Active Directory Basic - Active Directory Related Terms

  

Although many of the technologies used in the Active Directory have appeared in other software products, it is the first time that a comprehensive overall network solution has been unveiled. Many of the terms or terms may be unheard of, so it is necessary to have a detailed understanding. A related noun or term in the Active Directory.


1, Namespace: Essentially, Active Directory is a name space, we can understand the name space to resolve any border given name, the name refers to this boundary can provide Or all information ranges associated with, mapped. In layman's terms, we sum up all the related information that we can find on the server by looking up an object, such as a user. If we have defined this user in the server, such as: user name, user password, work unit, contact number, The home address, etc., the sum mentioned above is broadly understood to be the name space of the name "user", because we can only find a user name to find all the information listed above. Name resolution is the process of translating a name into an object or information represented by the name. For example, in a directory where a phone directory is formed, we can resolve the name of each phone account to the corresponding phone number, instead of the name being the name, the number being the number, and not being able to be contacted horizontally. The file system of the Windows operating system also forms a namespace, and each file name can be parsed into the file itself (including all the information it should have).


2, Object: Object is the information entity in the Active Directory, which is the "attribute" we usually see, but it is a collection of attributes, often representing tangible entities, such as User account, file name, etc. The object describes its basic characteristics through attributes. For example, the attributes of a user account may include the user's name, phone number, email address, and home address.


3. Container: A container is part of the Active Directory namespace. Like a directory object, it also has properties, but unlike a directory object, it does not represent a tangible entity, but rather a storage. The space of the object, because it only represents the space in which an object is stored, so it is smaller than the namespace. For example, a user, it is an object, but the container of this object is limited to the information space that can be provided from the object itself, such as it can only provide the user name, user password. Others such as: work unit, contact number, home address, etc. are not part of the container of this object.


4. Directory tree: In any namespace, a directory tree is a hierarchy of containers and objects. The leaves and nodes of the tree are often objects, and the non-leaf nodes of the tree are containers. The directory tree expresses how objects are connected and also shows the path from one object to another. In the Active Directory, the directory tree is the basic structure. From each container as a starting point, you can form a subtree. A simple directory can form a tree, a computer network or a domain can also constitute a tree. It is also very easy to understand. When we first learned the computer, did it start on the basis of a comprehensive understanding of the path concept under DOS? In fact, this "directory tree" is also a kind of "path relationship", if you understand the DOS "Path" believes that understanding this "directory tree" is no problem!


5. Domain: The domain is the security boundary of the WIN2K network system. We know that the most basic unit of a computer network is the "domain". This is not unique to WIN2K, but the Active Directory can run through one or more domains. On a stand-alone computer, the domain refers to the computer itself. A domain can be distributed in multiple physical locations. At the same time, one physical location can divide different network segments into different domains. Each domain has its own security policy and it Trust relationships in other domains. Active Directory can be shared by multiple trusted domain domains when multiple domains are connected through a trust relationship

6. Organizational Units: The type of directory object that is particularly useful in a domain is the organizational unit. An organizational unit is a container that puts users, groups, computers, and other units into Active Directory, and organizational units cannot include objects from other domains. An organizational unit is the smallest unit of action that can be assigned Group Policy settings or delegated administrative rights. With organizational units, you can create containers in domains that represent logical hierarchies in organizational units, so you can manage accounts, resource configuration, and usage based on your organizational model, and you can use organizational units to create scalable to any size management model. Users can be granted administrative rights to all organizational units in the domain or to individual organizational units. The administrator of the organizational unit does not need to have the management rights of any other organizational unit in the domain. The organizational unit is a bit like our working group in the NT era, we Administrative authority can be understood in this way.


7. Domain Tree: A domain tree consists of multiple domains that share the same table structure and configuration to form a continuous namespace. The domains in the tree are connected by a trust relationship, and the Active Directory contains one or more domain trees. The deeper the level of the domain in the domain tree, the lower the level. A "." represents a hierarchy. For example, the domain child.Microsoft.com is lower than the domain level of Microsoft.com because it has two hierarchical relationships, while Microsoft.com only has One level. The domain Grandchild.Child.Microsoft.com is lower than Child.Microsoft.com, and the truth is the same.


The domains in the domain tree are connected by a two-way transitive trust relationship. Because these trust relationships are bidirectional and transitive, newly created domains in a domain tree or forest can immediately establish a trust relationship with each other domain in the domain tree or forest. These trust relationships allow a single sign-on process to authenticate users on all domains in the domain tree or the forest, but this does not necessarily mean that authenticated users have the same rights and permissions in all domains in the domain tree. Because domains are security boundaries, users must be assigned appropriate rights and permissions on a per-domain basis.


8. Domain forest: Domain forest is composed of one or more domain trees that do not form a continuous namespace. The most obvious difference between the domain tree and the domain tree mentioned above lies in these domain trees. There is no continuous namespace between them, and the domain tree is composed of domains with consecutive namespaces. However, all domain trees in the domain forest still share the same table structure, configuration, and global catalog. All domain trees in the domain forest are established through Kerberos trust relationships, so each domain tree knows the Kerberos trust relationship, and different domain trees can cross-reference objects in other domain trees. The domain forest has a root domain. The root domain of the domain forest is the first domain created in the domain forest. The root domain of all domain trees in the domain forest establishes a transferable trust relationship with the root domain of the domain forest.


9. Site: A site is a network location that includes an Active Directory domain server, usually one or more subnets connected via TCP/IP. Subnets inside the site are connected through a reliable, fast network. The division of the site allows the administrator to easily configure the complex structure of the Active Directory and make better use of the physical network features to optimize network communication. When a user logs in to the network, the Active Directory client finds the Active Directory domain server in the same site. Since the network communication within the same site is reliable, fast, and efficient, it is the fastest for the user. Log in to the network system within the time. Because the site is subnet-bound, Active Directory can easily find the site where the user is located when logging in, and then find the Active Directory domain server to complete the login.


10. Domain Controller: The domain controller is the computer that uses the Active Directory Installation Wizard to configure WIN2K Server. The Active Directory Installation Wizard installs and configures components that provide Active Directory services for network users and computers for users to choose from. The domain controller stores directory data and manages user domain interactions, including user login procedures, authentication, and directory searches. A domain can have one or more domain controllers. For high availability and fault tolerance, a small unit using a single local area network (LAN) may only need one domain with two domain controllers. Large companies with multiple network locations require one or more domain controllers at each location to provide high availability and fault tolerance.



Copyright © Windows knowledge All Rights Reserved