The Domain is the core unit of logical structure in Active
Directory. Grouping objects into one or more domains allows a company’s
organization to be reflected in its network.
All network objects exist within a domain, and each domain
stores information only about the objects it contains (objects that belong to
that domain).
A domain boundary contains objects to which access is
restricted by the use of Access Control Lists (ACLs), populated by Access
Control Entries (ACEs). All security
polices and settings, such as administrative rights, security policies, and
Access Control Lists (ACLs), do not cross from one domain to another, thus a
domain administrator has absolute rights to set policies only within domain
they belong to.
Domains provide the following three functions:
●
An administrative boundary for objects
●
A means of managing security for shared
resources
●
A unit of replication for objects
No comments:
Post a Comment