The meaning of the forest root domain in the domain tree, and the meaning of the domain forest root domain

The meaning of the forest root domain in the domain tree, and the meaning of the domain forest root domain

Contoso has many IT resources in the company's IT environment, and these IT resources are all in a state of decentralized management, which virtually increases the management cost of contoso, moreover, the management system cannot be implemented in the actual production environment.

So how can we solve this problem?

Do we put all these items in a warehouse? What about employees? What about department managers? Are you also throwing away the warehouse? This is obviously unrealistic.

You can imagine, no matter where you come from, which province or city you belong to, or if you are abroad, are not all Chinese? Isn't all the physical resources in the mall, cafe, or scenic area that we go to belong to China? Regardless of our interpersonal relationships, social relationships, and complexity, we all belong to the same country and logical concept in terms of the logical structure. Isn't logical centralized management implemented?

OK. Let's take a look at the concept of domain. IT is a means of logically unified and centralized management of all the resources in our enterprise IT environment.

Next, the company contoso established its own domain, called contoso.com, to solve the IT environment management problem within the enterprise and greatly reduce the management cost.

However, with the rapid development of business, we need to set up subsidiaries in Shanghai and Beijing. How can we centrally manage cross-region resources? Isn't the cost coming up again?

Or use the domain environment to solve the problem,

Create a subdomain for contoso.com and establish a continuous relationship with contoso.com in terms of the naming logic. The following bj.contoso.com and sh.contoso.com are subdomains compared to contoso.com. In turn, contoso.com is a parent domain relative to sh. contoso. om and bj.contoso.com, and they are parent-child relationships.

Currently, this logical management structure is called a domain tree. In this way, the management of remote branches is solved, and the cost is also reduced.

Problems arise when there is development. Many enterprises operate multiple projects at the same time and set up multiple independent management teams and management mechanisms at the same time. As a boss who wants to keep his business undefeated, he must enhance the reliability of his business environment. To put it bluntly, he must increase profitability to reduce the risk of real-time loss.

So how can we solve the problem of centralized management of multi-project operations?

The company contoso.com is also faced with this problem because he also runs a project in seattle.

The domain environment also provides better extension methods to create an existing domain in the forest for the seattle project. Although the namespace of contoso.com is not consecutive, it also belongs to the same company and is still centrally managed in terms of management, greatly reducing management costs while, the development of the seattle project will not be restricted by centralized management, because the projects in the whole forest are still relatively independent. Soon, seattle established its own branch, work.seattle.com.

Such a logical structure is called a domain forest.

When an enterprise operates multiple projects, no matter whether the project operation mode of the enterprise is transparent or not transparent, it will have its own main or main business project. So how can we ensure that this project is at the forefront of IT environment management?

The domain environment also provides a flexible response strategy for this situation:

The first domain created in the entire domain forest is the root domain, and the root domain's position, priority, importance, and other constraints in the entire domain forest are very powerful. In addition, there can be only one root domain in a domain forest. Therefore, the domain environment has also made good countermeasures for the risks and management measures of enterprise operation for a number of purposes.

Many administrators are afraid that the root domain cannot be found in multi-domain environments. The root domain has a significant feature. There are two special groups on the root domain DC:

Enterprise admins

Schema admins

The other domain servers in the domain forest do not have these two groups.

 

Reproduced http://angerfire.blog.51cto.com/198455/144123/