In my Previous posts I explained ADDS and It's Roles including installation, configuration, Management of
ADDS. Now it's time to have a better understating of Active Directory Components. so we are going to read them in a sequence . what are the Active Directory Components and what they do . so let's begin with
the first one.
Active Directory Data Store: As we know Active Directory stores it's Identities in a Directory in a format of a file and that file is known NTDS.dit and by default that file is located in %systemRoot% \ntds folder. you can say it's heart of Active Directory .The database is divided in many partition including schema,configuration and the domain naming context that contains the data about users, groups, computer within the domain. there may be an application partition in a Active directory(Application partition is a space in a Active directory that can be used to store information about a specific application . you must keep in mind that security principle can not be stored in a application partition ) now most of the people face difficulties to understand what the schema is, what this term means. Schema is a structure described in a formal language. Schema determines what would be the layout of the data in a database it also determine what can be stored in a database .
Domain Controller: As Defined by Microsoft, Computer that functions as a server within the domain can have one or two roles:1> Member Server 2> domain Controller. 1: Member Server> Member of the domain , a domain can have one or two or 100 or so. A member server can act like file server,Webserver If we talk about domain controller It is responsible for host access to domain resources. if someone says that my domain name is xyz.com that means AD has been configured to gain access to windows network resources.
Domain: The term domain can refer either to a local subnetwork or to descriptors for sites on the Internet such as www.google.com . Remember one or more domain controllers are required to create a Active Directory Domain. A domain Defines the boundaries administrative Polices such as Account lockout , password policy , password complexity . you might have seen when you create an account on website for
example on gmail , yahoo. facebook you fill your user and name password when you enter the password
you seen it says that password must be between 6 to 16 character long that is Actually password complexity policy that has been configured by websites Server admin or the member of the group. A good example of
Account lockout policy would be > when you enter a wrong password more than 3 times or 5 times depends on the Account lockout policy you get an error message you have exceeded the limit of password
your Account has been blocked. Try in next 24 hours and this 24 hours duration of resetting a password is Account Threshold policy. All these policy can be configured on a domain. I hope that Domain term is pretty clear to understand .
Forest: A forest is collection of one or more Active Directory Domain Controller. If you install first domain
in the forest that would be forest root domain. A forest is single instance of the directory -no data will be replicated by Active Directory outside of the Forest.
Tree: The DNS Namespace of domains in a forest creates Tree within the Forest.If a domain is a sub domain of another domain or you can say two domains are considered a Tree. For example google.com
contains two domain. Google.com and Tech.google.com both domain are using the same DNS Namespace.
so they are a single tree. if the two domains are like comcast.net or comcast.com which are not contiguous in
the DNS Namespace . The domain will be considered to have two Trees.
Functional Level: Functional Level determines the functionality of a domain or a forest. When you install ADDS you get this option to select. Functional level. In an ADDS Functional level is a setting enable advance feature that you can use accordingly . There are six domain functional level as you can see in image .
As you raise the functional level of your domain or forest . you enable all the feature available in that version of windows server
for example if you raise the functional level from 2003 to 2008 or 2008R2 all the feature which are available are ready to use such as Recycle bin etc.I must mention here about the functional level you need be very sure beforeyou raise functional level because once you raise it you can not revert it. it is not impossible you can revert it but you will have to do forest recovery. when you raise the functional level the communication between domain controller is changed and it also change the storage in Active Directory database. It's highly recommended to use Adprep.exe command line utility must be completed accordingly.
Organizational Unit: An organizational unit (OU) is a subdivision within an Active Directory into which you can place users, groups, computers, and other organizational units. You can create organizational units to mirror your organization's functional or business structure. Each domain can implement its own organizational unit hierarchy. If your organization contains several domains, you can create organizational unit structures in each domain that are independent of the structures in the other domains.
The term "organizational unit" is often shortened to "OU" in casual conversation. "Container" is also often applied in its place, even in Microsoft's own documentation. All terms are considered correct and interchangeable.
