Active Directory Structure

Logical Structure – Useful for organizing the network.

1. Domains

2. Trees

3. Forest

4. Organizational units

Physical Structure - Physical structure is useful for representing our organization

5. Sites

6. Domain controllers



Domain is the logical group of network objects like users, computers, groups and devices that share the same database.


Active directory trees

Simple definition for understanding is “It is a group of domains in active directory which share the contiguous namespace.”


Ques: What is mean by contiguous namespace?

A contiguous namespace is where the name of the child object in the object hierarchy always contains the name of the parent domain.

A tree is an example of the contiguous namespace.


Important Points: 

If more than one domain exists we can combine the multiple domains into hierarchical tree structures.

The first domain created is the root domain of the first tree.

Additional domains in the same domain tree are child domains.

A domain immediately above another domain in the same domain tree is its parent.




Active directory forest

Multiple domain trees within a single forest do not form a contiguous namespace. I.e. they have non-contiguous DNS domain names. More easy definition needed.

Although trees in a forest do not share a namespace, a forest does have a single root domain, called the forest root domain.

The forest root domain is, by definition, the first domain created in the forest.




Active directory OU

Organizational units are Active Directory containers into which we can place users, groups, computers, and other organizational units.

An active directory organizational unit cannot contain objects from other domains.

In a simple way, OU’s are useful for shortening the administrative tasks and to apply the policies on users and computers in the domain.


Setting up Organization Unit in Active Directory 

OU is container object useful for shortening the admin efforts in creating security policies for the organization.

a. To create a OU >> go to Ad users and computers

b. Right click on Domain name >> New >> Organizational unit.

c. Just give the OU name and click on OK.






Moving new users to active directory OU

d. . Right click on User >> select Move.




Select the OU you want to move and the select OK.




Physical Structures of AD


The site is a combination of TCP/IP, subnets, connected with high-speed links.

Sites provide replication


There are 2 types of replications

1. Intrasite replication

It is a replication within the same site. It offers full time replication between DC & ADC when they are within the same site.


2. Intersite replication

It is a replication between two different sites.


Intersite replication is implemented when the sites are away from each other.

It requires a site link.

Site link is a logical connection between sites, which can be created & scheduled.

Site link offers communication only at scheduled intervals.



                                 New York -Site                                             Delhi-Site


Topics Summary