What is a forest in Active Directory

Microsoft Active Directory

Active Directory (AD) is the directory service for Windows 2000 Server and Windows 2003 Server from Microsoft. Starting with Windows Server 2008, it is known as Active Directory Domain Services (ADDS).

With Active Directory you can simulate a network of the structure of an organization or its spatial distribution. For this purpose, Active Directory stores and manages information about network objects and resources. One or more administrators can manage directory data and the directory structure of the entire network and enable or disable network users the required network resources. Network resources include access authorizations, usage rights for applications, storage space, network services and network peripherals, such as B. Printer.

Benefits of Active Directory

  • Information security
  • Policy-based management
  • Expandability
  • Scalability
  • Replication of information
  • DNS integration
  • Cooperation with other directory services

The Active Directory is an object-oriented database consisting of classes, schemas and objects that are arranged hierarchically.

domain

In order to be able to reproduce the organizational structure in a company, domains are used in Active Directory. A domain is always an organizational unit. It is subject to security policies and settings that cannot be transferred to another domain. Only information from that domain is stored in each domain.
A domain has a unique name and provides access to the user and group accounts that are managed by the domain administrator.

Domain structure

  • das-elko.de (root domain)
    • technik.das-elko.de (subdomain of das-elko.de)
    • administration.das-elko.de (subordinate domain of das-elko.de)
      • finanzen.verwaltung.das-elko.de (subordinate domain of verwaltung.das-elko.de)
      • personal.verwaltung.das-elko.de (sub-domain of verwaltung.das-elko.de)

The domain structure of Active Directory is based on the naming conventions of DNS. Each domain is identified by a DNS name. A domain structure is called a domain tree. The first domain in a domain structure is called the root domain. All other domains in the same domain structure are subdomains.
All domains in the same domain structure form a continuous name. This means that a subordinate domain always also contains the name of the parent domain. In the list above, verwaltung.das-elko.de is a subordinate domain of das-elko.de and finanzen.verwaltung.das-elko.de is a subordinate domain of verwaltung.das-elko.de.
The physical structure (architecture) of a network is tied to the location division. The domain structure is usually (not necessarily) tied to the logical structure of the company. The logical structure and physical structure are independent of each other:

  • There can be several domains at one location.
  • There can be multiple locations in a domain.
  • There is no connection between location and naming.

Forest


The overall structure consists of several domain structures, the domain trees. The naming between the domain structures does not have a coherent namespace. Subordinate domain names can appear in all domain structures, but have nothing to do with one another.
The forest is also known as a domain forest (several domain trees).
Important: The first domain established in a forest is called the forest root domain. This domain is created when the first domain controller is installed. Installing multiple domain controllers for a domain can ensure fault tolerance and high availability of the directory service.

User and computer accounts

User and computer accounts in Active Directory are assigned to a physical person or a computer. These accounts are known as security principals and are assigned a security identifier. Objects with security tags can log on to the network and access domain resources. User and computer accounts do the following:

  • Authentication of the user or the computer
  • Access control to domain resources
  • Administration of other security principals
  • Monitoring tasks

Protocols and services in the Windows network

Overview: Directory Services

Other related topics:

share

Product recommendations

Everything you need to know about networks.

Network technology primer

The network technology primer is a book about the basics of network technology, transmission technology, TCP / IP, services, applications and network security.

I want that!

Everything you need to know about networks.

Network technology primer

The network technology primer is a book about the basics of network technology, transmission technology, TCP / IP, services, applications and network security.

I want that!