Logical Elements of Active Directory

                            The logical components of Active Directory are important because they define how the computing enterprise or domain network  will be administered.

There are four logical components of Active Directory.                  
They are
• Domains
• Trees
• Forests
• Organizational units

Domains
                A Windows 2003 Active Directory domain is a logical collection of users and computers. In other words, it’s an organizational entity that groups together the objects in your enterprise.

Trees

                In an enterprise, if we want to have more than one domain to divide administration of users and computers of different departments and offices of the enterprise, then we create trees.
               A tree is set of two or more domains sharing common namespace. For example, we can create a parent domain and then a child domain.

Forests

               A forest is made up of two or more trees with trust relationships between them. A forest lets you link together multiple domain trees in a hierarchical arrangement. The goal in designing a forest is the same as when designing a tree: to define and maintain an administrative relationship between the domains.




Organization Units (OU)

                    An OU is smallest unit in a domain network that can contain users, computers, groups, shared folders, printers and group policy objects. You can apply group policy to an OU but you can’t apply group policy on a Group. In other words, OU acts as separate administrative units for administrating users and computers in a domain. You can delegate administration of an OU to a user.
                Go to Active directory Users and Computers, create an OU and right-click on the OU > Delegate Control to give responsibility of this OU to an other user or administrator.

Physical Elements of Active Directory

                 There are main two physical; elements of Active Directory:
·        Domain Controller
·        Site

Domain Controller (DC)

                Active Directory is an logical item and this item must be stored somewhere physically. So Active Directory is stored in a physical item called Domain Controller. In a domain, we can have one or more DCs.
Sites

            The simple definition of a site is a collection of one or more “well-connected” IP subnets. More importantly, though, a site is a unit of Active Directory replication. If the domain controller’s job is to store and replicate the Active Directory database, then the site’s job is to govern how that replication occurs.