Active Directory

Directory
 Heart of the Active Directory
 A comprehensive listing of objects

Active Directory will store information about organization, sites, systems, users, shares and just any
other object that you can imagine

Active Directory Components

 Objects and Attributes
 Containers
 Domains
 Trees
 Forest
 Sites
 Schema
 Global Catalog
 Namespace
 Naming Conventions

1. Objects and Attributes

Objects
- Everything in Active Directory is an object
 User
 Group
 Computer
 Printer
 Resources
 Service

Attributes
- Describe objects in Active Directory, for example: all User objects share attributes to store a
username, full name and description.
- Systems are also an object, but they have a separate set of attributes including host name,
IP address and location

 Objects are created based on the object class.

 Attributes describe and object class
 Anytime you create a user or a computer to
 Active Directory, you create an object

Standard Object Classes

a. Users
- Keeps the personal information you need about the people.
- This personal information is entirely optional
b. Groups
 - Collection of users
 Universal Groups – can contain users and other groups from anywhere in the forest.
They are replicated outside of the domain and appear in global catalog
 Global Group - can only contain users and groups from the same domain. Listed in the
Global catalog, but their membership list doesn’t leave the domain.
 Domain Local Group – can only be applied to ACLs within the same domain but can
contain users and groups from other domain.
 Built-in Groups – default group, administrator can use these groups for most purposes
and can add their own groups as needed.

2. Machine Accounts
- Default accounts used by the Operating System.

3. Containers
- a special type of object used to organize the AD, it doesn’t represent any physical such as
user or system. Instead, you use it to group other objects.
- Can be nested within other containers, in the same way that a file folder contains files and
documents, a directory container is a container for directory objects.

4. Organizational Units (OUs)

- Another type of directory object contained within each domain, also use to organize its
resources in a more meaningful hierarchy, container objects.
- Organizational Units can contain the following: Users, Groups, Computers, Printers,
Application, Security Policies, File Shares

5. Trees
- it is used to describe a set of objects within AD – hierarchy of objects when containers and
objects are combined hierarchically, they tend to form branches
- Contiguous subtree, which refers to an unbroken branch of the tree, including all members
of any container in the path.
- The endpoints are leaf nodes; these are non-container objects because they cannot contain
any object.
- Nodes are where the tree branches are non-leaf nodes or simply containers.

6. Forests
- a set of one or more domain trees that doesn’t form a contiguous namespace
- The term forest describes trees that aren’t apart of the same namespace but share the
common schema, configuration and global catalog.
- Trees in a forest don’t share a common root. A forest allows administrator to join two
domain trees that have no common parts.

7. Site
- Geographical location, it corresponds to logical IP subnets and as such, application can use
sites to locate the closest server on a network.
8. Schema
- Set of attributes available for any particular object type. It makes object classes different
from each other. It defines the objects that you can create in the directory and the
attributes that you can assign to those objects.
9. Global Catalog
- Holds all objects from all domains along with a subset of each object’s properties.
- It contains the names of all objects in an Active Directory server.

10. Namespace
- Also known as console tree, refers to the area where you can locate the network
component.
- The Domain Name Service namespace resolves host names to IP addresses