# Oraganizational Units, Namespaces, domains, domain trees, forests and trust relationships **1- Organizational Units (OU)**\ OUs are AD containers that can contain users, groups, computers and other OUs, they're used to : * Represent the ogranization hierarchically and logically (for example Marketing dpt) * Manage a collection of objects in a consistent way * Delegate permissions to administer groups of objects * Apply policies **2- Namespaces :** Directory service namespaces identify the objects they contain by unique names which are usually based on the location in the directory where the object can be found. For example, in an X.500 directory, a given object might have a name like this: ``` CN=John,OU=Marketing,O=Fabrikam ``` **3- Domains:**\ Domains are used to group and manage objects in an ogranization, they're: * An administrative boundary for applying policies to groups of objects * A replication boundary for replicating data between domain controllers * An authentication and authorization boundary that provides a way to limit the scope of access to ressources \ **4- Domain trees:** *Trees:* A tree is a collection of domains that share a contiguous namespace. ![abc.com is a domain tree](/files/-Lzm5XQ5X_tuaMeGobm9) *Child domains:* A domain located in the namespace tree directly under another domain name (the parent domain), which contains the name of the parent in its own name. Example: sales.abc.com is a child domain of the abc.com parent domain. **5- Forests:** Two or more domain trees which do not share a contiguous namespace can be joined in a forest. ![Example of a Forest](/files/-Lzm6XrFHk_WXs9S__O-) **6- Trust relationships:** Active Directory in Windows 2000 introduced the concept of two-way transitive trusts that flow upward through the domain hierarchy toward the tree root domain and across root domains of different trees in the same forest. This includes parent-child trusts between parent and child domains of the same tree and tree root trusts between the root domains of different trees in the same forest. Trust relationships are basically used to allow users in one domain to access resources in another domain. Basically, you could configure one domain to trust another one so that users in the second domain could access resources in the first one. More info : {% embed url="" %} {% embed url="" %} {% embed url="" %} {% embed url="" %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://xedex.gitbook.io/internalpentest/internal-pentest/active-directory/introduction/namespaces-domain-trees-and-forests.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.