> For the complete documentation index, see [llms.txt](https://docs.wehost.co.in/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.wehost.co.in/cybersecurity/active-directory.md).

# Active Directory

* AD is essentially a large database accessible to all users within the domain, regardless of their privilege level
* A forest is the security boundary within which all objects are under administrative control.
  * A forest may contain multiple domains,
    * and a domain may include further child or sub-domains
      * &#x20;A domain is a structure within which contained objects (users, computers, and groups) are accessible
        * &#x20;It has many built-in Organizational Units (OUs), such as `Domain Controllers`, `Users`, `Computers`, and new OUs can be created as required.
          * OUs may contain objects and sub-OUs, allowing for the assignment of different group policies.

<figure><img src="/files/59G4OatdmlhEKMwSfwzS" alt=""><figcaption></figcaption></figure>

At a very (simplistic) high level, an AD structure may look as follows:

```shell-session
INLANEFREIGHT.LOCAL/
├── ADMIN.INLANEFREIGHT.LOCAL
│   ├── GPOs
│   └── OU
│       └── EMPLOYEES
│           ├── COMPUTERS
│           │   └── FILE01
│           ├── GROUPS
│           │   └── HQ Staff
│           └── USERS
│               └── barbara.jones
├── CORP.INLANEFREIGHT.LOCAL
└── DEV.INLANEFREIGHT.LOCAL

```

* `INLANEFREIGHT.LOCAL` is the root domain
  * contains the subdomains (either child or tree root domains)&#x20;
    * `ADMIN.INLANEFREIGHT.LOCAL`
    * `CORP.INLANEFREIGHT.LOCAL`
    * `DEV.INLANEFREIGHT.LOCAL`
* The graphic below shows two forests, `INLANEFREIGHT.LOCAL` and `FREIGHTLOGISTICS.LOCAL`
*

```
<figure><img src="/files/x3mHVZSGWgMZsgTdhGfV" alt=""><figcaption></figcaption></figure>
```

* The two-way arrow represents a bidirectional trust between the two forests, meaning
  * that users in `INLANEFREIGHT.LOCAL` can access resources in `FREIGHTLOGISTICS.LOCAL` and vice versa.

### Active Directory Terminology

* [Active Directory Terminology](/cybersecurity/active-directory-terminology.md)

### Active Directory Objects

* [#active-directory-objects](#active-directory-objects "mention")


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.wehost.co.in/cybersecurity/active-directory.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.