ADDS. Now it's time to have a better understating of Active Directory Components. so we are going to read them in a sequence . what are the Active Directory Components and what they do . so let's begin with
the first one.
Active Directory Data Store: As we know Active Directory stores it's Identities in a Directory in a format of a file and that file is known NTDS.dit and by default that file is located in %systemRoot% \ntds folder. you can say it's heart of Active Directory .The database is divided in many partition including schema,configuration and the domain naming context that contains the data about users, groups, computer within the domain. there may be an application partition in a Active directory(Application partition is a space in a Active directory that can be used to store information about a specific application . you must keep in mind that security principle can not be stored in a application partition ) now most of the people face difficulties to understand what the schema is, what this term means. Schema is a structure described in a formal language. Schema determines what would be the layout of the data in a database it also determine what can be stored in a database .
Domain Controller: As Defined by Microsoft, Computer that functions as a server within the domain can have one or two roles:1> Member Server 2> domain Controller. 1: Member Server> Member of the domain , a domain can have one or two or 100 or so. A member server can act like file server,Webserver If we talk about domain controller It is responsible for host access to domain resources. if someone says that my domain name is xyz.com that means AD has been configured to gain access to windows network resources.
Domain: The term domain can refer either to a local subnetwork or to descriptors for sites on the Internet such as www.google.com . Remember one or more domain controllers are required to create a Active Directory Domain. A domain Defines the boundaries administrative Polices such as Account lockout , password policy , password complexity . you might have seen when you create an account on website for
example on gmail , yahoo. facebook you fill your user and name password when you enter the password
you seen it says that password must be between 6 to 16 character long that is Actually password complexity policy that has been configured by websites Server admin or the member of the group. A good example of
Account lockout policy would be > when you enter a wrong password more than 3 times or 5 times depends on the Account lockout policy you get an error message you have exceeded the limit of password
your Account has been blocked. Try in next 24 hours and this 24 hours duration of resetting a password is Account Threshold policy. All these policy can be configured on a domain. I hope that Domain term is pretty clear to understand .
Forest: A forest is collection of one or more Active Directory Domain Controller. If you install first domain
in the forest that would be forest root domain. A forest is single instance of the directory -no data will be replicated by Active Directory outside of the Forest.
Tree: The DNS Namespace of domains in a forest creates Tree within the Forest.If a domain is a sub domain of another domain or you can say two domains are considered a Tree. For example google.com
contains two domain. Google.com and Tech.google.com both domain are using the same DNS Namespace.
so they are a single tree. if the two domains are like comcast.net or comcast.com which are not contiguous in
the DNS Namespace . The domain will be considered to have two Trees.
Functional Level: Functional Level determines the functionality of a domain or a forest. When you install ADDS you get this option to select. Functional level. In an ADDS Functional level is a setting enable advance feature that you can use accordingly . There are six domain functional level as you can see in image .
As you raise the functional level of your domain or forest . you enable all the feature available in that version of windows server
for example if you raise the functional level from 2003 to 2008 or 2008R2 all the feature which are available are ready to use such as Recycle bin etc.I must mention here about the functional level you need be very sure beforeyou raise functional level because once you raise it you can not revert it. it is not impossible you can revert it but you will have to do forest recovery. when you raise the functional level the communication between domain controller is changed and it also change the storage in Active Directory database. It's highly recommended to use Adprep.exe command line utility must be completed accordingly.
Organizational Unit: An organizational unit (OU) is a subdivision within an Active Directory into which you can place users, groups, computers, and other organizational units. You can create organizational units to mirror your organization's functional or business structure. Each domain can implement its own organizational unit hierarchy. If your organization contains several domains, you can create organizational unit structures in each domain that are independent of the structures in the other domains.
The term "organizational unit" is often shortened to "OU" in casual conversation. "Container" is also often applied in its place, even in Microsoft's own documentation. All terms are considered correct and interchangeable.
nice post !!
ReplyDeleteThanks
ReplyDelete