Active Directory: Structure and Components

Active Directory provides a method to design a directory structure that meets the needs of any organization. It has many advantages, such as system scalability and ease in locating resources throughout a network.

• Active Directory allows a single point of management for all public resources, which may include files, peripheral devices, connections to databases, web access, users, services, etc.
• It uses the Internet DNS as the location service.
• Active Directory components are used to build a directory structure reflecting the needs of an organization.

Logical Structure

The logical structure of the organization is represented by domains, organizational units, trees, and forests.

• Domain: The central unit of the logical structure of Active Directory is the domain, which can store millions of objects. The objects that are stored in a domain are, for example, printers, documents, email addresses, databases, and users. All network objects exist in a domain, and each domain stores information only about the objects it contains. Active Directory is composed of one or more domains. A domain contains access control lists (ACLs); they control access to objects in the domain. The ACLs contain the permissions associated with objects that control which users can access an object.
• Organizational Unit: An organizational unit (OU) is a container that is used to organize objects within a domain into groups that reflect the functional structure of an organization. For example, a domain miempresa.com can contain three OUs: sales, orders, and accounting. If at any given time the number of orders increases and the administration of the company requires the inclusion of a person to work with the department responsible for ordering, you can assign a user account to that person who only has the capacity to create user accounts and give users access to files in the order department and shared printers. Instead of creating another domain, the situation can be resolved by assigning the account created the appropriate permissions within the OU orders.
• Tree: A group or a ranking of one or more Windows 2000/2003 domains can be created by adding one or more child domains to an existing domain.
• Forest: A forest is a grouping or hierarchical configuration of one or more completely different and independent domain trees.

Physical Structure

The physical components of Active Directory are sites and domain controllers.

• Site: A site is a combination of one or more subnets using IP (Internet Protocol) connected by a high-speed connection and reliability that allows you to group as much traffic as possible. Normally, a site is a local area network (LAN).
• Domain controller: A domain controller is a Windows 2000/2003 Server that stores a copy of the domain directory (local database of the domain). Since a domain can contain one or more domain controllers, all domain controllers in a domain have a complete copy of the directory. Each domain controller stores a complete copy of all Active Directory information for that domain, manages changes, and replicates (extends) these changes to other domain controllers in the same domain. Having more than one domain controller in a domain is important because it provides fault tolerance. If a domain controller is offline, another domain controller can provide all the necessary functions.