Active Directory Domain Services

"Microsoft Windows 2000 Server introduces Active Directory to replace domain functionality. Active Directory will continue to get the job done, but in a much more efficient way. Active Directory can be replicated between multiple domain controllers, so no single system is critical. In this way, the crucial data stored within Active Directory is both redundant and load-balanced.
A directory, in the most generic sense, is a comprehensive listing of objects. A phone book is a type of directory that stores information about people, businesses, and government organizations. Phone books typically record names, addresses, and phone numbers. Active Directory is similar to a phone book in several ways, and it is far more flexible. Active Directory will store information about organizations, sites, systems, users, shares, and just about any other network object that you can imagine. Not all objects are as similar to each other as those stored in the phone book, so Active Directory includes the ability to record different types of information about different objects." [technet.microsoft.com/ en-us/ library/ bb742424.aspx]
The AD diagram example "Active Directory structure diagram" was created using the ConceptDraw PRO diagramming and vector drawing software extended with the Active Directory Diagrams solution from the Computer and Networks area of ConceptDraw Solution Park.

This example was drawn on the base of the Figure 2 illustrating the "Active Directory FAQ" from the website "Information Management Systems & Services" (IMSS) of the California Institute of Technology (Caltech) campus. [imss.caltech.edu/ node/ 412]
"By using the Active Directory® Domain Services (AD DS) server role, you can create a scalable, secure, and manageable infrastructure for user and resource management, and you can provide support for directory-enabled applications, such as Microsoft® Exchange Server. ...
AD DS provides a distributed database that stores and manages information about network resources and application-specific data from directory-enabled applications. Administrators can use AD DS to organize elements of a network, such as users, computers, and other devices, into a hierarchical containment structure. The hierarchical containment structure includes the Active Directory forest, domains in the forest, and organizational units (OUs) in each domain. A server that is running AD DS is called a domain controller." [technet.microsoft.com/ en-us/ library/ 9a5cba91-7153-4265-adda-c70df2321982]
The Active Directory Domain Services diagram example was created using the ConceptDraw PRO diagramming and vector drawing software extended with the Active Directory Diagrams solution from the Computer and Networks area of ConceptDraw Solution Park.

This AD diagram example was redesigned from the picture "Single root domain with a structured OU model" from the book "Active Directory for Dummies".
"A domain is the cornerstone that you lay whenever you create trees and forests. Regardless of whether you design a tree or a forest, the starting point is always the root domain. The root domain is the first domain that you create in your AD structure, and it sits at the top of your diagram.
The root domain of your tree, similar to any other domain, is a grouping of
resources built on the following components:
(1) Domain controllers.
(2) Security policies. ...
For many small and medium-sized companies, a single root domain with a
structured OU (organizational unit) model... provides sufficient flexibility for an AD tree. ...
However, larger companies, companies with complex organization charts, and
companies with multiple sites often find that a single domain isn’t suitable." [Steve Clines and Marcia Loughry, Active Directory® For Dummies®, 2nd Edition. 2008]
The Active Directory diagram example "Single root domain with a structured OU model" was created using the ConceptDraw PRO diagramming and vector drawing software extended with the Active Directory Diagrams solution from the Computer and Networks area of ConceptDraw Solution Park.

Active Directory Diagrams visualize the detail structures of the Microsoft Windows networks, Active Directory Domain topology, the Active Directory Site topology, the Organizational Units (OU), and the Exchange Server Organization. They are used to visually document the Microsoft Active Directory network detail structure for network designing, and for managing the control access to printers and files, the access and security, the traffic flow optimization in local and wide area nets, the network equipment maintenance and repair, the data backup, storage, and recovery.
The Active Directory diagram template for the ConceptDraw PRO diagramming and vector drawing software is included in the Active Directory Diagrams solution from the Computer and Networks area of ConceptDraw Solution Park.

This Active Directory network diagram example depicts types of groups and people assignment rules.
Architecture groups in a Windows Active Directory 2003:
(1) The arrow indicates "may be a member of."
(2) Dotted: Functionality limited to Windows 2003 (without the Windows 2000 compatibility).
(3) Red: Setting possible, but not recommended.
It was drawn on the base of Wikimedia Commons file: AD2003.JPG. [commons.wikimedia.org/ wiki/ File:AD2003.JPG]
This file is licensed under the Creative Commons Attribution-Share Alike 3.0 Unported license. [creativecommons.org/ licenses/ by-sa/ 3.0/ deed.en]
The Active Directory network diagram example "Tree and Forest (Full Trust)" was created using the ConceptDraw PRO diagramming and vector drawing software extended with the Active Directory Diagrams solution from the Computer and Networks area of ConceptDraw Solution Park.

This AD diagram example was created based on the picture "AD LDS as a phone book service" from the book "Active Directory for Dummies".
"Directory services are a great way of providing information that can be fre-
quently retrieved and searched on in a hierarchical way. ... Well, there’s no reason that you can’t create a directory service that’s actually a phone book. Imagine that you need to make a searchable phone directory of your organization available on the Internet. ... This isn’t a difficult task, but it has security repercussions. If you’ve already deployed AD DS and you have the employees’ phone numbers available in that directory, it might not be a good idea to expose your AD DS environment to the Internet for security reasons. Using AD LDS is a great alternative because it can be deployed separately from AD DS and it’s designed to simply provide the information retrieval service that you need without the complications involved with Kerberos authentication and group policies." [Steve Clines and Marcia Loughry, Active Directory® For Dummies®, 2nd Edition. 2008]
The Active Directory diagram example "AD LDS as a phone book service" was created using the ConceptDraw PRO diagramming and vector drawing software extended with the Active Directory Diagrams solution from the Computer and Networks area of ConceptDraw Solution Park.

