Hierarchy of information about network objects (such as computers, users, groups, domains, and trees) in a given network environment. It is extensible, interoperable (uses LDAP), scalable, and secure (from Microsoft Technet). The database behind active directory is stored as various schema, which can be adapted and added to by third-party software to allow complete integration into the directory.
Below is a sample hierarchy in ADS:
Forest
Tree1 Tree2
site1.com (domain) <=====trust=====> theman.com (domain)
| |
| damn.theman.com (child-domain)
| |
jimbo (OU) maingroup1 (OU)
| |
|-- l33t_box (computer) |-- printer1 (printer)
| (l33t_box.site1.com) | (printer1.damn.theman.com)
| |
|-- jimbo-users (group) |-- subgroup1 (OU)
| (jimbo-users@site1.com) | |
| | |-- bobs_box (computer)
|-- service_pack_1 (GPO) | | (bobs_box.damn.theman.com)
| | |
|-- jimbob (user) | |-- bob (user)
(jimbob@site1.com) | (bob@damn.theman.com)
|
|-- subgroup2 (OU)
Some definitions:
- A Forest is a collection of trees.
- A Tree is a hierarchy of domains and its subordinates.
- A Domain (similar to NT 4.0) contains child-domains, OU's, computers, users, etc.
- An OU is an Organizational Unit (similar to Domain, but with no need for a domain controller).
- A GPO is a group policy object, with which administrators can apply rules, updates, and installations on any computer or OU to which the GPO applies.
- Users, computers, printers, and groups are all basic objects in the directory. It is to these basic objects that GPO's can be applied.
- FQDN's (Fully Qualified Domain Name) are not assigned to OU's or GPO's, only domains, computers, and printers (and somewhat groups and users).