Active Directory Structure

Active Directory Structure

Active Directory has a hierarchical design for their objects. In Active directory Users and Groups, computers etc. are known as Objects. Each object is unique and represents a single entity which has a unique SID and set of attributes, and all these attributes are stored in schema.

You can design your network in different ways according to your network. You can logically divide your network into forest, tree, and domain in an Active Directory network.

Single domain structure environment

When you create only one domain in your network and create all users and OU are under the same domain, this structure or design is known as Single domain structure or called Domain.

Active Directory structure

Active Directory Tree:

A active directory tree is collection of more than one domain in same hierarchy or in contiguous namespace. Suppose you have root domain and now we have two branch office and we want to create tree domain environments for user managements. Now we create new domain as and

Active Directory Tree

Active Directory Forest:

Forest contains two or more domain in discontinuous name spaces. Suppose we have another company with domain and we want to connect this domain with, the best option we have to connect domain with is connect through forest relationship. In this case we also allow the users of other domain to access the resources of other forest domain. For example we have a file on and we can make this accessible for users by creating a forest functional level relation.

Active Directory Sites:

A site is an area of high speed connectivity is connect with other site domain that is connect through lower speed connection (WAN link). For Active Directory Sites you may have the following structure, where W7CLOUD.COM and VPN,NET which have high speed LAN and connect each other with WAN link.

Active Directory sites

Normally create active directory sites when we have two office in different city or in different country connect with the WAN link, then this is best idea to define sites in active directory, this case we need to measure the speed of the WAN link and need to schedule the replication of database between two domain for better management and network performance. Using active directory sites you can do these tasks very well.


Leave a Reply

Your email address will not be published. Required fields are marked *