Domain objects

When you set up Active Directory for an enterprise, your first exercise will be to create your root domain, or, in Active Directory terms, the root domain object. If this root domain will also be your Internet root domain, you should register it with an Internet domain administration authority (such as Network Solutions, Inc.) as soon as possible. If you already registered a root domain, you will be able to create an object that represents it in Active Directory and link it to the DNS server hosting or resolving that name. If you have not registered your domain, you might not be able to match it to your company name, because domain names are being claimed every second of the day. This root domain in fact becomes the first container object you create in your chain of objects that represent the "expanse" of your local network logon domain in Active Directory. Under this domain, you create more container objects that represent the organizational units (discussed next) within your enterprise. For example, you might create a domain called and register it with the InterNIC. There are also security considerations we address later.

For now, know that the domains you are creating here are full-blown security and administration entities of your network, in the same fashion that legacy NT 4.0 and earlier domains are. How they work will just confuse you for now, so we have left this discussion for the chapters in Part III. Note, however, that we do not discuss integration and migration of legacy domains until Part III.

Figure 2-13 represents a path (from the bottom up) of a user all the way up to the domain root. As you now know, you can have only a single domain parent in Active Directory. It is entirely feasible, and good practice, to create subdomains under the domain root that reflect the subdivision of resources, departments, politically and geographically diverse divisions of an enterprise, acquisitions, resource entities, and more.

Figure 2-13: A user object (account) on an Active Directory local domain. There is a direct connection between the Active Directory domain and the DNS domain.

Was this article helpful?

0 0

Post a comment