H i All,
In comparison to the logical structure, which performs administrative tasks, the Active Directory physical structure checks when and where logon and replication traffic occurs. The physical structure of Active Directory contains all the physical subnets present in your network like domain controllers and replication between domain controllers.
The physical structure of Active Directory:
• Domain Controllers: These computers run Microsoft Windows Server 2003/2000, and Active Directory. Every Domain Controller performs specific functions like replication, storage and authentication. It can support maximum one domain. It is always advised to have more than one domain controller in each domain.
• Active Directory Sites: These sites are collection of well-connected computers. The reason why we create site is domain controllers can communicate frequently within the site. This way it minimizes the latency within site say changes made on one domain controller to be replicated to other domain controllers. The other reason behind creating a site is to optimize bandwidth between domain controllers which are located in different locations.
All IP subnets who share the common Local Area Network (LAN) connectivity without knowing the actual physical location of computers is called site.
Let's take an example: A site has subnets 192.168.5. A and 192.168.50.A, where 192.168.5.A computer is located in Texas and 192.168.50.A computer is located in London. In this case physical location of both the computer is not known to user. Because of proper bandwidth between these two, they are able to work and configure computers within the same Active Directory Site.
Few considerations an Administrator should examine before creating a new site are proper bandwidth, available bandwidth cost and replication traffic expected.
• Active Directory Partitions: Each Domain Controller contains the following active directory partitions:
o The Domain Partition contains a copy of all the objects in that domain. Replication in Domain Partition is only to other domain controllers which are in the same domain.
o The Schema Partition is forest wide. Every forest has one schema with consistent object class. The Schema and Configuration take part in replication, and get replicated to all domain controllers in a forest.
o Application Partition which is optional carries objects which are not related to security and can be used by one or more applications. Application Partition replicates to specific domain controller in the forest.
Logical Structure of an Active Directory
Active Directory fulfills all the needs of an organization by designing a directory structure. It provides flexibility in designing the business structure according to current and future needs for an organization, so it should be examined prior to installing active directory. In Active Directory, resources are organized in a logical structure, and this grouping of resources logically enables a resource to be found by its name rather than by its physical location.
Benefits of AD Logical Structure
• Logical Structure provides more network security by means of providing access to resources to only specified groups (OU).
• Logical structure simplified the network management by administration, configuration and control of the network.
• The relationship between the logical structure of domains and forests simplifies resource sharing across an organization.
• As logical structure provides simplified network management, it reduces the load on network resources and lower the total cost of ownership.
Components of AD Logical Structure
The logical structure components have relationship with each other so it manage to control access to stored data and finds how the data will be managed between different domains in a forest.
• Objects: like a user, computer, group, printer etc…
• Organizational Units – like any folder but in control of Active Directory
• Domains – Logical boundaries for objects
• Trees – Logical boundary for multiple domains
• Forests – Logical boundary for multiple trees
Overall, one physical machine running as a Microsoft Domain controller can control all these logical divisions with the help of 'A Operation Master' dedicated to perform specific tasks.
No comments:
Post a Comment