Windows Server 2003 Active Directory and Network Infrastructure

It is a hierarchical representation of all objects and their attributes available on the network. It allows administrators to network resources, namely, administration, computers, users, printers, shared folders, etc., so easy. The logical structure of Active Directory representation consists of forests, trees, domains, organizational units and individual items. This structure is completely independent of the physical structure of the network and allows administrators to domains on the needs of the organization independently manage the physical structure of the network.

Descriptions of all components of the Active Directory logical structure:

Forest: The forest is the outer limit of an Active Directory structure. This is a group of multiple domain trees that share a common pattern, but do not form a contiguous namespace. It arises when the first computer is installed on an Active Directory network. There are at least a forest in a network. The first domain in a forest is a root domain. It controls the schema and domain name for the entire forest. It can be removed individually from the forest. Administrators can then create multiple forests and trust relationships between certain areas in these forests, according to organizational requirements.

Trees: a hierarchical structure in different areas of the Active Directory forest is organized as a tree. It is a root domain and several child domains. The first domain is created in a tree, the root domain. Each domain added to the root domain is their child, and the root domain is the parent company. The parent-child continues until the end node is reached. All areas share a common pattern tree, which is defined in the woods. According to the organizational needs, multiple domain trees are included in a forest.

Domains: A domain is the basic organizational structure of a model for the integration of Windows Server 2003. It logically organized resources on a network and defines a security boundary in Active Directory. The list can have more than one area, and each goes his own domain security policy and trust relationships with other domains. Almost all organizations with a kind of Wide Area Network with network model to improve network security and enable administrators to efficiently manage the entire network.

Objects: Active Directory stores all network resources as objects in a hierarchical structure of containers and sub-containers, so they easily accessible and manageable. Each object class consists of several attributes. Each time a new object is created for a certain class, it automatically inherits all the attributes of their class member. Although Windows Server 2003 Active Directory objects have defined a standard set, administrators can modify according to their organizational needs.

Organizational Unit (OU): It is the least abstract component of Windows Server 2003 Active Directory. It acts as a container, in which the resources of an area can be placed. The logical structure is similar to the functional structure of an organization. It allows to create administrative boundaries within a domain by a transfer of administrative tasks to different administrators in the field. Administrators, several organizational units in the network. You can also OUs nesting, which means that other organizational units can be created within an OU.
In a large and complex network is the Active Directory a single point of management for administrators, by all network resources in one place. It allows administrators to delegate administrative tasks efficiently and to facilitate the rapid discovery of network resources. It is easily adaptable, which means that administrators can a large number of resources to add, without an additional administrative burden. It is performed by partitioning the directory database to distribute in other areas, and to build trusting relationships that the users the benefits of decentralization and at the same time, centralized administration.

The physical network infrastructure of Active Directory is far too easy in comparison to its logical structure. The physical components are domain controllers and sites.

Domain Controller is Windows Server 2003 with Active Directory services and running as a domain controller. A local domain controller decides on requests for information about the objects in this area. A domain can have multiple domain controllers. Each domain controller in a domain follows the multimaster model by a complete copy of the directory partition of the domain. In this model, each domain controller contains a master copy of the directory partition. Administrators can use a domain controller, the Active Directory database to change. Changes are made by administrators are automatically replicated to other domain controllers in the domain.

However, there are operations that are not on the multi-model. Active Directory manages the operations and carry it assigns a single domain controller. This domain controller as a master operations. The master carries out several operations roles, which have forest-wide and the whole area.

Forest-wide roles: There are two types of rolls through the forest:

Schema Master and Domain Naming Master. The scheme is for the maintenance of the plan and distribute to the entire forest. The Domain Naming Master is responsible for maintaining the integrity of the forest area by recording additions and deletions to the areas of forest. If new fields are added in a forest, the role of the domain naming master is interviewed. In the absence of this role can create new fields are added.

Domain-level roles: There are three types of domain-level roles: RID Master, PDC Emulator and Infrastructure Master.

RID Master: The RID Master is one of the operations master roles that exist in each domain in a forest. It checks the sequence number for the domain controllers in a domain. It offers a unique sequence of RIDs to each domain controller in a domain. When a DC creates a new object, the object is a unique identifier of the security that is associated with a combination of a domain SID and RID. The domain SID is an identifier constant, while the RID is assigned to each object by the domain controller. The domain controller is the RID Master RID. If the domain controller, all supplied by the RID RID master, it asks the RID Master to issue more going on to create other objects in the area. If a domain controller and its pool of RIDs, the RID master is unavailable exhausted, no new object in the domain can not be created.

PDC Emulator: The PDC emulator is one of the five operations master roles in Active Directory. It is used in a domain with non-Active Directory computers. It processes password changes for users and computers, reproduced these updates to Backup Domain Controller, and running the domain master browser. If a user does not authenticate a domain controller for domain authentication, and the domain controller, the user due to bad password, the request to the PDC emulator is forwarded. The PDC emulator then verifies the password, and if it finds the entry update request the password, it authenticates the request.

Director of Infrastructure: The Infrastructure Master role is one of the operations master roles in Active Directory. It operates at the domain level and exists in every area of the forest. It supports all object references, inter-domain updating references from objects in its domain to objects in other domains. It plays a very important role in a multi-domain environment. He compares his data with a global catalog, which always has updated information about the objects from all domains. If the infrastructure master finds data that is outdated, it requests the global catalog for the updated version. If the current data in the global catalog is available, the infrastructure master replicated extracted data and updates to all other domain controllers in the domain.

Domain controllers can also acts as a global catalog servers are assigned. A GC is a special database that stores a replica of the Active Directory directory to its host domain and the partial replica directory other domains in a forest. It is standard on the first domain controller in the forest. He served mainly on the following connection options and queries to Active Directory:

It enables network logon by providing universal information belonging to a group with a domain controller when a logon request is initiated.

It allows find the directory information in all areas in an Active Directory forest.

A global catalog is necessary to connect a network within a multi-domain environment. Provision of information on worldwide compliance group, it improved the response times for queries. In his absence, a user is allowed to connect to its local domain only if the user is outside the local domain.

Website: A website is a group of domain controllers that exist on different IP subnets and are connected via a fast and reliable network. A network can connect multiple sides of a WAN link. The pages are for replication traffic, which can occur at a site or between sites to check. Replication in a place called intersite replication, and that is between the sites as a cross-site replication. Like all domain controllers in a site, usually with a fast LAN connection, is the site replication are always uncompressed. Any changes in the field are quickly replicated domain controllers. Since the locations are connected via a WAN connection, the inter-site replication is still in compressed form. Therefore, it is slower than the inter-site replication.