Professional Documents
Culture Documents
IT 205 ch03 Def
IT 205 ch03 Def
rights.
Domains: An administrative boundary for users and computers, which are stored in a
common directory database. A single domain can span multiple physical locations or
structures and that share a common root domain. A domain tree can have a single
domain or many domains. A domain (known as the parent domain) can have a child
domain. A child domain can have its own child domain. Because the child domain is
combined with the parent domain name to form its own unique Domain Name System
Forests: A collection of domain trees that share a common Active Directory Domain
Services (AD DS). A forest can contain one or more domain trees or domains, all of
which share a common logical structure, global catalog, directory schema, and directory
a single domain tree or even a single domain. The first domain in the forest is called the
forest root domain. For multiple domain trees, each domain tree consists of a unique
namespace.
The physical components that make up Active Directory include the following:
Domain controllers: The servers that contain the Active Directory databases. A domain
partition stores only the information about objects located in that domain. All domain
controllers in a domain receive changes and replicate those changes to the domain
partition stored on all other domain controllers in the domain. As a result, all domain
Global catalog servers: A domain controller that stores a full copy of all Active
Directory objects in the directory for its host domain and a partial copy of all objects for
all other domains in the forest. Applications and clients can query the global catalog to
locate any object in a forest. A global catalog is created automatically on the first domain
controller in the forest. Optionally, other domain controllers can be configured to serve
as global catalogs.
Operations Masters: Specialized domain controllers that perform certain tasks so that
Read-only domain controllers: Specialized domain controllers that are intended for use
in branch offices and servers in a low physical security environment that holds only a
When a user logs on, Active Directory clients locate an Active Directory server (using
the DNS SRV resource records) known as a domain controller in the same site as the
computer.
Each domain has its own set of domain controllers to provide access to the domain resources,
such as users and computers. For fault tolerance, a site should have two or more domain
controllers. That way, if one domain controller fails, the other domain controller can still
service the clients. Note that whenever an object (such as a username or password) is modifi ed,