Subscribe Now

* You will receive the latest news and updates on your favorite celebrities!

Trending News

Blog Post

What is Active Directory? – Detailed
Windows Server

What is Active Directory? – Detailed 

In this post, we’ll learn about the Structure and components of the Active Directory domain controller with examples. Before you actually install a domain controller, you need to understand what it does and the environment to which it works.

Enterprise networks that run Windows operating systems depend on Active Directory Domain Services (ADDS) and its related services for many functions. The ADDS database contains all the domain objects, such as user accounts, computer accounts, and groups for your network.

Installing and configuring an ADDS domain controller enables you to create and store the ADDS database.

ADDS is a distributed database that stores and manage information about network resources and application-specific data from directory-enable applications. It helps administrators to organize network objects such as user accounts, computer accounts, and devices into a hierarchical collection of containers or folders – This is known as the logical structure of Active Directory.

Active Directory consists of Both physical and logical structures. The Physical structure is made up of the domain tree and the corresponding domain controller, it contains objects such as user accounts, computer accounts, group accounts, organizational units, and printers.

Structure of Active Directory

Active Directory Logical structure consists of the logical objects you create or  (Windows server 2012 R2 creates automatically) for organizational and administrative purposes.

For example, when you install the first windows domain controller, Windows Server 2012 R2 creates the logical forest, domain tree, and the domain at the top level of the domain tree.

When you install additional domain controllers, you can add them to the forest root domain or create a child domain below the forest root domain.

For example, look at the figure below. You will see the forest root domain named, with two child domains named and 


Please know that both the domain (The Head Quarters)  and the Texas domain are located in Texas being housed in a single office.

Microsoft recommends that you create a site that contains both ( and because they are connected by high-speed networks. A second site should also be created for Boston because the networks in Texas connect to Boston’s networks through a wide area network (WAN) connections.

This is done by Microsoft to reduce the amount of time it takes to manage domain objects. You can delegate administrative rights or permissions at any level with Active Directory.

For example, you can create a new user account and grant it an administrative privilege at the child domain level of domain. These permission enable the user to administer the contents of the domain.

Another example, You can create a user account to which you assign administrative permissions at the forest root domain level 

This user could then manage all the objects within the forest root domain and also both child domains. Additionally, you can also assign a user administrative permissions at the organizational unit (OU) level, this will enable the user to administer only the contents of the OU.

Leaf Objects

These are objects in Active Directory that have no child objects. They are the most basic components in the ADDS logical structure. Examples are Computer accounts, user accounts, group accounts, printers.

Active Directory Components

There are two components of Active Directory namely, Physical Components and Logical Components.

Physical components include the following:

  1. Domain controller: These is the server that holds the server role Active Directory Domain Services (ADDS) and store the content if the AD Database. The file contained in the AD Database can be called the data store
  2. Global Catalog Server: This server contains a partial read-only copy of the objects in the forest. This was implemented by Microsoft to make it possible for faster searches of objects in a different domain in the forest.
  3. Read-Only Domain Controller (RODC): These are domain controllers that host a read-only copy of the AD database. RODCs are configured in office locations with low security or in-experienced administrators. In case someone hacks into the server at this location, the hacker won’t be able to change anything in the AD database.

Logical components include the following:

  1. Domain: A domain is a collection of an administrative defined object that shares a common directory database, security policy and trust relationships with other domains. Domains exist within a forest and share common logical structure, global catalog, directory schema, and directory configurations.
  2. Tree: A tree is a collection of domains that are arranged in hierarchical structures. When you add a domain to a tree, it becomes a child of the tree root domain, and also know that a domain to which a child is joined to is called its parent domain. The name of a child domain is combined with the name of its parent domain to form its own unique DNS name such as
    so that each tree has a similar namespace.
  3. Forest: A forest is a complete instance of Active Directory. Each forest acts as a top-level container for all the domain containers for a particular Active Directory instance. A forest can contain one or more domain controller objects, as well as an automatic two-way transitive trust relationship. The name of that domain refers to the forest, such as By default, information in the Active Directory is only shared within the forest. So the forest is known as the security boundary for information that is contained in that instance of Active Directory. Simply put, a forest is a collection of domain trees that share ADDS
  4. Site: Sites helps to organize users, groups, and computers based on their geographic location and the speed of their connection. At their most basic, sites are just groups of well-connected IP subnets
  5. OU: These are container objects, that you can use to arrange other objects to support your administrative works. It helps in arranging objects. OU makes it easier to locate and manage your AD objects
  6. Partition: You can create partitions to create logical sections within the Active Directory database. Using partitions enables you to optimize tasks such as replications.
  7. Schema: Lastly, Microsoft uses the schema to define all attributes for each type of object you can create and store in Active Directory. For example, the schema contains attributes of user objects such as the user’s first name, last name, address, group membership, date of birth, etc. The schema is extensible which mean it can be modified or you can insert additional attributes for an object.

Related posts

Leave a Reply

Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.