Active Directory domain service (ad ds)

Source: Internet
Author: User

Content

  • Overview
  • Workgroup architecture and domain Architecture
  • Namespace)
  • Object, Container, and Organization unit (OU)
  • Domain Tree)
  • Forest (Forest)

 

Overview

Active Directory Domain Services (ad ds) is a powerful tool for organizing, managing, and controlling network resources. When you create and use a domain, you must know some concepts and concepts about the domain service.

Active Directory Domain Services, in which Directory and Directory Services are often seen in daily life, such:

  • Telephone Directory, which records the name, phone number, address, and other data of friends and family;
  • The name, size, date, and other data of the File is recorded in the File system. This is the File Directory );
  • Checklist;
  • Baidu search engine.

The directory service allows users to easily and quickly find the desired files.

Active Directory is used to store objects such as user accounts, computer accounts, printers, and shared files. These objects are stored in Directory databases ), the Active Directory Component that provides Directory services is the Active Directory domain service (ad ds), which is responsible for operations (addition, deletion, modification, and query) on the Directory database.

Ad ds can be used in the combination of a computer, a small LAN, or multiple WAN. It contains all objects in this range, such as files, printers, applications, servers, domain controllers, and user accounts.

If you compare ad ds with the Working Group, you can imagine the "Blueprint" it planned ".

 

Workgroup architecture and domain Architecture

A working group network is also called a peer-to-peer network, because each computer on the network is equal, and their resources and management are scattered on various computers. It has the following features:

  • Each Windows computer has a Security Account Manager Database (SAM. If a user wants to access resources on each computer, the system administrator must create a user account in the SAM on each computer and set the permissions. Account and permission management in this architecture is obviously troublesome. If the number of computers in an enterprise is small, the network in the Working Group architecture can be used.
  • Servers (such as Windows 2008 R2) are not required in a working group. Even clients such as Windows R2, Windows Vista, and Windows XP, a network of Working Group architecture can be set up.

Different from the Working Group architecture, all computers in the domain share a centralized directory database, which stores account and other related data of all users in the entire domain. This directory database is stored in the Domain Controller, and only a server-level computer can act as the Domain Controller.

What if you want to design such a thing?

We know that there are IP addresses, host names, domain names, and DNS in the computer, so we can use these, build a "Tree" structure by using a server-level computer on the network. Multiple such structures are called "forests ".

A Data Structure is required. Any resource is an object and has its own attributes. An object can be an account of each computer. Each account has its own attributes, such as name, password, phone number, email, and title. Each account can be viewed as a real person, since we are people, we should be able to organize people. For an enterprise, this is the organizational structure, such as the business department and Finance Department. The object can also be a printer.

Namespace)

AD of ad ds is a namespace, through which all information related to this object can be found using the object name. In the TPC/IP network, Domain Name System (DNS) is used to resolve the ing between hosts and IP addresses. Therefore, ad ds is closely integrated with DNS, its Domain Name Space also adopts the DNS architecture.

Object, Container, and Organization unit (OU)

All resources in ad ds exist as objects, such as users, computers, and printers. objects are described by attributes.

A container is similar to an object. It is also a set of attributes, but a container can contain other objects or even containers.

An organizational unit is a special container. It can contain objects and organizational units, as well as Group policies ).

Domain Tree)

The domain tree is a network that contains multiple domains and exists in the form of a domain tree.

Forest (Forest)

A forest consists of one or more domain trees. Each domain tree has its own unique namespace.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.