Oraganizational Units, Namespaces, domains, domain trees, forests and trust relationships
Last updated
Last updated
1- Organizational Units (OU) OUs are AD containers that can contain users, groups, computers and other OUs, they're used to :
Represent the ogranization hierarchically and logically (for example Marketing dpt)
Manage a collection of objects in a consistent way
Delegate permissions to administer groups of objects
Apply policies
2- Namespaces :
Directory service namespaces identify the objects they contain by unique names which are usually based on the location in the directory where the object can be found. For example, in an X.500 directory, a given object might have a name like this:
3- Domains: Domains are used to group and manage objects in an ogranization, they're:
An administrative boundary for applying policies to groups of objects
A replication boundary for replicating data between domain controllers
An authentication and authorization boundary that provides a way to limit the scope of access to ressources
4- Domain trees:
Trees: A tree is a collection of domains that share a contiguous namespace.
Child domains: A domain located in the namespace tree directly under another domain name (the parent domain), which contains the name of the parent in its own name. Example: sales.abc.com is a child domain of the abc.com parent domain.
5- Forests:
Two or more domain trees which do not share a contiguous namespace can be joined in a forest.
6- Trust relationships:
Active Directory in Windows 2000 introduced the concept of two-way transitive trusts that flow upward through the domain hierarchy toward the tree root domain and across root domains of different trees in the same forest. This includes parent-child trusts between parent and child domains of the same tree and tree root trusts between the root domains of different trees in the same forest. Trust relationships are basically used to allow users in one domain to access resources in another domain. Basically, you could configure one domain to trust another one so that users in the second domain could access resources in the first one.
More info :
