Active Directory

AD is essentially a large database accessible to all users within the domain, regardless of their privilege level
A forest is the security boundary within which all objects are under administrative control.
- A forest may contain multiple domains,
  - and a domain may include further child or sub-domains
    A domain is a structure within which contained objects (users, computers, and groups) are accessible
    It has many built-in Organizational Units (OUs), such as Domain Controllers, Users, Computers, and new OUs can be created as required.
    OUs may contain objects and sub-OUs, allowing for the assignment of different group policies.

At a very (simplistic) high level, an AD structure may look as follows:

INLANEFREIGHT.LOCAL/
├── ADMIN.INLANEFREIGHT.LOCAL
│   ├── GPOs
│   └── OU
│       └── EMPLOYEES
│           ├── COMPUTERS
│           │   └── FILE01
│           ├── GROUPS
│           │   └── HQ Staff
│           └── USERS
│               └── barbara.jones
├── CORP.INLANEFREIGHT.LOCAL
└── DEV.INLANEFREIGHT.LOCAL

INLANEFREIGHT.LOCAL is the root domain
- contains the subdomains (either child or tree root domains)
  - ADMIN.INLANEFREIGHT.LOCAL
  - CORP.INLANEFREIGHT.LOCAL
  - DEV.INLANEFREIGHT.LOCAL
The graphic below shows two forests, INLANEFREIGHT.LOCAL and FREIGHTLOGISTICS.LOCAL
The two-way arrow represents a bidirectional trust between the two forests, meaning
- that users in INLANEFREIGHT.LOCAL can access resources in FREIGHTLOGISTICS.LOCAL and vice versa.

Active Directory Terminology

Active Directory Terminology

Active Directory Objects

Active Directory Objects

PreviousActive Directory Objects NextActive Directory Functionality

Last updated 11 months ago