1.3 Windows 2000 and Exchange 2000 topologies

The Windows 2000 topology is quite different from the Windows NT 4 topology. A Windows 2000 domain is a directory and namespace partition, and it is a security boundary defining the scope of policies and groups. The domain can span multiple physical locations and may potentially contain millions of objects. See Figure 1.4.

Figure 1.4: Windows 2000 domain

Domains contain organizational units (OU). Organizational units are containers within a domain that enable Active Directory designers to logically group AD objects. OUs contain leaf objects such as users, groups, and printers, and allow domains to be subdivided without creating additional domains. Administration tasks can be delegated using Access Control Lists assigned to the OUs.

A Windows 2000 tree is a hierarchical organization of domains linked by a Kerberos trust. All domains within a tree share a common configuration, a common schema, a common Global Catalog, and a contiguous namespace. See Figure 1.5.

Figure 1.5: Windows 2000 tree

A Windows 2000 forest is a collection of one or more trees joined by a Kerberos trust. Domains within a forest share a common configuration, a common schema, and a common Global Catalog. However, the domains in a forest have a discontiguous namespace. See Figure 1.6.

Figure 1.6: Windows 2000 forest

A Windows 2000 site reflects locality and is a collection of IP subnets with fast connectivity. The primary purposes of the site definition are to facilitate workstation logons and to determine how directory replication is performed. All site definitions are replicated to all domain controllers. For workstation logon, the site definition helps find a domain controller within the same site as the client workstation.

The Windows 2000 Global Catalog contains a replica of selected attributes of every Active Directory object. It contains the object attributes that are most commonly used as search criteria for queries that span domains, such as user names , telephone numbers , and e-mail addresses.

The list of attributes included in the Global Catalog is extensible by modifying the Active Directory schema.

An Exchange 5.5 site defines and controls the namespace, the administration boundary, routing, and directory replication. A Windows 2000 site is based on IP subnets and topology. Exchange 2000 does not contain a site concept. Instead, Exchange 2000 uses Routing Groups to collect servers into groups that have point-to-point, high-bandwidth connections. Exchange 2000 Administrative Groups define the administration boundaries.

The breadth of the Windows 2000 environment limits the breadth of the Exchange organization. An Exchange 2000 organization cannot span multiple Active Directory forests since neither Windows 2000 nor Exchange 2000 contain any tools to replicate Active Directory objects and properties across forests. Third-party products such as Compaqs LDAP Directory Synchronization Utility (LDSU) could be used to perform directory replication across forest boundaries.