The Domain is the core unit of logical structure in Active Directory. All objects which shares a common directory database, trust relationship with other domain and security policies is known as Domain. Each domain stores information only about the objects that belong to that domain.
All security polices and settings, such as administrative rights, security policies, and Access Control Lists (ACLs), do not cross from one domain to another, thus a domain administrator has full rights to set policies only within domain they belong to.
Domains provide administrative boundaries for objects; manage security for shared resources and a unit of replication for objects.
A Tree
Trees are collections of one or more domains that allow global resource sharing. A tree may consist of a single domain or multiple domains in a contiguous namespace. Adding a domain to a tree becomes a child of the tree root domain. Domain will be called as parent domain to which child domain is attached. A child domain can also have its multiple child domains. Child domain uses the name followed by parent domain name and gets a unique Domain Name System (DNS).
For example, if tech.com is the root domain, you can create one or more Child domains to tech.com such as north.tech.com and or south.tech.com. These "children" may also have child domains created under them, such as sales.north.tech.com.
The domains in a tree have two-way, Kerberos transitive trust relationships. A Kerberos transitive trust simply means that if Domain A trusts Domain B and Domain B trusts Domain C, then Domain A trusts Domain C. Therefore, a domain joining a tree immediately has trust relationships established with every domain in the tree.
A Forest
A forest is a collection of multiple trees that share a common global catalog, directory schema, logical structure, and directory configuration. Forest has automatic two-way transitive trust relationships. The very first domain you create in the forest is called the forest root domain.
Forests allow organizations to group their divisions which use different naming scheme, and may need to operate independently. But as an organization they want to communicate with the entire organization via transitive trusts, and share the same schema and configuration container.
The main zone types used in Windows Server 2003 DNS environments are primary zones and Active Directory-integrated zones. Both primary zones and secondary zones are standard DNS zones that use zone files. The main difference between primary zones and secondary zones is that primary zones can be updated. Secondary zones contain read-only copies of zone data.An Active Directory-integrated zone can be defined as an improved version of a primary DNS zone because it can use multi-master replication and the security features of Active Directory. The zone data of Active Directory-integrated zones are stored in Active Directory.Active Directory-integrated zones are authoritative primary zones.A few advantages that Active Directory-integrated zone implementations have over standard primary zone implementations are:Active Directory replication is faster, which means that the time needed to transfer zone data between zones is far less.The Active Directory replication topology is used for Active Directory replication, and for Active Directory-integrated zone replication. There is no longer a need for DNS replication when DNS and Active Directory are integrated.Active Directory-integrated zones can enjoy the security features of Active Directory.The need to manage your Active Directory domains and DNS namespaces as separate entities is eliminated. This in turn reduces administrative overhead.When DNS and Active Directory are integrated; the Active Directory-integrated zones are replicated, and stored on any new domain controllers automatically. Synchronization takes place automatically when new domain controllers are deployed
Active Directory Domains And Trusts console
chk the link http://www.linktionary.com/d/dirserv.html
The Active Directory administrative tools can only be used from a computer with access to a domain. The following Active Directory administrative tools are available on the Administrative Tools menu: Active Directory Users and Computers (dsa.msc) Active Directory Domains and Trusts (domain.msc) Active Directory Sites and Services (dssite.msc)
Primary zone: This is the only zone type that can be edited or updated because the data in the zone is the original source of the data for all domains in the zone. Updates made to the primary zone are made by the DNS server that is authoritative for the specific primary zone. You can also back up data from a primary zone to a secondary zone.Secondary zone: A secondary zone is a read-only copy of the zone that was copied from the master server during zone transfer.Active Directory-integrated zone: An Active Directory-integrated zone is a zone that stores its zone data in Active Directory. DNS zone files are not needed. This type of zone is an authoritative primary zone. Zone data of an Active Directory-integrated zone is replicated during the Active Directory replication process. Active Directory-integrated zones also enjoy the security features of Active Directory.Stub zone: A stub zone is a new Windows Server 2003 feature. Stub zones only contain those resource records necessary to identify the authoritative DNS servers for the master zone.as well underscore zone _msdcs
DHCP
The main benefits of using an active directory like LDAP Active Directory are many. One can use an active directory to allow for scheduling to made and updated in a timely manner.
Some books one could use as tutorials for Active Directory are Active Directory Cookbook, Active Directory for Dummies as well as Windows 2000 Active Directory. All have various problem solving techniques one could use and they can be easily referenced.
Active directory users are nothing but the ones those are authenticated or able to access the directory with all the benefits of directory
Active directory is held in the sysvol folder in the C drive.
The DS tools consist of the following commands DSQUERY - search for active directory objects matching criteria DSGET - retrieves selected attributes from active directory objects DSMOD - modify attributes for one or more active directory objects DSADD - create active directory objects DSMOVE - move active directory objects DSRM - removes/deletes active directory objects
http://technet.microsoft.com/en-us/library/bb727067.aspx