December 08, 2000, 4:33 PM — In my
column we began our discussion of Window's 2000's Active Directory (AD), with an
overview of some of AD's critical components. This week we continue to explore AD's
structure, looking at forests, sites, and replication.
Objects, OUs, domains, and trees
AD, like all other directory services, is a database that centralizes the data and
instructions that user applications need to communicate over a network. As I discussed
in Part 1, the basic unit of AD is the object. Objects are typically maintained in
organizational units (OUs), which are in turn maintained in one or more domains.
When you create multiple domains containing the same domain name -- for example,
Domain.com, Dev.domain.com, HR.domain.com, etc. -- you begin to build a tree. All
domains within a tree share the same configuration (which defines the AD settings) and
global catalog (which facilitates global searches). By using trees to structure your
network, you can logically break out your enterprise into separate, manageable
If your organization needs to maintain separate namespaces, for example because of a
merger or acquisition, each namespace can be managed separately by creating a
A forest is a collection of domains that have noncontiguous namespaces but that
share a common schema, configuration, and global catalog. (Having a noncontiguous
namespace means that domains don't share a common domain name.) Domains within a forest
are linked via two-way transitive trusts.
For example, say you create a forest that includes the domains Abigo.com and
Merger.com (see figure, below). Because they're part of the same forest, the two
domains share the same schema, configuration, and global catalogs even though they have
If the domains within a forest don't share a common global catalog, global searches
across the forest will not be possible.
The schema, which I described in detail in HREF="http://www.itworld.com/Net/1746/ITW729/">Part 1 of
this series, lists definitions of all the objects within a forest. All domains within a
tree share a common schema, as do all trees in the same forest. If they don't share a
common schema, objects can exist in one section of the forest, but not in others.