OBTAIN AN IP ADDRESS BY USING DHCPBEFORE YOU BEGIN THIS EXERCISE, YOU...

14 - - MICROSOFT WINDOWS XP PROFESSIONAL EXAM 70 270 PHẦN 6 PPTX 14 - - MICROSOFT WINDOWS XP PROFESSIONAL EXAM 70 270 PHẦN 6 PPTX
MICROSOFT WINDOWS XP PROFESSIONAL EXAM 70 270 PHẦN 6 PPTX
14-7Lesson 1 Overview of Active Directorymicrosoft.comuk.microsoft.com us.microsoft.comsis.uk.microsoft.com

F14us03

Figure 14-3 A domain tree is a hierarchical grouping of domains that share a contiguous namespace.

The first domain you create in a tree is called the root domain. The next domain that

you add becomes a child domain of that root. Trees have the following characteristics:

Following DNS standards, the domain name of a child domain is the relative name

of that child domain appended with the name of the parent domain.

All domains within a single tree share a common schema, which is a formal defi-

nition of all object types that you can store in an Active Directory deployment.

All domains within a single tree share a common Global Catalog, which is the cen-

tral repository of information about objects in a tree.

Forests

A forest is a grouping or hierarchical arrangement of one or more domain trees that

form a disjointed namespace, but might share a common schema and Global Catalog

(see Figure 14-4). In the example shown in Figure 14-4, the namespace microsoft.com

is represented in one tree, and the namespace msn.com is represented in another.

There is always at least one forest on a network, and it is created when the first Active

Directory–enabled computer (domain controller) on a network is installed. This first

domain in a forest, called the forest root domain, is special because it holds the schema

and controls domain naming for the entire forest. It cannot be removed from the forest

without removing the entire forest itself. Also, no other domain can ever be created

above the forest root domain in the forest domain hierarchy.

msn.comus.microsoft.comuk.microsoft.comuk.msn.com us.msn.comsis.uk.msn.com

F14us04

Figure 14-4 A forest is a group of one or more domain trees.

Forests have the following characteristics:

All trees in a forest share a common schema.

Trees in a forest have different naming structures, according to their domains.

All domains in a forest share a common Global Catalog.

Domains in a forest operate independently, but the forest enables communication

across the entire organization.

A forest is the outermost boundary of Active Directory; the directory cannot be larger

than the forest. However, you can create multiple forests and then create trust relation-

ships between specific domains in those forests; this process would let you grant

access to resources and accounts that are outside of a particular forest.

On the CD At this point, you should view the multimedia presentation “The Logical Struc-ture of Active Directory,” which is included in the Multimedia folder on the CD accompanying this book. This presentation will help deepen your understanding of Active Directory.

Real World Using a Simple Structure

What with domains, trees, forests, and OUs, you can see how enticing it could be

to try to use all these components to organize your Active Directory implementa-

tion. However, you are best served by keeping your design as simple as your

organizational needs allow. The details involved in designing and implementing

an Active Directory setup are challenging enough without unnecessary complica-

tion. If you can work with a single domain and a couple of OUs to help organize

administrative tasks, then do it. The whole purpose of Active Directory is to ease

the burden of administration. A simple, well-thought-out design goes a long way

toward achieving this purpose.