The vector stencils library "Active Directory Sites and Services" contains 12 symbol icons of Active Directory Sites and Services design elements for drawing high-level network topology plan diagrams.
"Active Directory® Sites and Services is a Microsoft Management Console (MMC) snap-in that you can use to administer the replication of directory data among all sites in an Active Directory Domain Services (AD DS) forest. This snap-in also provides a view of the service-specific objects that are published in AD DS. ...
Administrators who are responsible for forest-wide service administration can use Active Directory Sites and Services to manage the intersite replication topology for the forest. Administrators who are responsible for application services can be delegated responsibility for the service containers into which application-specific objects are published.
When you add the Active Directory Domain Services server role to a server, Active Directory Sites and Services is added to the Administrative Tools menu." [technet.microsoft.com/ en-us/ library/ cc730868.aspx]
The symbols example "Active Directory Sites and Services - Vector stencils library" was created using the ConceptDraw PRO diagramming and vector drawing software extended with the Active Directory Diagrams solution from the Computer and Networks area of ConceptDraw Solution Park.
www.conceptdraw.com/ solution-park/ active-directory-diagrams

This AD diagram example was redesigned from the picture "Site links" from the book "Active Directory for Dummies".
"Site links represent the Active Directory replication paths between sites.
These paths are manually defined so that the designer has control over which network links the replication traffic occurs on. These site links also control how clients are directed to domain controllers when there’s no DC in the client’s local site. Each site link has the following attributes:
(1) Connected sites: A site link is defined by the sites to which it connects. A site link can connect two or more sites together.
(2) Network transport: Site links support replication communication over IP-based RPCs or with the Simple Mail Transport Protocol (SMTP). You normally want to use RPC whenever possible, but you can use SMTP when the sites you’re linking don’t support RPC.
(3) Cost: Each site link has a cost associated with it. Costs are used to assign preferences to links that determine which link should be followed when multiple link paths are available between sites. The cost represents what it “costs” to use this site link relative to the other site links and affects replication traffic as well as how users are assigned a domain controller. Links with lower cost values have preference over links with higher cost values. Cost values range from 1–32,767; the default being 100.
(4) Frequency: The frequency value defines how often a replication occurs
when using this site link (the replication latency). You can configure the time between replications from a minimum of 15 minutes to a maximum of 10,080 minutes (one week). The default frequency is 180 minutes.
(5) Schedule: The schedule dictates when this link is active and available for replication between the sites. The schedule can also control which days of the week the link is available. Normally, the schedule is set so that the link is available 24 hours a day, but you can set up different schedules on a per-day-of-the-week basis.
By creating a site link, you enable two or more sites to be connected and to share the same site link attributes (transport, cost, frequency, and schedule). By default, site links create transitive connectivity between sites.
If you create a site link between sites A and B and another site link between
sites B and C, an automatic connection (known as a site link bridge) is created between sites A and C..." [Steve Clines and Marcia Loughry, Active Directory® For Dummies®, 2nd Edition. 2008]
The Active Directory diagram example "Site links" was created using the ConceptDraw PRO diagramming and vector drawing software extended with the Active Directory Diagrams solution from the Computer and Networks area of ConceptDraw Solution Park.

The vector stencils library "Active Directory" contains 20 symbols of Active Directory elements for drawing AD network diagrams. It helps network and system administrators to visualize Microsoft Windows Active Directory structures for network design, installation and maintainance.
"An Active Directory structure is an arrangement of information about objects. The objects fall into two broad categories: resources (e.g., printers) and security principals (user or computer accounts and groups). Security principals are assigned unique security identifiers (SIDs).
Each object represents a single entity - whether a user, a computer, a printer, or a group - and its attributes. Certain objects can contain other objects. An object is uniquely identified by its name and has a set of attributes - the characteristics and information that the object represents - defined by a schema, which also determines the kinds of objects that can be stored in Active Directory.
The schema object lets administrators extend or modify the schema when necessary. However, because each schema object is integral to the definition of Active Directory objects, deactivating or changing these objects can fundamentally change or disrupt a deployment. Schema changes automatically propagate throughout the system. Once created, an object can only be deactivated - not deleted. Changing the schema usually requires planning. Sites are implemented as a set of well-connected subnets." [Active Directory. Wikipedia]
The AD symbols example "Active Directory - Vector stencils library" was created using the ConceptDraw PRO diagramming and vector drawing software extended with the Active Directory Diagrams solution from the Computer and Networks area of ConceptDraw Solution Park.
www.conceptdraw.com/ solution-park/ active-directory-diagrams

The vector stencils library "Active Directory Sites and Services" contains 12 symbol icons for drawing AD network topology diagrams.
"Active Directory® Sites and Services is a Microsoft Management Console (MMC) snap-in that you can use to administer the replication of directory data among all sites in an Active Directory Domain Services (AD DS) forest. This snap-in also provides a view of the service-specific objects that are published in AD DS. ...
Administrators who are responsible for forest-wide service administration can use Active Directory Sites and Services to manage the intersite replication topology for the forest. Administrators who are responsible for application services can be delegated responsibility for the service containers into which application-specific objects are published." [technet.microsoft.com/ en-us/ library/ cc730868.aspx]
The shapes example "Design elements - Active Directory Sites and Services" for the ConceptDraw PRO diagramming and vector drawing software is icluded in the Active Directory Diagrams solution from the Computer and Networks area of ConceptDraw Solution Park.