A Windows Server 2003 domain is group of networked computers that share a common Active Directory database, and a common namespace.You can think of a domain as a limited boundary of network security and administrative control.A namespace is a hierarchical collection of service and object names, typically stored within DNS and Active Directory.
There are some similarities between the Active Directory namespace and the DNS namespace, both of which are required by Windows Server 2003. For example, the name of an Active Directory tree is derived from the DNS name of the tree root, which means that both namespaces share the same root. When you rename the root domain, you must automatically rename all child domains in the tree to match; hence, all levels of both namespace hierarchies. The Active Directory and DNS namespaces, by Microsoft definition, must have the same name. Exceptions do exist, however, such as during a domain rename procedure.
How Can I Tell the Difference between the Active Directory Namespace and the DNS Namespace?
Among the differences in the two namespaces is the ability of DNS to split a domain name into two separate zones. In split-DNS, one zone typically provides name resolution for resources outside the firewall, while the other zone provides name resolution for the inside. Inside users can locate and use external resources. An Active Directory domain cannot be split in the same way and continue to fully interoperate.
Another difference is where the data is stored. Even given identical names, and even with Active Directory integrated DNS, the two namespaces occupy different partitions within the directory. This gives them different logical addresses, although replication of the two is accomplished in the same way. With non-Active Directory-integrated DNS, the namespaces do not reside in the same directory and do not need to reside on the same servers. Non-integrated DNS must also provide its own replication topology. In either case, the data is always discretely separated. DNS records and Active Directory objects work together, but never truly intermingle.
One of the most distinct differences is the real-time nature of dynamic DNS. When a server is shut down, dynamic DNS removes the resource records associated with that server from its database. Unless you created static records, as you might for an e-mail or web server, DNS retains no knowledge of the machine. Active Directory, by contrast, requires the stability of constant knowledge for all hosts. If a server were to be removed and re-added to Active Directory, the host would receive a new Security Identifier (SID) and be treated as a new and unique system. In Active Directory, hosts within the same domain are often subdivided into sites and OUs, while DNS hosts are only differentiated by record types.
These distinctions help clarify the forest and domain structure, the namespaces they define, and the interoperability between them.
Active Directory is composed of a number of components, each associated with a different concept, or layer of functionality.You should understand each of these layers before making any changes to the network. The Active Directory itself is a distributed database, which means it can be spread across multiple computers within the forest. Among the major logical components are:
■ The domain namespace
Aspects of the physical structure include the following:
Administrative boundaries, network and directory performance, security, resource management, and basic functionality are all dependent on the proper interaction of these elements.
Figure 4.1 shows the logical view of a Windows Server 2003 Active Directory. Note that the differentiation between forests and trees is most obvious in the namespace. By its nature, a tree is one or more domains with a contiguous namespace. Each tree consists of one or more domains, while each forest consists of one or more trees. Because a forest can be composed of discrete multiple trees, a forest's namespace can be discontiguous. By discontiguous, we mean that the namespaces anchor to different forest-root DNS domains, such as cats.com and dogs.com. Both are top-level domains and are considered two trees in a forest when combined into a single directory as shown in Figure 4.1.
Continue reading here: The Role of the Forest
Was this article helpful?