Role/function played by domain structure/relationships in a Windows domain
Understanding Active Directory Domains and Trusts
The security, access to resources, information flow, and the relationship type between various domain forests, domains and domain trees can be controlled all through the environment of enterprise network by the active directory trusts structure and domains of Windows Server 2003. This can relieve managerial burden of multi-domain structures and large domains by saving expense, time and effort. A relationship can be made among two domains that allows passwords of authentication from one domain to the other or among both ways domains, whenever a trust relationship is created among them.
Active Directory
It is defined as the directory service’s Microsoft implementation that permits to search and store any object in multiple domains of single domain. Everything in the domain is classified as objects by the directory services. The objects consist of computers, servers, application data, users, printers, file shares, etc. All these objects will be located in Active Directory in a single file that consists of objects as well as plan information known as ntds.dit.
Domains
Domain is defined as a security container, a data base application of Active Directory, and is the common container for explaining internet namespace and DNS. Beginning with Windows 2000 Server domains and enduring Windows Server 2003, an individual domain can be created and can be secure all the trust and security functions that need several domains making use of Windows NT.
Domain Controllers
For a Windows 2003 server, Domain controller is defined as specialized function. Towards domain controller, server can be promoted in such a way that it can replicate, construct and receive Active Directory database copy. Information regarding all the objects available in domain is included by domain controller, and the users of network can explore it to observe resources, people and computers all the time on the domain. The database of domain controller is updated continuously so that most of the recent information is contained by all the users. At last, as changes takes place, the domain controller replicates or exceeds to other domain controllers along its most recent database. Every domain controller is not equal with Windows NT domains. A PDC (Primary Domain Controller) has to be produced in every domain, which holds the Active Directory database’s master copy. BDCs (Backup Domain Controllers) that held database copy is another type of domain controller.
Domain Tree Trusts
Trust can be created among all the domains, which states that among two or more domains, resources can be shared forth and back as if the resources were one of the domain controller’s parts. Among two NT domains, a one-way non transitive trust can only be created, whenever domain trusts of Windows NT is used. A trust can be created where only an individual domain is trusted and another one is trusting. It must be considered that trust is not assured by interrelationship, whenever generating trust. By the introduction of Windows 2003 Server and Windows 2000 Server Active directory, two-way transitive trusts can be automatically generated in similar domain among various domains so that trust among two domains is two-way.
Domain Forest Trusts
Among two unrelated domain trees, trust relationships can be produced, however the relationships of two-way transitive trust cannot be generated automatically. Similar to the generation of domain trust relationships with Windows NT, forest trust relationships must also be produced. As this is defined as link among two unrelated domains, relationships of trust must be generated carefully with higher security element. Both domains can be owned; separate namespaces can be maintained, and to access resources on second domain one domain must be permitted and must restrict on how the resources are accessed on first domain by second domain.
Any other domain can be accessed transparently by the users in forest through two-way transitive trusts. Transitive trust is the one in which two or more parent domains as well as their child domains trust each other. Depending on the parent trust, the trust present at parent level crosses down to child domains. Transparent trust is defined as the one in which the user does not know anything about how the relationships of trust shifts several domain trees and domains.