Posted by vikas vohra | 0 comments

Components of an active directory infrastucture

Components of an active directory infrastucture : 

1. Active Directory Data Store :
As mentioned in the previous section, AD DS stores its identities
 in the director y—a data store hosted on domain controllers. The directory is a single
f ile named Ntds.dit and is located by default in the %SystemRoot%\Ntds folder on a
domain controller. The database is divided into several partitions, including the schema,
conf iguration, global catalog, and the domain naming context that contains the data
about objects within a domain—the users, groups, and computers, for example.

2.Domain Controller : 
Domain controllers, also referred to as DCs, are servers that perform
the AD DS role. As part of that role, they also run the Kerberos Key Distribution services.
3. domain : 
One or more domain controllers are required to create an Active Directory doman.
 A domain is an administrative unit within which certain capabilities and charac-
teristics are shared. First, all domain controllers replicate the domain’s partition of the
data store, which contains among other things the identity data for the domain’s users,
g roups, and computers.

4. Forest : 
A Forest is a collection of one or more Active Directory domains. The first domain
installed in a forest is called the forest root domain.
 A forest contains a single definition of 
network configuration and a single instance of the directory schema. A forest is a single
instance of the directory—no data is replicated by Active Directory outside the boundaries
of the forest. Therefore, the forest defines a security boundary. Chapter 12 will explore the
concept of the forest further.
5. Tree : 
The DNS namespace of domains in a forest creates trees within the forest. If a
domain is a subdomain of another domain, the two domains are considered a tree. 

6.functional Level : 

The functionality available in an Active Director y domain or forest

depends on its functional level.
The functional level is an AD DS setting that enables
advanced domain-wide or forest-wide AD DS features. There are three domain functional
levels, Windows 2000 native, Windows Server 2003, and Windows Server 2008 and two
forest functional levels, Microsoft Windows Server 2003 and Windows Server 2008. As
you raise the functional level of a domain or forest, features provided by that version of
Windows become available to AD DS. 

7. site : 
When you consider the network topology of a distributed enterprise, you will cer-
tainly discuss the network’s sites. Sites in Act ive Director y, however, have a very specific
meaning because there is a specif ic object class called site.
An active directory site is an object that represents a portion of the enterprise within which network connectivity is good.
 A site creates a boundary of replication and service usage. Domain controllers
within a site replicate changes within seconds. Changes are replicated between sites on
a controlled basis with the assumption that intersite connections are slow, expensive, or
unreliable compared to the connections within a site. Additionally, clients will prefer to
use distributed services provided by servers in their site or in the closest site. For exam-
ple, when a user logs on to the domain, the Windows client first attempts to authenticate
with a domain controller in its site. Only if no domain controller is available in the site
will the client attempt to authenticate with a DC in another site. Chapter 11 details the
configuration and functionality of Active Directory sites.