Active Directory is the directory service (a directory service is a database of information that is arranged in a top-down hierarchical manner) for your Windows network; it provides a hierarchical structure for domain management and implementation. The Active Directory provides the namespace for your domains and catalogs users, groups of users, computers, printers, and even security policies in a centralized database that is replicated among domain controllers on the network. Each item, such as a user or a group is referred to as an Active Directory object .
Since Active Directory provides a hierarchical, tree-like structure for your domains, sharing resources throughout the domain structure is made easier. And adding new domains to the tree is very straightforward, making the directory service provided by Active Directory highly scalable.
A Windows domain requires a domain controller. This role is added to a server by installing Active Directory on the server (this can be done using the Configure Your Server Wizard). During the installation of the Active Directory on the domain controller you are required to provide the full DNS name of your domain. The Domain Name Service hierarchy and naming conventions are discussed in Chapter 12, "TCP/IP Network Administration".
Once Active Directory is installed on a domain controller (along with DNS and DHCP if necessary), you are provided with a set of Active Directory Management tools. These tools allow you to add users and computers to the domain, manage the trusts between your various domains, and deal with wide area network sites on the network. The Active Directory tools are Active Directory Users and Computers, Active Directory Domains and Trusts, and Active Directory Sites and Services.
Active Directory Users and Computers
The Active Directory Users and Computers snap-in is used to manage user accounts, computers, and groups. It is the management tool for all the Active Directory objects residing in your Windows Server domain. It will also, no doubt, be the Active Directory snap-in that you use the most often as you manage your domain. Figure 9.4 shows the Active Directory Users and Computers snap-in.
Figure 9.4. The Active Directory Users and Computers snap-in is used to manage objects such as users and groups.
Active Directory Domains and Trusts
The Active Directory Domains and Trusts snap-in is used to manage trusts between your domains. Since transitive trusts are assigned to domains in the same domain tree, Active Directory Domains and Trusts would typically be used to manage trust relationships between different domain forests.
The Active Directory Domains and Trusts snap-in is also important in another respect; it provides you with the ability to raise a domain's functional level. The domain functional level that you select will determine what type of domain controllers (based on the Microsoft network operating system they are running), are supported within your domain. By default the domain functional level is set to Windows 2000 mixed, which supports Windows NT 4, Windows 2000, and Windows Server 2003 domain controllers.
Active Directory Sites and Services
The Active Directory Sites and Services snap-in is used to manage the physical and logical structure of your Windows network. A site , which can be a subnet or a collection of subnets, is typically one physical location. Active Directory Sites and Services allows you to create multiple sites, which consist of different physical locations connected by WAN connections. Subnetting an IP network is discussed in Chapter 12.