Windows Server 1.1 : termes Adds

Name: Windows Server 1.1 : termes Adds
Uploaded: 2023-02-01
Description: Essential AD DS vocabulary: domain controllers, OUs and GPOs, the NTDS.DIT database with its partitions, the AD schema, SYSVOL and trust relationships.

This lesson walks through the vocabulary you must master before installing Active Directory: domain controllers, OUs, the AD database, the schema and trust relationships. Without these terms, the upcoming hands-on work is hard to follow.

Core terms

Domain controllers (DCs) — servers running the AD DS role. They host and replicate the Active Directory database NTDS.DIT in the SYSVOL folder. They also run the Kerberos Key Distribution Center (KDC) for authentication, plus DNS. Since authentication is critical, you should always have at least two domain controllers, so that if one is unavailable clients can reach the other.
Organizational Units (OUs) — containers for objects that also serve as scopes for management. OUs can be linked to Group Policy Objects (GPOs) which contain configuration settings applied to users or computers inside them. You can also delegate management of an OU's content or its subtree. No more than six OU nesting levels are recommended.
The AD database (NTDS.DIT) — ultimately, AD is a database of configurations and resources. Every record is an object (user, group, computer); every field is an attribute (name, password, description, SID). The file lives by default under %SystemRoot%\NTDS on each DC. It is divided into partitions: Configuration (domains, services, topology), Domain (objects in the domain — users, groups, computers), and the Partial Attribute Set used by the global catalog. If DNS is AD-integrated, zones and resource records also live in those partitions.
SYSVOL — a folder structure under %SystemRoot%\SYSVOL that holds logon scripts and files associated with GPOs.
The AD schema — the "blueprint" of Active Directory. It defines the object classes and attributes the directory can hold (for instance, that a user object class exists and is required to have a logon name). Schema changes (for example when extending the schema for Exchange) require special rights on the schema master and the registration of a DLL.
Trust relationships — a way for one domain to authenticate users from another domain and let them access its resources. The trusting domain extends trust to the trusted domain. Inside a single forest, every domain trusts every other domain automatically; across forests you must establish trusts manually.

Master these terms and the next lessons — installation of the first DC, creation of OUs, application of GPOs — will land on solid ground.