Active Directory Components



AD basically is divided by two structures, Logical Structures and Physical Structures. (all AD component are inside this two
structures)

Domains, organizational units (OUs), domain trees and forests are considered logical structures. Sites and domain controllers are considered physical structures.

Logical Structures


  • Forest, whole your entire Active Directory within an organization, you call it forest, as you can see in the pictures forest consist of domain, child domain, sites and etc.

  • Domain, one area of your active directory network, within that area you can shares resources( File Server, Print Server, email server and etc)

Parent Domain, First installation of your AD, you call it first forest and first domain(1Server as an AD). For the example as you    can see from the picture contoso.com as a parent domain from Jakarta.contoso.com.

Child Domain, You can create the child domain after you have deployed your first domain, and the the child name will followed       parent domain, consideration to have a child domain is usually for branch office want to all their network resource on their own      or they(branch office) want to have separate database from Head Quarter. For the example as you can see from the picture       jakarta.contoso.com as a child domain from contoso.com.

Different Domain in same Forest, The same like child domain, installed after first domain deployed in a forest but have different    name from the parent(totally different name). For the example as you can see from the picture Woodgrovebank.com is a different     domain from contoso.com but it is still within the same forest.

  • Domain Tree, domain that are grouped in hierarchical structures, and how they link together. 
  •   Organizational Units(OU) is an container, for each object you have inside your Active Directory, you can put user, computer,group, and also you can put another OU inside your current OU.
  •  Objects(Groups, Computers, Users, Servers and etc), smallest part of your AD logical structure, that you have it under your network.

Physical Structures


The physical locations and hardware, where are you going to place your AD

Sites In Active Directory, sites are formed through the grouping of multiple subnets. Sites are typically defined as locations in which network access is highly reliable, fast, and not very expensive.
             A Group of all your network resources inside your AD infrastructures, and also where you can place your DC inside Within   a site, each DC replicate frequently, but with a different site you can schedule when do you want your AD database replicate to       each others. And you can Also have a bridge(DC) to do replication with another site so there is need for DC’s replicate the       database to each others, like you can see in the picture above :

      Explanation : DC(bridge) in Bandar Replicate two ways with ADC(bridge) in Kuala Belait, and between ADC in kuala belait they          replicate to each other but from ADC(KB) no need to replicate to ADC(Bandar), just replicate everything from Bandar DC(which is       as a bridge) it will consume quite a lot of bandwidth for you WAN Link.

Domain Controllers (DCs)


A domain controller is a server that stores a write copy of Active Directory. They maintain the Active Directory data store. Certain master roles can be assigned to domain controllers within a domain and forest. Domain controllers that are assigned special master roles are called Operations Masters. These domain controllers host a master copy of particular data in Active Directory. They also copy data to the remainder of the domain controllers. There are five different types of master roles that can be defined for domain controllers. Two types of master roles, forest-wide master roles, are assigned to one domain controller in a forest. The other three master roles, domain-wide master roles, are applied to a domain controller in every domain.

Thus, a server with an Active Directory installed, you can called it as a DC, but to more specified
      DC are also divided into 3 :

  • DC (Domain Controller), A Server with Active Directory Installed, and holding Operations Master, writeable AD.
  • ADC (Additional Domain Controller), A Server with AD Installed, and without holding Operations Master, Writeable AD.
  • RODC (Read Only Domain Controller), A Server with AD installed, without Operations Master and Read Only AD.

Continued Active Directory Concepts Part 3