Escolar Documentos
Profissional Documentos
Cultura Documentos
contained in the directory, the constraints and limits on instances of these objects, and the
format of their names.
A global catalog that contains information about every object in the directory. Users and
administrators can use the global catalog to find directory information, regardless of which
domain in the directory actually contains the data.
A query and index mechanism, so that objects and their properties can be published and
found by network users or applications.
A replication service that distributes directory data across a network. All writable domain
controllers in a domain participate in replication and contain a complete copy of all
directory information for their domain. Any change to directory data is replicated to all
optional attributes that is, an attribute can be present in an object in Active Directory
only when that attribute is permitted by the object's class.
Classes also contain rules that determine which classes of objects can be superior to
(parents of) a particular object of the class. Each attribute is also defined in the directory
schema. The attribute definitions determine the syntax for the values the attribute can
have.
When you create an object in Active Directory, you provide values for the attributes of the
object in its particular class, and you do so according to the rules of the directory schema
Applications that create or modify objects in Active Directory use the directory schema to determine what
attributes the object must and might have, and what those attributes can look like in terms of data
structures and syntax constraints. For this reason, the directory schema is maintained forest-wide so that
all objects created in the directory conform to the same rules.
Objects are either container objects or leaf objects. A container object stores other objects, and, as such, it
occupies a specific level in a subtree hierarchy. An object class is a container if at least one other class
specifies it as a possible superior; thus, any object class defined in the schema can become a container. A
leaf object does not store other objects, and, as such, it occupies the endpoint of a subtree.
Active Directory
Domain Services (AD DS) defines the data structure and services that provide organization,
Domain controllers host and replicate the directory service database inside the forest
The directory service also provides services for managing and authenticating resources in the forest.
2.b
Active Directory Structure and Storage Technologies
Administrators use Active Directory to store and organize objects on a network (such as users, computers, devices,
and so on) into a secure hierarchical containment structure that is known as the logical structure. Although the
logical structure of Active Directory is a hierarchical organization of all users, computers, and other physical
resources, the forest and domain form the basis of the logical structure.
Forests, which are the security boundaries of the logical structure, can be structured to provide data and service
autonomy and isolation in an organization in ways that can both reflect site and group identities and remove
dependencies on the physical topology.
Domains can be structured in a forest to provide data and service autonomy (but not isolation) and to optimize
replication with a given region. This separation of logical and physical structures improves manageability and
reduces administrative costs because the logical structure is not affected by changes in the physical structure.
The logical structure also makes it possible to control access to data. This means that you can use the logical
structure to compartmentalize data so that you can control access to it by controlling access to the various
compartments.