Active Directory Architecture

1. Forest

A forest is the top-level container in an Active Directory configuration. It represents the security
boundary within which users, groups, and computers can be managed. A forest can contain one or more
domains.

2. Tree

A tree is a collection of one or more domains that share a contiguous namespace and are linked in a
hierarchical structure. Domains in a tree share a common schema and global catalog.

3. Domain

A domain is a logical grouping of objects (such as users, computers, and groups) that share the same AD
database. Domains provide a way to partition the directory for easier management and replication.

Configurations
Single Forest, Single Domain

Architecture:

 Forest: 1
 Tree: 1
 Domain: 1

Characteristics:

 Simplest AD configuration.
 All objects are contained within a single domain.
 Easier to manage and administer.
 Single namespace (e.g., example.com).

Use Case:

 Suitable for small to medium-sized organizations where administrative simplicity and ease of
management are priorities.

Single Forest, Multiple Domains

Architecture:

 Forest: 1
 Tree: 1 (or more if you have multiple domain trees)
 Domains: Multiple
Characteristics:

 One forest contains multiple domains.

 Domains can either be in a single tree (sharing a contiguous namespace, e.g., corp.example.com,
sales.example.com) or multiple trees (separate namespaces, e.g., example.com,
anotherexample.com).
 Allows for delegation of administrative control and separation of resources.
 Each domain has its own unique security policies but shares the forest-wide schema and global
catalog.

Use Case:

 Suitable for larger organizations with distinct administrative boundaries, different geographic
locations, or different business units requiring separate management.

Setting Up Different Configurations

Single Forest, Single Domain
1. Install AD DS on the First Server:
o Use Server Manager to add the AD DS role.
o Promote the server to a domain controller, create a new forest, and specify the domain
name (e.g., example.com).

2. Additional Domain Controllers:

o Install AD DS on additional servers.
o Promote them as domain controllers in the existing domain to provide redundancy and
load balancing.

Single Forest, Multiple Domains

Step-by-Step Guide:

1. Create the Root Domain:

o Install AD DS on the first server.
o Promote the server to a domain controller, create a new forest, and specify the root
domain name (e.g., example.com).

2. Create Additional Domains:

o On a new server, install AD DS.
o During promotion, choose "Add a new domain to an existing forest".
o Select the type of domain:
 Child Domain: If creating a subdomain (e.g., sales.example.com).
 Tree Domain: If creating a new domain tree (e.g., anotherexample.com).
 3. Complete the Promotion:
o Specify the necessary details and complete the domain controller promotion process.
o Repeat as needed for additional domains.

Tools for Management

 Active Directory Users and Computers (ADUC): Manage users, groups, and computers.
 Active Directory Domains and Trusts: Manage domains and establish trust relationships.
 Active Directory Sites and Services: Configure and manage replication.
 DNS Manager: Manage DNS settings which are crucial for AD functioning.