Active Directory  «Prev 

Active Directory Domain Functions

Structure and Storage Technologies

Domains can be structured in a forest to provide data and service autonomy and to optimize replication with a given region. This separation of logical and physical structures improves manageability and reduces administrative costs because the logical structure is not affected by changes in the physical structure. The logical structure also makes it possible to control access to data. This means that you can use the logical structure to compartmentalize data so that you can control access to it by controlling access to the various compartments.
The data that is stored in Active Directory can come from many diverse sources. With so many different data sources and so many different types of data, Active Directory must employ some type of standardized storage mechanism so that it can maintain the integrity of the data that it stores. In Active Directory, objects are used to store information in the directory, and all objects are defined in the schema. The object definitions contain information, such as data type and syntax, that the directory uses to ensure that the stored data is valid. No data can be stored in the directory unless the objects that are used to store the data are first defined in the schema.
The default schema contains all the object definitions that Active Directory needs to function. However, you can also add object definitions to the schema. While the directory is exposed to you through a logical structure that consists of elements such as domains and forests, the directory itself is implemented through a physical structure that consists of a database that is stored on all domain controllers in a forest. The Active Directory data store handles all access to the database. The data store consists of both services and physical files. These services and physical files make the directory available, and they manage the processes of reading and writing the data inside the database that exists on the hard disk of each domain controller.

In a Windows network, the domain serves as a security boundary. The domain administrator has the necessary permissions and rights to administer within that domain only, unless he is explicitly granted rights in another domain.

Every domain has its own security policies and relationships with other domains.

Domains are also units of replication. All domain controllers in a domain participate in replication and contain a complete copy of all of the directory information for their domain.

Active Directory uses a multi-master replication model. All of the domain controllers in a particular domain can receive changes to information in Active Directory and replicate those changes to all of the other domain controllers in the domain.

After you install Active Directory and establish a domain, the domain and Active Directory are running in mixed mode. A mixed-mode domain supports domain controllers that are running Windows.

Active Directory installs in mixed mode to provide support for existing domain controllers that have not been upgraded to the latest version of Windows.

Native mode domain, all domain controllers run Windows. However, member servers and client computers do not need to be upgraded to Windows before you convert a domain to native mode.

Ad Mastering Active Directory