a domain as "a single security boundary of a Windows NT-based computer network. Active Directory is made up of one or more domains. On a standalone workstation, the domain is the computer itself. A domain can span more than one physical location. Every domain has its own security policies and security relationships with other domains. When multiple domains are connected by trust relationships and share a common schema, configuration, and global catalog, they constitute a domain tree. Multiple domain trees can be connected together to create a forest."
Domain
A Windows domain is a collection of security principals that share a central directory database. This central database (known as Active Directory starting with Windows 2000,[1] Active Directory Domain Services in Windows Server 2008 and Server 2008 R2, also referred to as NT Directory Services on Windows NT operating systems, or NTDS) contains the user accounts and security information for the resources in that domain. Each person who uses computers within a domain receives his or her own unique account, or user name. This account can then be assigned access to resources within the domain.
In a domain, the directory resides on computers that are configured as "domain controllers." A domain controller is a server that manages all security-related aspects between user and domain interactions, centralizing security and administration. A Windows Server domain is generally suited for businesses and/or organizations when more than 10 PCs are in use.
Administrative domain.
the centralized directory database in the domain model is NTDS.DIT(directory information tree) but for the local sstem not connected to domain is SAM
, the server hosting the replica of Active Directory database is called Domain Controller. In it's database is all information about all objects, that exist in particular Active Directory domain.
Active Directory
Active Directory NC (Naming Context's) * Active Directory consists of three partitions or naming contexts (NC) ** Domain, Configuration and Schema Naming Contexts * Each are replicated independently * An Active Directory forest has single schema and configuration ** Every domain controller (DC) holds a copy of each (schema, configuration NC's) * Forest can have multiple domains ** Every domain controller in a domain holds a copy of the domain NC
No, you do not. You only install Active Directory if the system is going to be a domain controller. If it is a member server or a standalone server Active Directory should not be installed.
DomainDNSzones
The Restartable Active Directory, that allows you to have the ntds.dit in offline mode WITHOUT rebooting the domain controller.
They log onto the domain and not the actual computer.
Domain controller is the physical object.
Leaf and Container
You run the 'dcpromo' command to remove active directory and demote a domain controller to a member server. To remove AD completely you would have to do this process on all domain controllers.