Windows 2003 Active diretory (ii)--AD and domain

In the 03 domain has been the most important core position, but many people do not understand what is the domain. The next simple definition is that the collection of computers that share the same AD database is a domain.

1, the domain and the relationship between the ad: from the domain point of view, ad is composed of at least one domain set, if the ad for the protagonist, from the ad point of view, the domain is the AD partition unit.

Ad is a collection of domains: AD can consist of a single or multiple domain.

Domain is the partition unit of AD: the domain stores its own AD objects, so the domain is also a collection of objects in the ad, or the unit of the logical partition of the AD.

Domain functions: 1, the formation of a separate management unit: that is, there is a separate account, network management personnel, security settings, Group Policy, etc., between the domain can be combined through trust relationship. 2, Group Policy and Delegate control application units: that is, delegation control and Group Policy can also be applied to the domain or site. The organizational unit (OU) is also mentioned earlier, which is managed by dividing the domain into smaller units. We can know the relationship between the two. 3, can cross the geographical limit: in fact, the domain is a logical concept, different regions can join the same domain.

Domain name: More common is the DNS and LDAP two formats. DNS This everyone is very familiar with, here is not to say, note that the domain is only named in the same way as DNS, not domain definitions are the same as DNS. LDAP DN Format: Because the domain is part of the ad hierarchy, the DN of the object necessarily contains the domain name of the object. AD uses DCs (DOMAIN COMPONENT) to represent hierarchies in DNS names. As the above example can be written: Cn=frankie ke,ou=sect1,ou=product,dc=ming,dc=com,dc=us. As you can see, the DNS domain name is actually converted to the rightmost three elements of the object DN.

Multi-domain structure: Again, the domain can be organized by organizational units to form a hierarchical structure, so that the domain has a better scalability. A multiple domain is either a domain tree or a forest. A domain tree is composed of multiple domains, which are organized hierarchically by trust relationships between dwellings. Special note: Although domains in the domain tree are hierarchical, this is only a naming method and does not represent an upper-level domain having jurisdiction over the underlying domain. Each domain in the domain tree is an independent management individual, so the upper-level network management personnel and the network management personnel in the lower domain are basically in an equal position, and will be reflected in the following introduction process. Although there may be dependencies in real life, there is nothing in AD. Domain forest: is a collection of multiple domain trees that communicates through trust relationships. Establishing such a relationship is easy to find.

The following is a simple domain plan that will deepen the understanding of the domain and achieve flexibility in application.

1, a single domain: Microsoft's proposal, enterprises should use a single domain structure, to simplify the management of the work.

If 51CTO companies adopt a single domain structure. Various departments within the company form organizational units for management.