Active Directory stores  information about the resources / objects on the entire network and make it easy for the users to locate, manage, and use these resources.

Improvements Made by Active Directory

1. The Active Directory account database in Windows Server 2003 can hold a billion  objects. This resolves scalability concerns.

2. Multiple domain controllers can host read/write copies of Active Directory,  eliminating the problems with a single point of failure and poor operational  performance.

3. A Windows 2000 server  can be promoted to a domain controller and demoted back to a member server without the need to reinstall the operating system.

4. Active Directory domains still use “trusts” that  now give full, two-way access to resources and are fully transitive between domains.

Introduction:

                  Active Directory is made up of components that constitute its logical and physical structure. To administer Active Directory, we must understand the purpose of these components

Logical Structure :

The logical structure of Active Directory provides methods for organizing network resources such as computers, printers, users and groups. It is made up
of objects, organizational units, domains, domain trees, and forests.


1. Objects 

The object is the most basic component of the logical structure. Object  classes are template for the types of objects that can be created in Active Directory. Each object class is defined by a group of attribute. Attributes define the possible values that can be associated with an object. Each object has a unique combination of attribute values.


2. Organizational units 

Organizational units are container objects that are used to group other objects in a manner that supports your administrative purposes. By grouping objects by organizational unit in a logical fashion, it becomes easier to locate and administer objects. We can also delegate the authority to administer an organizational unit.  Organizational units can be nested in other organizational units. By nesting organizational units, we can further simplify the administration of objects. 

3. Domains 

Domains are the core functional units in the Active Directory logical structure. A domain is a collection of  objects that share a common directory database, security policies, and security relationships with other domains.  Domains provide the following three functions:
•  Serve as an administrative boundary for objects
•  Help to manage security for shared resources
•  Serve as a unit of replication for objects

4. Domain Trees 

Domains can be grouped together in hierarchical structures that are called trees. When a second domain is added to a tree, it becomes a child of the tree root domain. The domain to which a child domain is attached is called the parent domain. A child domain may in turn have its own child domain.  The name of a child domain is combined with the name of its parent domain to form its own unique Domain Name System (DNS) name. In this manner, a tree has a contiguous namespace.

5.Forests 

Forests are made up of one or more trees, although a single two-level tree is recommended for most organizations. A two-level tree is when all child domains are made children of the forest root domain to form one contiguous tree. The first domain in the forest is called the forest root domain, and the name of that domain is used to refer to the forest. A forest is a complete instance of Active Directory. By default, the information within Active Directory is shared only within the forest. In this way, the forest is a security
boundary for the information contained in the instance of Active Directory.

Physical Structure :

                     The physical structure of Active Directory models the physical structure of the network, and is made up of domain controllers and sites. The physical structure  of Active Directory defines where and when replication and logon traffic occur, and is used to and manage network traffic. The physical structure enables you to optimize network traffic by determining when and where replication and logon traffic occur.  The elements of the Active Directory physical structure are :

1. Domain controllers 

Domain controller performs storage and replication functions. A domain controller can support only one domain. A domain can have one or more domain controllers.

2. Active Directory sites 

Created mainly to optimize replication traffic and to enable users to connect domain controllers by using reliable , high speed connection. A site is a group of well-connected computers. When sites are established, domain controllers within a single site communicate frequently. This communication minimizes the latency within the site. Latency is the time required for a change that is made on one domain controller to be replicated on other domain controllers. You create sites to optimize the use of bandwidth between separated domain controllers. There can be multiple domains in a single site and single site can have multiple sites.

Note : We use Logical structure to organize the network resources and Physical structure to manage the network traffic.

To View the Logical and Physical Sctructure of Active Directory

                                 The logical and physical structure of Active Directory can be viewed by using tools such as Active Directory Users and Computers, Active Directory Sites and Services, Active Directory Schema, ADSI Edit, and Active Directory Domains and Trusts. To view the Active Directory logical and physical structure, perform the following steps:

1.Open Active Directory Users and Computers and view the organizational
units in Active Directory. To do so, perform the following steps:


a.  Click Start, All Programs, Administrative Tools, and then click
Active Directory Users and Computers.
b.  In the left pane, double-click Active Directory Users and computers.
c.  In the left pane, double-click the domain for which you want to view the organizational units.
d.  Display the Properties page for each container in the left pane and determine the object type by using the Object class information on the Object tab.
You can also view the organizational units in Active Directory by using the
ADSI editor. The ADSI Edit snap-in is not installed by default. To install it, use the
support tools installer, Suptools.msi, which is located in the \Support\Tools
folder of the Windows Server 2003 product CD.

2.  Open Active Directory Domains and Trusts to view the logical structure
of Active Directory. To do so, perform the following steps:
a.  Click Start, All Programs, Administrative Tools, and then click
Active Directory Domains and Trusts.
b.  In the left pane, expand the node that represents the forest-root domain
to view the domains that make up the logical structure of Active
Directory.

3.  Open Active Directory Sites and Services and view the physical structure
of Active Directory. To do so, perform the following steps:
a.  Click Start, All Programs, Administrative Tools, and then click
Active Directory Sites and Services.
b.  In the left pane, expand the Sites folder.
c.  Click the folder that represents the site for which you want to view a list
of servers.
d.  Click the Servers folder to view a list of servers in the right pane.

What Does Active Directory Do?

1. Active Directory stores information about users, computers and network resources, and makes the resources accessible to users and applications. It does this by providing a consistent way to name, describe, locate, access, manage, and secure information about these resources.

2. Active Directory provides centralized control of network resources, such as servers, shared files, and printers, and allows only authorized users to gain access to resources throughout Active Directory.

3. With Active Directory, you can centralize or delegate the administration of resources and objects as appropriate. Administrators can manage distributed desktops, network services, and applications from a central location by using a consistent management interface, or they can distribute administrative tasks by
delegating control of resources to other administrators.

4. When Active Directory is installed, all resources in a Windows Server 2003 network are stored in Active Directory as objects. These objects are organized in a secure, hierarchical logical structure.

5.The physical structure of Active Directory enables you to optimize the use of network bandwidth. For example, the physical structure of Active Directory ensures that, when users log on to the network, they are authenticated by the authentication authority that is nearest to the user, thus reducing the amount of network traffic.

Posted by Shiny Thursday, October 22, 2009

0 comments

Subscribe here