This document provides an overview of Active Directory, including its logical and physical structures. Logically, Active Directory uses domains, organizational units (OUs), trees, and forests to organize objects in a hierarchical manner. Physically, it leverages sites and domain controllers to replicate data across network locations. Key Active Directory components include objects like users and groups, attributes that describe these objects, and the schema that defines object classes and permissible attributes.

1. Lecture 3
1

2.  Introduction to Active Directory
 Active Directory Logical Structure
 Active Directory Physical Structure
2

3.  What Is Active Directory?
 Active Directory Objects
 Active Directory Schema
 Lightweight Directory Access Protocol (LDAP)
3

4. 4
DDiirreeccttoorryy SSeerrvviiccee
FFuunnccttiioonnaalliittyy
  Organize
  Manage
  Control
RReessoouurrcceess
CCCCeeeennnnttttrrrraaaallliliiizzzzeeeedddd M MMMaaaannnnaaaaggggeeeemmmmeeeennnntttt
  Single point of administration
  Full user access to directory
resources by a single logon

5.  A directory service stores all the information
needed to use and manage these objects in a
centralized location, simplifying the process of
locating and managing these resources.

6.  What Is a Directory Service?
 What Is a Schema?
 What Is the Global Catalog?
6

7. A structured repository of information about people and
resources in an organization
Domain
OU1
Computers
Computer1
Users
User1
Users
User2
OU2
Printers
Printer1
KimYoshida
Attributes Values
Name
Building
Floor
Kim Yoshida
117
1
A repository is a collection of resources that can be
accessed to retrieve information. Repositories often consist
of several databases tied together by a common search
engine. 7

8. defines all the objects and attributes that the directory service uses
to store data
Examples of object
class
User
Computer
Printer
Examples of
attributes
accountExpires
distinguishedName
directReports
dNSHostName
operatingSystem
firstName
lastName

9.  The global catalog is the central repository of
information about objects in a tree or forest. By
default, a global catalog is created automatically on
the initial domain controller in the first domain in the
forest. A domain controller that holds a copy of the
global catalog is called a global catalog server.
 It stores only attributes about each objects ,such as
objects location
GGlloobbaall CCaattaalloogg
RReeaadd OOnnllyy

10. ◦ Provide a way to design and administer the
hierarchical structure, logical structure of the
network Include
 Domains and organizational units
 Trees and forests

11. Domain
Domain Domain
Domain
Domain
Domain
OU
OU OU
DDoommaaiinn TTrreeee
DDoommaaiinn
OOrrggaanniizzaattiioonnaall UUnniitt
FFoorreesstt
OObbjjeeccttss

12.  Logical collection of users and computers.
 Several benefits of domain
 Enable you to organize objects within a
single dept. or location.
 Act as a security boundaries.
 Domain Objects are fully replicated to the
domain controller’s within a domain, not to
other domains .

13.  Contiguous linking of one or more
AD domains that shares a common
namespace or in a Parent-Child
Relationship.
 Two-way transitive trust
automatically created
 Tree Root Domain :- first domain in
a tree or parent domain
Parent Domain
Child Domain
PPaarerenntt
CChhilidld
New
Domain
Tree Root Domain
contoso.msft
sales.contoso.msft

14.  Combination of One or More Trees
 A forest is a disjointed namespace
 www.microsoft.com
 www.msn.com
 Transitive Trusts created automatically

15. Domain
OU
OU Domain OU
Objects
Tree
Domain
 The Forest Root Domain Is
the First Domain Created
in a Forest
Domain
Domain
Domain
Tree
Forest
Forest Root Domain
Tree Root Domain

16.  An organizational unit (OU) is a subdivision within an Active
Directory into which you can place users, groups, computers,
and other organizational units. You can create organizational
units to mirror your organization's structure.
 Implements a Structure inside a Domain
 Can be nested as needed
 Can not be assigned any rights
 Typically used for Administrative Reasons
OU
◦ e.g. System Policies
OU Domain OU
Objects

17.  Benefits of using OUs
◦ Easier to locate and manage the Active Directory objects
◦ Define more advanced features by applying Group Policy to
an OU
◦ Delegate administrative control over OUs

18.  Not related to logical Structure
 Modeled via „Sites“
 A site is well connected via fast Network Links
 One Site can home multiple Domains
 One Domain can spread across many Sites
 Domain Database is stored on Domain Controllers

19.  Sites
 Domain controllers
 WAN links
SSiittee
DDoommaaiinn CCoonnttrroolllleerrss
WWAANN LLiinnkk
SSiittee
A site is one or more IP subnets connected
by a fast and reliable link.

20.  Domain Controller is a server on a Microsoft Windows
Network that is responsible for allowing host access to
Windows domain resources. The domain controllers in
your network are the centerpiece of your Active
directory service. It stores user account information,
authenticates users and enforces security policy for a
Windows domain

21. Contoso.msft
Finance
Sales
Suzan Fine
21
Lightweight Directory Access Protocol (LDAP)
RReellaattiivvee ddiissttiinngguuiisshheedd nnaammee
CN=Suzan Fine,OU=Sales,OU=Finance,DC=contoso,DC=msft