the Domain is called as the security boundary with in the active directory.
A Windows domain is a logical group of computers running versions of the Microsoft Windows operating system that share a central directory database.
domain governs the way user access resources of the network
The domain is the security boundary for AD.
A Windows domain is a logical group of computers running versions of the Microsoft Windows operating system that share a central directory database. This central database (known as Active Directory starting with Windows 2000,[1] Active Directory Domain Services in Windows Server 2008 and Server 2008 R2, also referred to as NT Directory Services on Windows NT operating systems, or NTDS) contains the user accounts and security information for the resources in that domain. Each person who uses computers within a domain receives his or her own unique account, or user name. This account can then be assigned access to resources within the domain.
In a domain, the directory resides on computers that are configured as "domain controllers." A domain controller is a server that manages all security-related aspects between user and domain interactions, centralizing security and administration
the Domain is the security boundary in active directory
=> The forest is the security boundery
Yes, the forest is.
Forest
the Domain is called as the security boundary with in the active directory. A Windows domain is a logical group of computers running versions of the Microsoft Windows operating system that share a central directory database. domain governs the way user access resources of the network
The GLobal Catalogue has a reference to all objects within Active Directory. Its is know as GC
Active Directory will represent a major advance over NT 4.0's simple domain model, since the domains within Active Directory will be able to form a multi-level tree structure.Users will be able to establish two-way transitive trust relationships among these domains. Lower-level domains trust all the higher-level domains within the hierarchical tree. This arrangement will make trust relationships easier to manage and will make possible the delegation of administrative authority from higher to lower levels within the tree.Active Directory will bear on security in two ways.First, Active Directory will be the repository for security policy information for the enterprise. For example, Active Directory will be able to store domain-wide password restrictions and system access privileges.Second, Active Directory will incorporate the object-based security model, controlling each user or group's right to read or update objects within the directory. The directory will therefore be able to hold such important items as encrypted passwords and user certificates with the assurance that only authorized users will be able to read or change them.
Tombstone
Security Identifier (SID) and Domain Name (DN) (p. 86)
Security Identifier (SID) and Domain Name (DN) (p. 86)
The Active Directory Schema defines the types of user,printer objects to be created in the domain
a domain as "a single security boundary of a Windows NT-based computer network. Active Directory is made up of one or more domains. On a standalone workstation, the domain is the computer itself. A domain can span more than one physical location. Every domain has its own security policies and security relationships with other domains. When multiple domains are connected by trust relationships and share a common schema, configuration, and global catalog, they constitute a domain tree. Multiple domain trees can be connected together to create a forest." Domain A Windows domain is a collection of security principals that share a central directory database. This central database (known as Active Directory starting with Windows 2000,[1] Active Directory Domain Services in Windows Server 2008 and Server 2008 R2, also referred to as NT Directory Services on Windows NT operating systems, or NTDS) contains the user accounts and security information for the resources in that domain. Each person who uses computers within a domain receives his or her own unique account, or user name. This account can then be assigned access to resources within the domain. In a domain, the directory resides on computers that are configured as "domain controllers." A domain controller is a server that manages all security-related aspects between user and domain interactions, centralizing security and administration. A Windows Server domain is generally suited for businesses and/or organizations when more than 10 PCs are in use.
DomainDNSzones
Delegation of Control Wizard
*Schema NC, *Configuration NC, * Domain NC Schema NC This NC is replicated to every other domain controller in the forest. It contains information about the Active Directory schema, which in turn defines the different object classes and attributes within Active Directory. Configuration NC Also replicated to every other DC in the forest, this NC contains forest-wide configuration information pertaining to the physical layout of Active Directory, as well as information about display specifiers and forest-wide Active Directory quotas. Domain NC This NC is replicated to every other DC within a single Active Directory domain. This is the NC that contains the most commonly-accessed Active Directory data: the actual users, groups, computers, and other objects that reside within a particular Active Directory domain
B). Delegation of Control Wizard