Active Directory Facts Flashcards
Schema
The Microsoft Active Directory schema contains the formal definitions of every object class that can be created in an Active Directory forest. The schema also contains formal definitions of every attribute that can exist in an Active Directory object.
Domain
A domain is an administratively-defined collection of network resources that share a common directory database and security policies. The domain is the basic administrative unit of an Active Directory structure.
Database information is replicated (shared or copied) within a domain.
Security settings are not shared between domains.
Each domain maintains its own set of relationships with other domains.
Domains are identified using DNS names. The common name is the domain name. The distinguished name includes the DNS context or additional portions of the name.
Depending on the network structure and requirements, the entire network might be represented by a single domain with millions of objects, or the network might require multiple domains.
Object
Within Active Directory, an object is a resource. Common objects include:
Users
Groups
Computers
Printers
Shared folders
In Active Directory, each user is assigned a Security Account Manager (SAM) account name. Therefore, each username must be unique.
You should know the following about objects:
Each object contains attributes. An attribute is a property of the object such as a user’s name, phone number, and email address. Attributes are used for locating and securing resources.
The schema identifies the object classes (the type of objects) that exist in the tree and the attributes (properties) of the object.
Active Directory uses DNS for locating and naming objects.
Container objects hold or group other objects, either containers or leaf objects.
Organizational Unit
(OU)
An organizational unit (OU) is like a folder that subdivides and organizes network resources within a domain. An organizational unit:
Is a container object.
Can hold other organizational units.
Can hold objects such as users and computers.
Can be used to logically organize network resources.
Simplifies security administration.
You should know the following about OUs:
First-level OUs can be called parents.
Second-level OUs can be called children.
OUs can contain other OUs or any type of leaf object (users, computers, and printers).
Containers
A container is a built-in object that cannot be altered without making changes to the Active Directory schema. Active Directory uses containers to organize objects.
Container objects:
Are created by default.
Cannot be created, moved, renamed, or deleted.
Have very few properties that can be edited.
Trees and Forests
Multiple domains are grouped together in the following relationship:
A tree is a group of related domains that share the same contiguous DNS namespace.
For example, the domains named corpnet.com, sales.corpnet.com, and US.sales.corpnet.com are all in the same domain tree and share the same namespace of corpnet.com.
A separate tree would have a unique namespace, such as NetCorp.com.
A forest is a collection of related domain trees.
The forest establishes the relationship between trees that have different namespaces.
Each tree will have a unique namespace, such as corpnet.com and NetCorp.com.
All trees in a forest share a common schema, configuration, and global catalog.
Domain controller
A server that has Active Directory Directory Service (AD DS) installed and holds the Active Directory database or a copy of the Active Directory database. It authenticates and authorizes all users and computers in a Windows domain, assigning and enforcing security policies for all computers and installing or updating software.
Active Directory is a multi-master, loosely consistent database. All domain controllers in a domain can accept changes for the domain. These changes are then distributed to the other domain controllers in the domain.
Replication is the process of copying changes to Active Directory between the domain controllers. Member servers are servers in the domain that don’t have the Active Directory database.
Sites and subnets
Active Directory uses two objects to represent the physical structure of the network:
A subnet represents a physical network segment. Each subnet possesses its own unique network address space.
A site represents a group of well-connected networks (networks that are connected with high-speed links).
You should know the following about sites and subnets:
Active Directory uses sites and subnets to manage replication between locations.
All Active Directory sites contain servers and site links (the connection between two sites that allows replication to occur).
Active Directory uses site links to build the most efficient replication topology.
A site differs from a domain in that it represents the physical structure of a network, while a domain represents the logical structure of an organization.
Clients are assigned to sites dynamically according to their Internet Protocol (IP) address and subnet mask.
Domain controllers are assigned to sites according to the location of their associated server object in Active Directory.
Data store
Each domain controller contains a copy of the data store. This database stores the directory information in the Ntds.dit file. The directory and log files are stored by default in the C:\Windows\NTDS folder.
The Active Directory database is the physical database file in which all directory data is stored. It contains the values for the domain and a replica of the values for the forest (the Configuration container data). This file consists of three internal tables:
The data table contains all the information in the Active Directory data store: users, groups, application-specific data, and any other data that is stored in Active Directory after its installation.
The link table contains data that represents linked attributes. Linked attributes contain values that refer to other objects in Active Directory.
The security descriptor (SD) table contains data that represents inherited security descriptors for each object.