1
00:00:06,490 --> 00:00:08,290
What is at the main.

2
00:00:08,320 --> 00:00:15,040
At the main is a logical container for managing user, computer group and other objects.

3
00:00:15,070 --> 00:00:23,680
The Active Directory database stores all domain objects and each domain controller stores a copy of

4
00:00:23,680 --> 00:00:24,860
the database.

5
00:00:24,880 --> 00:00:30,100
The Active Directory database includes many types of objects.

6
00:00:30,100 --> 00:00:36,790
The most commonly used objects are user accounts, computer accounts and groups.

7
00:00:36,850 --> 00:00:40,810
Let me briefly describe these three object types.

8
00:00:40,900 --> 00:00:48,820
User accounts contain information about users, of course, including the information required to authenticate

9
00:00:48,820 --> 00:00:55,060
a user during the signing process and build the user success token.

10
00:00:55,090 --> 00:00:56,710
Computer Accounts.

11
00:00:56,740 --> 00:01:02,380
Each domain joint computer has an account in Active Directory.

12
00:01:02,440 --> 00:01:12,100
User can use computer accounts for domain giant computers in the same way that you can use user accounts

13
00:01:12,100 --> 00:01:13,210
for users.

14
00:01:13,210 --> 00:01:17,380
And the third type of object is groups.

15
00:01:17,410 --> 00:01:26,230
Groups organize users and computers or computers to make it easier to manage permissions and group policy

16
00:01:26,230 --> 00:01:27,130
in the domain.

17
00:01:27,160 --> 00:01:32,320
Now we have Active Directory domain as a replication boundary.

18
00:01:32,350 --> 00:01:38,560
As you might remember from previous lesson, when you make changes to any object in the domain, the

19
00:01:38,560 --> 00:01:45,730
domain controller where the change occurred replicates the change to all other domain controllers in

20
00:01:45,730 --> 00:01:46,540
the domain.

21
00:01:46,570 --> 00:01:54,100
If multiple domains exist in the forest, only subsets of the changes replicate to other domains.

22
00:01:54,130 --> 00:02:03,760
AIDS uses a multi master replication model that allows every domain controller to make changes to objects

23
00:02:03,760 --> 00:02:04,810
in the domain.

24
00:02:04,930 --> 00:02:11,380
Active Directory allows a single domain to contain nearly 2 billion objects.

25
00:02:11,470 --> 00:02:18,730
With this much capacity, most organisations can deploy only a single domain to ensure that all domain

26
00:02:18,730 --> 00:02:22,100
controllers contain all domain information.

27
00:02:22,120 --> 00:02:31,870
However, organisations with decentralised administrative structures or multiple locations might consider

28
00:02:31,870 --> 00:02:39,730
implementing multiple domains in the same forest to accommodate their administrative needs.

29
00:02:39,760 --> 00:02:44,230
The Active Directory domain is an administrative centre.

30
00:02:44,260 --> 00:02:50,870
The domain contains an administrator account and a domain admins group.

31
00:02:50,890 --> 00:02:59,140
By default, the administrator account is a member of the Domain Admins Group and the Domain Admins

32
00:02:59,140 --> 00:03:06,040
Group is a member of every local administrators group of domain giant computers.

33
00:03:06,070 --> 00:03:15,580
Also, by default, the domain admins group members have full control over every object in the domain.

34
00:03:15,610 --> 00:03:22,750
The administrator account in the forest root domain has additional rights, as I have already mentioned,

35
00:03:22,750 --> 00:03:27,070
in what is an AIDS forest lesson.

36
00:03:27,070 --> 00:03:34,360
So please remember that administrator account in the forest root domain has additional rights.

37
00:03:34,390 --> 00:03:36,580
Refer to the previous lesson.

38
00:03:36,580 --> 00:03:42,410
If you don't remember, it has something to do with schema master role.

39
00:03:42,430 --> 00:03:48,730
Another feature of Active Directory domain that it provides authentication.

40
00:03:48,730 --> 00:03:58,450
Whenever a domain joint computer starts or a user signs in to a domain joint computer adds.

41
00:03:58,450 --> 00:04:06,910
Authenticated authentication helps to verify that the computer or user has the proper credentials for

42
00:04:06,910 --> 00:04:08,620
an account.

43
00:04:08,650 --> 00:04:17,770
The next feature is that Domain provides authorization, Windows Operating Systems Use Authorization

44
00:04:17,770 --> 00:04:24,670
and access control technologies to allow authenticated users to access resources.

45
00:04:24,700 --> 00:04:30,460
Typically, authorization occurs locally at the resource level.

46
00:04:30,490 --> 00:04:38,440
Domain based dynamic access control enables central access rules to control the access to resources.

47
00:04:38,440 --> 00:04:46,630
Central access rules do not replace the current access control technology, but provide an additional

48
00:04:46,630 --> 00:04:47,980
level of control.

49
00:04:48,010 --> 00:04:55,990
Please remember that Dynamic Access Control is a feature introduced in Windows Server 2012 and allows

50
00:04:55,990 --> 00:05:01,210
administrators to define rules that control access permissions.