Active Directory Schema
Schema is a combination of Active Directory and
is a collection of object classes and attributes. The active directory
services use objects as a data storage unit either it is user, computer,
printer, or a folder and what objects will be created in our Active directory
are defined in Active directory schema which acts as a master document.
Which means if
a user or printer can be created then it is defined in the schema and what would be
their attributes such as first name last name login hours, all these
are defined in schema. Attributes can be divided into two parts such as required
attributes as without logon name a user cannot exist.
But you can leave empty last name,
designation, etc these are the optional attributes. When any data or query
comes to Active Directory related to objects then AD consuls this with schema
and if the schema has a definition for that subject means it can be created and
what would be its attributes and according to the defined attributes in schema
the object is created.
How to do DHCP server role installation and configuration?
What is Windows Server Active Directory and its uses and benefits?
Features of Active Directory and its LogicalStructure
Also Read about
How to do DHCP server role installation and configuration?
What is Windows Server Active Directory and its uses and benefits?
Features of Active Directory and its LogicalStructure
Active Directory Trust
Suppose we have a forest engineer.com and the forest has multiple
child domains. Trust is a way in which users of one domain can use the
resources of other domains like printers, computers, or other resources. So
there should be a Trust relationship between two domains if they want to
communicate with each other.
Some trust relationships are created automatically
but some are created by the administrators. Trust relationships allows
administrators from a particular domain to grant access to their domain's
resources for users in other domains. These trust relationship can be made
between multiple forests and even with the older versions of Microsoft server
2003 or 2000. The
trusts that AD creates are of various types such as
ü Parent-Child
Trust (Transitive Trust, Two way)
ü Tree
Root Trust (Transitive Trust, Two way)
ü Shortcut
Trust (Non-Transitive Trust, One way)
ü External
Trust (Non-Transitive Trust, One way)- Among two different organizations
ü Cross
Forest Trust (Transitive, Two way)
ü Realm
Trust (Non-Transitive Trust, One way) -Among Microsoft and Unix.
The above fig shows the best explanation of Trust
relationship.
Suppose in figure A have a trust on B
and B have a trust relationship on C then C automatically have a trust on A so
this type of relationship is called Transitive Trust. The trust relationship
between forests require one thing that both the forests should have the
functional level 2003 or 2008 or higher.
Active Directory Partitions or Naming Context
Active Directory part ions or naming
context divides the active directory in multiple partitions. These are also
known as Active directory naming contexts (NCs). To enhance the efficiency of
the AD, ntds. dit file is divided into some parts or partitions and every domain
controller will have the details of these partitions means the domain
controllers which have a copy of ntds.dit (Divided in three partitions) file
in which AD is stored.
The first partition is known as The
Schema Partition or Schema NC which contains the rules and definitions
that are used for the creation and modification of object classes and
attributes within the AD and this partition information is replicated on every domain
controller in the forest so that by following the same attributes they can
create the same objects.
The second partition is known as The
Configuration Partition or Configuration NC which Contains the information regarding to the
physical topology of the network, as well as other configuration data that must
be replicated throughout the forest.
The third partition is known as The
Domain Partition or Domain NC which consists of users, computers,
and other resources information for a particular AD domain and this information
is replicated within the domain controller on all the domains.
And beginning from window server 2003 AD
also includes a fourth type of partition type which is known as Application
partition. Application partition or Application NCs
provide the fine control to the administrator in the network and help the
administrator that where the information will be flow or replicate in a domain
or forest which results in greater flexibility and better control over
replication performance.
0 Comments
Thanks for your Feedback