Physical Structure  «Prev 

Physical Aspects of Active Directory

  1. These are some of the important physical aspects of Active Directory.
  2. The physical structure as defined by sites is separate from the logical structure of Active Directory, which is defined by domains.
  3. Sites are created for optimization of replication traffic and more efficient logon authentication.
  4. Domain controllers store a copy of the Active Directory database. There is no designated primary domain controller in a Windows 2000 network.
  5. The cost of global catalog replication is weighed against the need for speedier logon and response to global catalog queries.

Domains and Domain Trees

Active Directory's logical structure is built around the concept of domains. Domains were introduced in Windows NT 3.x and 4.0. However, in Active Directory, domains have been updated significantly from the flat and inflexible structure imposed by Windows NT. An Active Directory domain is made up of the following components:
  1. An X.500-based hierarchical structure of containers and objects
  2. A DNS domain name as a unique identifier
  3. A security service, which authenticates and authorizes any access to resources via accounts in the domain or trusts with other domains
  4. Policies that dictate how functionality is restricted for users or machines within that domain

A domain controller (DC) can be authoritative for one and only one domain. It is not possible to host multiple domains on a single DC. For example, DispersedNet has already been allocated a DNS domain name for its company called, so it decides that the first Active Directory domain that it is going to build is to be named However, this is only the first domain in a series that may need to be created, and is in fact the root of a domain tree. The domain itself is automatically created as the root node of a hierarchical structure called a domain tree. This is literally a series of domains connected together in a hierarchical fashion, all using a contiguous naming scheme. If DispersedNet were to add domains called Europe, Asia, and Americas, then the names would be
  2., and
Each domain tree is called by the name given to the root of the tree; hence, this domain tree is known as the tree. You can see that in the setup of DispersedNet we now have a contiguous set of domains that all fit into a tree. Even if we had only one domain, it would still be a domain tree with one domain.