What Is Active Directory?
Active Directory consists of a series of components that constitute both its logical structure and its physical structure. It provides a way for organizations to centrally manage and store their user objects, computer objects, group membership, and define security boundaries in a logical database structure.
What is the Purpose of Active Directory?
Active Directory stores information about users, computers, and network resources and makes the resources accessible to users and applications. It provides a consistent way to name, describe, locate, access, manage, and secure information about these resources.
What are the Functions of Active Directory?
Active Directory provides the following functions:
- Centralizes control of network resources By centralizing control of resources such as servers, shared files, and printers, only authorized users can access resources in Active Directory.
- Centralizes and decentralizes resource management Administrators have Centralized Administration with the ability to delegate administration of subsets of the network to a limited number of individuals giving them greater granularity in resource management.
- Store objects securely in a logical structure Active Directory stores all of the resources as objects in a secure, hierarchical logical Structure.
- Optimizes network traffic The physical structure of Active Directory enables you to use network bandwidth more efficiently. For example, it ensures that, when users log on to the network, the authentication authority that is nearest to the user, authenticates them reducing the amount of network traffic.
What Are Objects?
An object is a distinct set of attributes that represents a network resource (a user, a computer, a group policy, etc), and object attributes are characteristics of that object stored in the directory. For example, some of the attributes of a user object might include the user’s first name, last name, department, and e-mail address in addition to others.
What Are Organizational Units?
An organizational unit (OU) is a versatile container object used to organize objects within a domain into logical administrative groups. These logical administrative groups can include just one type of object or multiple types depending on how an administrator wants to structure it. Think of an OU as a large box that can contain many things, including other boxes (other OUs called sub-OUs), and those boxes can then contain additional boxes (additional sub-OUs) as well.
What Are Domains?
The Domain is the core unit of logical structure in Active Directory. Grouping objects into one Or more domains allow a company’s organization to be reflected in its network. All network objects exist within a domain, and each domain stores information only about the objects it contains (objects that belong to that domain).
What Are Trees?
A tree is a grouping or hierarchical arrangement of one or more Windows 2000 / 2003 domains that allow global resource sharing. A tree may consist of a single Windows 2000 domain or multiple domains in a contiguous namespace. You can create a larger tree (contiguous namespace) by joining multiple domains in a hierarchical structure, since all domains within a single tree share a common namespace and a hierarchical naming structure. Following naming conventions, the domain name of a child domain is the name of that child domain appended with the name of the parent domain.
What Are Forests?
A forest is a grouping of one or more trees. As noted above with our example of tailspintoys.com and nwtraders.com, each of those is a tree within our forest even though their naming conventions are not related. It does not matter if each Tree is made up of a single, or multiple domains. Forests allow organizations to group together divisions that do not use the same naming scheme, and may need to operate independently, but still need to communicate with the entire organization via transitive trusts, and share the same schema and configuration container.
The first domain in the forest is called the forest root domain. The name of that domain refers to the forest, such as nwtraders.msft. By default, the information in Active Directory is shared only within the forest. This way, the forest is a security boundary for the information that is contained in the instance of Active Directory.
How many types of replication in Active Directory?
Active Directory Intrasite Replication
Intrasite replication in Active Directory takes place between domain controllers within the same site. This makes intrasite replication an uncomplicated process. When changes are made to the replica of Active Directory on one particular domain controller, the domain controller contacts the remainder of the domain controllers within the site. The domain controller checks the information it contains against information hosted by the other domain controllers. To perform this analysis, the domain controller utilizes logical sequence numbers. Intrasite replication utilizes the Remote Procedure Call (RPC) protocol to convey replication data over fast, reliable network connections. With intrasite replication, replication data is not compressed.
Active Directory Intersite Replication
Intersite replication takes place between sites. Intersite replication can utilize either RPC over IP or SMTP to convey replication data. This type of replication has to be manually configured. Intersite replication occurs between two domain controllers that are called bridgeheads or bridgehead servers. The role of a bridgehead server (BS) is assigned to at least one domain controller in a site. A BS in one site deals with replicating changes with other BSs in different sites. You can configure multiple bridgehead servers in a site. It is only these BSs that replicate data with domain controllers in different domains by performing intersite replication with its BS partners. With intersite replication, packets are compressed to save bandwidth. This places additional CPU load on domain controllers assigned the BS role. BSs should therefore be machines that have enough speed and processors to perform replication. Intersite replication takes place over site links by a polling method which is every 180 minutes by default.