Windows Server 2003 Active Directory and Network Infrastructure
Windows Server 2003 Active Directory is a centralized database that stores the
collection of information about all the resources available on the Windows
Server 2003 domain. It is a hierarchical representation of all the objects and
their attributes available on the network.
Windows Server 2003 Active Directory enables administrators to manage the
network resources, i.e., computers, users, printers, shared folders, etc., in an
easy way. The logical structure represented by Active Directory consists of
forests, trees, domains, organizational units, and individual objects. This
structure is completely independent from the physical structure of the network,
and allows administrators to manage domains according to the organizational
needs without bothering about the physical network structure.
Following is the description of all logical components of the Active Directory structure:
Forest: A forest is the outermost boundary of an Active Directory structure.
It is a group of multiple domain trees that share a common schema but do not form a
contiguous namespace. It is created when the first Active Directory-based
computer is installed on a network.
There is at least one forest on a network. The first domain in a forest is
called a root domain. It controls the schema and domain naming for the entire
forest. It can be separately removed from the forest. Administrators can create
multiple forests and then create trust relationships between specific domains in
those forests, depending upon the organizational needs.
Trees: A hierarchical structure of multiple domains organized in the
Active Directory forest is referred to as a tree. It consists of a root domain and
several child domains. The first domain created in a tree becomes the root
domain. Any domain added to the root domain becomes its child, and the root
domain becomes its parent.
The parent-child hierarchy continues until the terminal node is reached. All
domains in a tree share a common schema, which is defined at the forest level.
Depending upon the organizational needs, multiple domain trees can be included
in a forest.
Domains: A domain is the basic organizational structure of a Windows Server
2003 networking model. It logically organizes the resources on a network and defines
a security boundary in Active Directory. The directory may contain more than one
domain, and each domain follows its own security policy and trust relationships
with other domains.
Almost all the organizations having a large network use domain type of
networking model to enhance network security and enable administrators to
efficiently manage the entire network.