Configuring the Active Directory Infrastructure

The logical components in Active Directory are stored in a logical structure that contains domains, organizational units, and trees. These logical components allow the grouping of resources of the AD objects. The logical components of an Active directory include:

• Domain: It can span different physical locations and uses access control list (ACL) of an object to decide the access rights of the objects.
• Organizational units (OU): It is a container object of a domain that is used to organize objects into logical administrative group.
• Trees: It is a hierarchical group of domains that belong to a same tree and share contiguous namespace and hierarchical naming structure, as shown in Figure 2- 20.
  

  

• Forests: It is a hierarchical grouping of one or more independent trees. It allows all the domains under it share a common schema and a common global catalog. All the domains in a forest however operate independently but are linked by implicit two-way transitive trusts and thus the communication across all the domains of an organization is possible. The trees in a forest can have their own naming structure according to their domains, as shown in Figure 2-21: Figure 2-21 Section 3.1: