The Active Directory Domain Services Computer Science

To understand the configuration and management of a multi domain environment, an overview of Active Directory Domain Services referred to here as Active Directory is given.

An AD server is known as a domain controller and is a database that holds objects describing users and resources.

The Active Directory Domain Services role provides a centralised point of control over users, clients, servers and hardware across a network.

AD consists of a highly scalable hierarchical database based on the Microsoft x500 directory service and a means to access the database, Lightweight Directory Access Protocol (LDAP).

The database allows administrators to store users and resources in a manner suitable to their organisational structure. E.g. If an organisation tracks users by location then AD can be structured by location. If it tracks users by department then AD can be structured by department.

The features that make the directory service flexible are:-

Hierarchical organisation allowing administrators simplified management of security policies and resources.

Distributed database, centrally stored data which can be distributed across many network servers for ease of access from multiple locations.

Replication is automatic between domain controllers ensuring data is held in multiple locations for redundancy. Replication ensures domain controllers possess consistent up to date information.

Scalability is provided as AD can store millions of objects and high performance data retrieval is supplied through the Global Catalog Server indexing. All domain controllers are global servers by default.

Security Administrators control access to directory objects and properties through granular access controls. AD supports Kerberos authentication which is compatible with other systems and internet applications.

Flexibility AD is pre-packaged with some objects, such as groups and users. New objects may be added to fit the organisation.

Policy based Admin to ensure security and consistency throughout the enterprise, administrators can set policies for users and apply different sets of rules for objects such as sites, departments or groups.

Structure of a multi domain environment

When installing Active Directory on the first server a Domain, Tree and Forest are automatically created. Below is an example of a multi domain structure with trust connections.

The trust connections are discussed later.

Domain