What is Active Directory Directory Service in details? ADDS

Article Index


Tree is collection of domain which has contiguous linking of domain and the share common name space. There can be trust relationship between them which is generally transitive in nature. A tree is a grouping or hierarchical arrangement of one or more Windows Server 2003 domains that you create by adding one or more child domains to an existing parent domain.


The forest links multiple domain trees the first tree in the forest is called root tree.

A forest is a grouping or hierarchical arrangement of one or more separate, completely independent domain trees. As such, forests have the following characteristics:

All domains in a forest share a common schema.

All domains in a forest share a common global catalog.

All domains in a forest are linked by implicit two-way transitive trusts.

Trees in a forest have different naming structures, according to their domains.

Domains in a forest operate independently, but the forest enables communication across the entire   organization.


Physical Structures

The physical components of Active Directory are sites and domain controllers.


A site is a combination of one or more IP subnets connected by a highly reliable and fast link to localize as much network traffic as possible. Site is collection of the subnet in active directory. It represents geographically separated network or subnet. It is replication bounding.

Domain Controllers

Domain Controller is the power full computer running as a server family operating system. He has some additional power to control the client.

        A domain controller is a computer running Windows Server 2003 that stores a replica of the domain directory (local domain database). Because a domain can contain one or more domain controllers, each domain controller in a domain has a complete replica of the domain’s portion of the directory.

Active Directory OBJECT

An Active Directory structure is a hierarchical framework of objects. The data stored in Active Directory, such as information about users, printers, servers, databases, groups, computers, and security policies, is organized into objects. The objects fall into two broad categories:- resources (e.g., printers) and security principals (user or computer accounts and groups). Security principals are Active Directory objects that are assigned unique security identifiers (SIDs) used to control access and set security.

An object is a distinct named set of attributes that represents a network resource. Object attributes are characteristics of objects in the directory. For example, the attributes of a user account object might include the user’s first name, last name, and logon name, while the attributes of a computer account object might include the computer name and description

  • All objects stored in Windows Server 2003’s Active Directory

Database will have the following attributes attached.

Method-Every object will have the following in common, such as creating the object, opening the object, and deleting the object.

Properties-All Active Directory object have a set of properties or attributes.

Collection-If an attribute can contain more then a single value (such as the member of a group object), these values are stored as collection or an array of values.


A computer object is a software representation of a physical entity, namely, the computer. It represents level of participation in the Active Directory domain. This level of participation usually has to do with security.


User accounts comprise the meat and potatoes of Windows Server 2003 domain administrator.

All computing activities, whether it be access to are source or backing up a file occur in the context of a user account. An account is needed to interact with the network and is issued an access token at logon time.


A group object is just another type of account, much like a user account. However, this account’s purpose is to store a list. In this is an inventory of all the user account that belongs to the group account. The access token

Is a register of the user account and all the group to which it belongs. It is proffered to resource in the domain for the purpose of determining access.


In a windows server 2003 domain, you have the option of creating software object in Active Directory object shared printer in your enterprises. The advantage of creating an Active Directory object for each printer (rather then just creating the shared printer on a printer server) is that it enables users to find an enterprise’s printer more easily by conducting a search through Active Directory.