Hello friends, in this study guide we discussed about Active Directory tools. Which basic components required for Active Directory? In the previous study guide we have seen the benefits of Active Directory. I hope you read that article Active Directory tools.
Active Directory consists of a number of components that flexibility in the design, scalability, administration, and security of an Active Directory network. Some of these components can be changed and scaled to fit a future design. Others are more difficult to change after the initial configuration. So, organizations need to have a clear plan in place for the design of an Active Directory environment before beginning the installation and configuration process.
Each component in Active Directory can be categorized as either a container object or a leaf object.
- A container object is one of that can have other objects housed within it; these can be additional container objects as well as leaf objects.
- A leaf object, by contrast, cannot contain other objects and usually refers to resources such as a printer, folder, user, or group.
Components of Active Directory Tools
You are thinking that what are the main components of Active Directory tools? Let’s discuss the following container objects:
- Domain trees
Seeing the Forest
Forest is the largest container object within Active Directory. The forest container defines the fundamentals security boundary within Active Directory, which means that a user can access resources across an entire Active Directory forest using a single logon/password combination. An additional logon would be required to access resources across more than one forest.
To improve the efficiency of Active Directory, Active Directory divides information into multiple partitions, also called naming contexts (NCs). Each domain controller’s copy of the ntds.dit database file will contain a minimum of three NCs. The following two NCs are replicated forest-wide and are thus stored in the ntds.dit file on every domain controller in a forest.
- The schema partition, or Schema NC, contains the rules and definitions that are used for creating and modifying object classes and attributes within Active Directory.
- The configuration partition, or Configuration NC, contains information regarding the physical topology of the network, as well as other configuration data that must be replicated throughout the forest.
Because the schema NC is replicated forest-wide, each Active Directory forest has a single schema that is shared by every domain and domain tree within the forest. The information in the configuration NC is similarly shared by all domains in a single forest.
Each domain controller also stores a copy of the Domain NC, which is replicated to each DC within a single domain. The Domain NC consists of users, computers, and other resources information for a particular Active Directory domain.
Deploying Domain Trees and Domains
An Active Directory domain tree is a logical grouping of network resources and devices that can contain one or more domains configured in a parent-child relationship. Each Active Directory forest can contain one or more domain trees, each of which can in turn contain one or more domains. Active Directory domains create an administrative boundary of resources that can be managed together as a logical unit.
Within a forest, Active Directory relies on domain trees and domains to create smaller administrative boundaries. These partitions divide the database into manageable pieces that separate forest-wide information from domain-specific information.
Active Directory domain names most often reflect the registered Internet domain name of the company. Although Windows Server 2003 and Windows Server 2008 allow renaming of domain names, it is best to start with an organization’s registered DNS name if possible. Changing a domain name is a nontrivial process because all references to the domain must also be changed.
Every Active Directory domain has an associated domain partition, or Domain NC, that is replicated to each domain controller within a particular domain. Each domain’s Domain NC contains information about the objects that are stored within that domain: users, groups, computers, printers, OUs, and more. This Domain NC is replicated to all domain controllers in a single domain with the forest-wide Schema and Configuration NCs. Active Directory information within a domain is replicated to all domain controllers within the domain to provide redundancy, fault tolerance, and load balancing for resources within the domain.
Although not considered to be a formal partition, the Active Directory global catalog also needs to be replicated throughout the forest. In contrast to the Domain NC, the global catalog does not replicate to all domain controllers. Rather, it replicates only to domain controllers that have been specifically configured to hold the global catalog. These domain controllers are known as global catalog servers.
Working with Organizational Units
An Active Directory domain can contain one or more organizational units (OUs) that can further subdivide users and resources. An OU is a container that represents a logical grouping of resources that have similar security or administrative guidelines.
Like the parent-child relationships possible with domains, OUs can be nested in a hierarchical fashion in which a parent OU can contain one or more child OUs. Each child OU can be a parent to child OUs of its own. However, although it is possible to create a nested OU structure containing a number of parent-child relationships, you must consider that these subsequent relationships can make the administration of OUs difficult it they are nested too deeply.
An Active Directory OU structure can reflect the logical structure of the organization by modeling the company’s organizational chart, depicting employees and their respective departments, or by organizing users according to their resource needs. For example, all users who have similar resource needs can be placed in an OU for ease of management if this best supports the business needs of the organization. By default, security settings that are applied to an OU will be inherited by all child objects of the container. This simplifies management by allowing you to apply a security setting once at the OU level rather than applying a setting individually to dozens or hundreds of user or computer objects contained within that OU.
Administration of an OU also can be delegated to a departmental supervisor or manager and thus can allow that person to manage day-to-day resource access or more mundane tasks, such as resetting passwords. This is referred to as delegation of control. Each container or OU can be created with custom security guidelines in mind, allowing detailed administrative control.
OUs of Active Directory tools can contain the following objects:
- Shared folders
Beginning in Windows Server 2003, Active Directory also includes a fourth partition type called an application partition. Application partitions provide fine control. Administrators can direct where information is replicated to a domain or forest. This results in greater flexibility and better control over replication performance. These are the basic Active Directory tools.