What is the Logical and Physical Structure in Active Directory?

In this question, there are two terms: Logical Structure and Physical Structure.

Let’s talk first about Logical Structure, Active Directory stores network object information and implements the services that make this information available and usable to users. Active Directory presents this information through a standard way to understand. logical structure that helps you establish and understand the organization of domains and domain resources in a useful way. This presentation of object information is referred to as the logical structure because it is independent of the physical aspects of the Active Directory infrastructure, such as the domain controllers required for each domain in the network.

Components of Logical Structure

Organizational Units, (Question: What is OUs or organizational Units?)
Organizational units are container objects.
You use these container objects to arrange other objects in a manner that supports your administrative purposes. By arranging objects in organizational units, you make it easier to locate and manage them.

– You can also delegate the authority to manage an organizational unit.
– Organizational units can be nested in other organizational units.
– You can arrange objects that have similar administrative and security requirements into organizational units.
– Organizational units provide multiple levels of administrative authority so that you can apply Group Policy settings and delegate administrative control.
– This delegation simplifies the task of managing these objects and enables you to structure Active Directory to fit your organization’s requirements.

(Let’s take an example in real life, You are a Science student and one of your friends is an Art student.
So to manage you and your friend, College does one thing that it’s divide in Science and Art group. Now it’s so easy to manage science and Art students. When a student comes for science, College just does one thing, but that student in the science group. The organizational Unit is just like the Science group and students are objects in that group. It is easy manage.)

Domains, (Question: What is Domain?)
Domains are container objects. Domains are a collection of administratively defined objects that share a common directory database, security policies, and trust relationships with other domains. In this way, each domain is an administrative boundary for objects. A single domain can span multiple physical locations or sites and can contain millions of objects.

Domain Trees, 
Domain trees are collections of domains that are grouped together in hierarchical structures. When you add a domain to a tree, it becomes a child of the tree root domain. The domain to which a child domain is attached is called the parent domain.

A child domain might, in turn, have its own child domain. The name of a child domain is combined with the name of its parent domain to form its own unique Domain Name System (DNS) name such as child1.techiescure.com (here parent is techiescure.com). In this manner, a tree has a contiguous namespace.

Forests, (Question: What is Forests?)
A forest is a complete instance of Active Directory. Each forest acts as a top-level container in that it houses all domain containers for that particular Active Directory instance. A forest can contain one or more domain container objects, all of which share a common logical structure, global catalog, directory schema, and directory configuration, as well as automatic two-way transitive trust relationships. The first domain in the forest is called the forest root domain. The name of that domain refers to the forest, such as techiescure.com. By default, information in Active Directory is shared only within the forest. In this way, the forest is a security boundary for the information that is contained in that instance of Active Directory.

(You can see it as in real. In the forest, there are many trees and that trees have many branches and that branches have sub-branches. So here you can assume forest as one tree or group of tree.)

Site Objects, Sites are leaf and container objects. The site’s container is the topmost object in the hierarchy of objects that are used to manage and implement Active Directory replication. The site’s container stores the hierarchy of objects that are used by the Knowledge Consistency Checker (KCC) to effect the replication topology. Some of the objects located in the site’s container include NTDS Site Settings objects, subnet objects, connection objects, server objects, and site objects (one site object for each site in the forest). The hierarchy is displayed as the contents of the Sites container, which is a child of the Configuration container.

Now we are going to talk about Physical Structure

Physical Structure

checks when and where logon and replication traffic occurs. The physical structure of Active Directory contains all the physical subnets present in your network like domain controllers and replication between domain controllers.
Component
Domain Controllers: (Question: What is DC or Domain Controller?)
These computers run Microsoft Windows Server 2003/2000, and Active Directory. Every Domain Controller performs specific functions like replication, storage, and authentication. It can support the maximum one domain. It is always advised to have more than one domain controller in each domain.

Active Directory Sites: These sites are a collection of well-connected computers. The reason why we create site is domain controllers can communicate frequently within the site. This way it minimizes the latency within site say changes made on one domain controller to be replicated to other domain controllers. The other reason behind creating a site is to optimize bandwidth between domain controllers which are located in different locations.

All IP subnets who share the common Local Area Network (LAN) connectivity without knowing the actual physical location of computers is called site.

Let’s take an example: Site A has subnets 192.168.1. A and 192.168.10.A, where 192.168.1.A computer is located in India and 192.168.50.A computer is located in America. In this case, physical location of both the computer is not known to the user. Because of the proper bandwidth between these two, they are able to work and configure computers within the same Active Directory Site.
A few considerations an Administrator should examine before creating a new site are proper bandwidth, available bandwidth cost and replication traffic expected.

Proadvisor247
Logo