10 ready-to-implement PowerShell scripts to make AD management easy!

Active Directory Fundamentals

Framework of Active Directory

The Active Directory structure is built on the domain level. The framework that holds the objects can be viewed at different levels namely forest, domain trees and domains.

Active Directory Framework

At the top of the level is the forest. A forest holds all the Active directory data. The first domain added to the forest is the forest root domain. Information exchange happens within a forest. All domains within a forest have a common schema, a common global catalog, and have trust relationships among the domains. The forest acts as a security boundary. To communicate with data in other forests, an external trust relationship is required. A domain tree is formed when a combination of domains share the schema, configuration and have a contiguous namespace. The domains inside a tree have implicit trust relationships with each other. Trust is the potential to allow access to resources. The logical structure of the Active directory is built around domains. A domain is a grouping of objects. Each domain has a name, its own database, policies that are applicable to all the resources within that domain. A domain functions as a boundary for policies, authentication, and authorization. A domain controller (DC) is the supreme authority for controlling all operations within a domain.

Organizational units (OU) are containers that hold other Active Directory objects like users, computers, printers, shared folders, and even other organizational Units. The advantage of OU is that it can be used to set security policies and delegate administrative control.

While forests, trees, domains are all logical grouping of objects, the physical grouping of objects is made possible using a site. A site groups objects based on IP addresses. Hence it cannot span across different physical locations. For example, if there are various branches of your organization located at different places, each location can be identified using a site. A site is mainly used for replication and traffic control purposes. It is important to understand that site and domains are not interrelated – a site can contain multiple domains and a single domain could span across multiple sites.

Related posts
Active Directory Fundamentals

Find a user's last logon time

Active Directory Fundamentals

Configure domain password policy - Here’s how

Active Directory FundamentalsAzure AD FundamentalsRecent Posts

Before migrating to Active Directory Domain Services (AD DS) 2022

Active Directory Fundamentals

Removing an Exchange Server Mailbox from your environment