Object: Anything and everything in Active Directory is known as an object. It is just a concept of ‘Everything is a file in UNIX’. Let us take one more example: Suppose that you and few other friends (various objects of AD like computer, server, printers, users) had a common teacher (Active Directory) and meet with him after 10 years. Even, all of you have become masters in your fields but when you face your teacher you are only a student to him.
Domain: By definition we can say that a domain is a logical boundary for a collection of objects which shares the same database. A Domain provides administrative boundaries for objects; manage security for shared resources. Each domain stores information only about the objects that belong to that domain. The objects in a domain can be administer by security polices and settings, such as security groups, group policies.
Tree: Trees are collections of one or more domains that allow global resource sharing. A tree normally consists of multiple domains in a contiguous namespace. Adding a domain to a tree becomes a child of the tree root domain. A Domain will be called as parent domain to which child domain is attached. A child domain can also have its multiple child domains. Child domain uses the name followed by parent domain name and gets a unique Domain Name System.
Forest: A forest is a collection of multiple trees. Forests allow organizations to group their divisions which use different naming scheme, and may need to operate independently. But as an organization they want to communicate with the entire organization via transitive trusts, and share the same schema and configuration container.
OU: Organizational Unit are containers in which we store objects which we want to categorize. This is a set of same type of objects which we want to administer by same type of templates
Site: A Site in Active Directory is a collection of systems which are basically divided on same subnet.
Before I start the next topic let me try to cite an example each of the above.
Let us consider or World to be a ‘Forest’ the highest position in the hierarchy. If our World is forest, than it is composed of the Continents which can be considered as ‘Trees’. Now, these continents are again made of several countries which can be considered as ‘Domains’. Just like every country have different rules, different cultures. Every domain has got its own set of rules and policies. Site can be considered as a state which is a physical entity of a country.
Users: A user in active directory is nothing but another object.A user requires an Active Directory user account to log on to a computer or to a domain. The account establishes an identity for the user; the operating system then uses this identity to authenticate the user and to grant him or her authorization to access specific domain resources. User accounts can also be used as service accounts for some applications. That is, a service can be configured to log on (authenticate) as a user account, and it is then granted access to specific network resources through that user account.
Groups: A bigger chapter relatively than the others,Groups are Active Directory (or local computer) objects that can contain users, contacts, computers, and other groups. The groups can be created in domains, using the Active Directory Users and Computers tool. Groups are 'Security Principal Object' too; they are directory objects to which SIDs are assigned at creation. You can nest groups; that is, you can add a group as a member of another group Nesting groups makes it easier to manage users and can reduce network traffic caused by replication of group membership changes. Before you create groups, determine the number of domains you will have on your network and which of those domains (if any) are mixed-mode and which are native-mode:
Mixed-mode domain. The Windows 2000 operating system installs, by default, in a mixed-mode network configuration. A mixed-mode domain is a networked set of computers running both Windows NT 4.0 and Windows 2000 domain controllers. (You can also have a mixed-mode domain running only Windows 2000 domain controllers.)
Native-mode domain. You can convert a domain to native mode when it contains only Windows 2000 Server domain controllers.
There are two types of groups:
Distribution Groups: Main function to create email distribution lists or in simple words we add users to such group and then send a mail to this group which broadcast the email message to all the members of this group.
Security Groups: Security groups are mainly used to provide user access to different object types like some server, printer and other resources. But, Security Groups can also be used as Distribution Groups but not recommended because Security Groups keeps increasing the SID information of the objects which are being added to this Group
A group can be converted from a security group to a distribution group, and vice versa, at any time, but only if the domain functional level is set to Windows 2000 native or higher. No groups can be converted while the domain functional level is set to Windows 2000 mixed.
