Trees, Forests, Active Directory - Kahani Kya Hai Boss?
NXIT Services Private Ltd.
NXIT Services Private Limited is technology focused organization.
In our previous articles we discussed the "homework" that needs to be done for an effective AD Implementation. Those were some prerequisites to establishing a successful and smooth AD in your organization. You got a bird's eye view of the tiered structure in AD - domain > tree > forest all the way to OU/container. A planned tiered structure helps in providing security boundaries, sharing a common database and can be managed for settings such as authentication and encryption. So here is a basic AD - deconstructed :
?
Organizational Units
OUs as the name suggests,??organizes users, groups and devices. In an OU, objects such as user accounts, service accounts, or computer accounts are logically grouped. Each domain can contain its own OU. Each user or object in an OU will be unique. It can not exist in two or multiple different OUs, otherwise it defies the purpose.
?
Containers
Container is??similar to OUs, but Group Policy Objects cannot be applied or linked to container objects. The most common difference between a Container and an Organizational Unit is that an Organizational Unit can receive Group Policies.
?
领英推荐
Domain
A domain is a collection of objects within the same Active Directory. An object has to be a single entity like a single user or it can be a hardware component.
?
Tree
A group of domains is called a tree. There will be a logical hierarchy to gather the tree structure from multiple domains. Think of it as a trust relationship (more on trust in our next article). Multilevel domains can be involved where one domain trusts another.The second domain, in turn, has a trust relationship with the third and so on. Given the hierarchical nature of this setup, there will be an implicit trust between the first and the third domain.
?
Forest
A group of multiple trees is called a forest. It is a logical construct comprising of domain configurations, application information, directory scheme etc. Technically, it is possible to include an unlimited number of domains in a forest.
?
Are you thinking of implementing an Active Directory for your organization, or do you want to know more about it? Feel free to reach out to us at [email protected].