is a group of related domains that share the same contiguous DNS namespace. A forest is a collection of related domain trees. The forest establishes the relationship between trees that have different DNS name spaces. Trees and forests have the following characteristics: The forest root domain is the top-level domain in the top tree. It is the first domain created in the Active Directory forest. The tree root domain is the highest level domain in a tree. Each domain in the tree that is connected to the tree root domain is called a child domain. A domain tree is a group of domains based on the same namespace. Domains in a tree: Are connected with a two-way transitive trust. Can share resources with any other domain in the forest. Share a common schema. Have common global catalogs.
Domain	A domain is an administratively-defined collection of network resources that share a common directory database and security policies. The domain is the basic administrative unit of an Active Directory structure. Database information is replicated (shared or copied) within a domain. Security settings are not shared between domains. Each domain maintains its own set of relationships with other domains. Domains are identified using DNS names. The common name is the domain name itself. The distinguished name includes the DNS context or additional portions of the name. Depending on the network structure and requirements, the entire network might be represented by a single domain with millions of objects or the network might require multiple domains.
Organizational Unit (OU)	An organizational unit is like a folder that subdivides and organizes network resources within a domain. An organizational unit: Is a container object. Can be used to logically organize network resources. Simplifies security administration. You should know the following about OUs: First-level OUs can be called parents. Second-level OUs can be called children. OUs can contain other OUs or any type of leaf object (e.g. users, computers, and printers).
Objects	Within Active Directory, each resource is identified as an object. Common objects include: Users Groups Computers Shared folders You should know the following about objects: Each object contains attributes (i.e., information about the object such as a user’s name, phone number, and email address) which are used for locating and securing resources. The schema identifies the object classes (the type of objects) that exist in the tree and the attributes (properties) of the object. Active Directory uses DNS for locating and naming objects. Container objects hold or group other objects–either other containers or leaf objects.
Generic Containers	Like OUs, generic containers are used to organize Active Directory objects. Generic container objects: Are created by default Cannot be created, moved, renamed, or deleted Have very few editable properties
Domain Controller	A domain controller is a server that holds a copy of the Active Directory database that can be written to. A domain controller is a member of only one domain. Any domain controller can make changes to the Active Directory database. Replication is the process of copying changes to Active Directory between the domain controllers.
Global Catalog	The Global Catalog (GC) is a database that contains a partial replica of every object from every domain within a forest. A server that holds a copy of the Global Catalog is a global catalog server. The Global Catalog facilitates faster searches because different domain controllers do not have to be referenced.

The Active Directory database resides in a file called Ntds.dit. It is the database file in which all directory data is stored.