Replication Between Domain Controllers

Active Directory includes a replication feature. Replication ensures that changes to a domain controller are reflected in all domain controllers within a domain. A domain controller stores a replica of the domain directory. Each domain can contain one or more domain controllers.

Within a site, Active Directory automatically generates a ring topology for replication among domain controllers in the same domain. The topology defines the path for directory updates to flow from one domain controller to another until all receive the directory updates.

The ring structure ensures that there are at least two replication paths from one domain controller to another. Therefore, if one domain controller is down temporarily, replication still continues to all other domain controllers.

Active Directory periodically analyzes the replication topology within a site to ensure that it is still efficient. If you add or remove a domain controller from the network or a site, Active Directory reconfigures the topology to reflect the change.

Objects

An object is a distinct named set of attributes that represents a network resource.
Enterprise resources are represented in Active Directory as objects, or records in the database. Each object has numerous attributes, or properties, that define it. For example, a user object includes the user name and password; a group object includes the group name and a list of its members. Active Directory is capable of hosting millions ofobjects, including users, groups, computers, printers, shared folders, sites, site links, Group Policy Objects (GPOs), and even DNS zones and host records.

Organizational Units

An organizational unit (OU) is a container used to organize objects within a domain into logical administrative groups. They provide important administrative capabilities because they provide a point at which administrative functions can be delegated and to which group policies can be linked. Enterprises often have thousands of computers, groups, and users. If you had several thousand computers in a single list, it would be very difficult to identify all the computers belonging to, say, the Accounting department, or located within the Lucknow office. Enterprises need a way to organize these objects. OUs provide a way to create administrative boundaries within a domain, allowing you to delegate administrative tasks within the domain. An OU can contain objects such as user accounts, groups, computers, printers, applications, file shares, and other OUs.

The OU hierarchy within a domain is independent of the OU hierarchy structure of other domain's search domain can implement its own OU hierarchy. There are no restrictions on the depth of the OU hierarchy. However, a shallow hierarchy performs better than a deep one, so you should not create an OU hierarchy any deeper than necessary.

Delegation

Each object in Active Directory ( user objects) includes an access control list (ACL) that defines permissions for that object, just as files on a disk volume have ACLs that define access for those files.

For example, a user object's ACL will define what groups are allowed to reset its password. It would get complicated to assign the frontline administrator permissions to change each individual user's password, so instead you can put all of those users in a single OU and assign that administrator the reset password permission on the OU. That permission will be inherited by all user objects in the OU, thereby allowing that administrator to modify permissions for all users. Resetting user passwords is just one example of administrative delegation.

There are thousands of combinations of permissions that could be assigned to groups administering and supportingActive Directory. OUs allow an enterprise to create an active representation of its administrative model and to specify who can do what to objects in the domain.

Sites

A site is a combination of one or more Internet Protocol (IP) subnets connected by a highly reliable, fast link to localize as much network traffic as possible. Typically, a site has the same boundaries as a local area network (LAN). When you group subnets on your network, you should combine only those subnets that have fast, cheap, and reliable network connections with one another. Fast network connections are at least 512 kilobits per second (Kbps). An available bandwidth of 128 Kbps and higher is sufficient.

Classes Attributes Directory Schema

In Active Directory, you can organize objects in classes, which are logical groupings of objects.Object classes help organize objects by their similarities. For example, all user objects fall under the object class Users.

When you create a new object, it automatically inherits attributes from its class. When you create a new user account, the information you can enter about that user account (its attributes) are derived from the object class Users. Microsoft defines a default set of object classes (and the attributes they define) used by Active Directory. Of course, because Active Directory is extensible, administrators and applications can modify the object classes available and the attributes that those classes define.

The classes and the attributes that they define are collectively referred to as the Active Directory schema in database terms, a schema is the structure of the tables and fields and how they are related to one another. You can think of the Active Directory schema as a collection of data (object classes) that defines how the real data of the directory (the attributes of an object) is organized and stored.