1
00:00:07,000 --> 00:00:14,140
In a complex a tedious environment it's essential that you understand how the various components such

2
00:00:14,140 --> 00:00:24,930
as organizational units domains and forests form boundaries for authentication resource access and searches.

3
00:00:24,940 --> 00:00:31,470
This lesson describes the types of boundaries that aided is demand sound forest provide.

4
00:00:31,630 --> 00:00:39,610
These boundaries usually form the criteria for a then whether an organization deploys multiple domains

5
00:00:39,610 --> 00:00:45,000
or forests next two lessons will cover this in more detail.

6
00:00:45,010 --> 00:00:50,880
Please note that the forest is the only real security boundary in 82 years.

7
00:00:51,070 --> 00:00:59,560
Within an 80 days forest domains do not provide a complete security boundary because account such as

8
00:00:59,830 --> 00:01:07,240
the Enterprise admins group from the forest through route domain have administrative permissions in

9
00:01:07,240 --> 00:01:08,320
each domain.

10
00:01:08,350 --> 00:01:16,870
Now ADT has demand sound forests provide different types of boundaries in an 80 days deployment and

11
00:01:17,230 --> 00:01:24,610
an understanding of the different types of boundaries is essential to manage a complex 80 days in a

12
00:01:24,610 --> 00:01:25,630
wire moment.

13
00:01:25,660 --> 00:01:30,170
Let's take a closer look at ADT as domain boundaries.

14
00:01:30,220 --> 00:01:37,840
An Active Directory Domain provides the following boundaries replication boundaries for the domain partition

15
00:01:38,170 --> 00:01:45,870
all aided as objects that exist in a single domain are stored in the domain partition in the ADA it

16
00:01:45,880 --> 00:01:49,960
is database on each domain controller in the domain.

17
00:01:50,050 --> 00:01:58,630
The application process ensures that all organization updates replay key to all of the other domain

18
00:01:58,630 --> 00:02:05,800
controller in the same domain data in the domain partition does not replicate the domain controllers

19
00:02:06,100 --> 00:02:07,910
in other forests.

20
00:02:08,020 --> 00:02:16,390
The next boundary is administration boundary by default on ADT as domain includes several groups such

21
00:02:16,390 --> 00:02:25,060
as the domain admins group the domain sediments group has full administrative control over the domain.

22
00:02:25,060 --> 00:02:32,530
You can also assign administrative permissions to user accounts and groups within domains with the exception

23
00:02:32,530 --> 00:02:40,030
of the enterprise sediments group in the forest through domain administrative accounts do not have any

24
00:02:40,150 --> 00:02:46,660
administrative rights in other domains in the forest or in other forests.

25
00:02:46,660 --> 00:02:54,910
The next boundaries group policy application boundary you can link group policies sadness at the following

26
00:02:54,910 --> 00:03:01,150
levels local site domain and organizational unit.

27
00:03:01,150 --> 00:03:09,580
Apart from site level group policies settings the scope of group policy is the aid it is domain.

28
00:03:09,580 --> 00:03:15,910
There is no inheritance of group policies sentence from one end it is the main to another.

29
00:03:16,210 --> 00:03:24,760
Even if 180 days domain is lower in the hierarchy than are there in a domain 3 the next boundary is

30
00:03:25,090 --> 00:03:26,630
audit and boundary.

31
00:03:26,630 --> 00:03:31,660
Auditing is central and managed by use in group policy objects.

32
00:03:31,800 --> 00:03:36,740
The maximum scope of this sentence in the edit is domain.

33
00:03:36,910 --> 00:03:45,100
You can have the same audit sentence indifferent to 80 days demands but you must manage them separately

34
00:03:45,430 --> 00:03:46,780
in each domain.

35
00:03:46,780 --> 00:03:55,480
The next boundaries replication boundary for domain name system zones one of the options when you configure

36
00:03:55,480 --> 00:04:04,750
DNS zones in a in an edit is in one moment is to configure Active Directory integrated zones.

37
00:04:04,750 --> 00:04:13,570
This means that instead of local is storing DNS records and text files on each DNS server they are stored

38
00:04:13,570 --> 00:04:17,450
and replicated in the ADT database.

39
00:04:17,550 --> 00:04:26,230
The administrator can then decide whether to replicate the DNS information to all domain control or

40
00:04:26,230 --> 00:04:34,420
so the domain regardless of whether they are DNS servers or replicate them to all domain controllers

41
00:04:34,720 --> 00:04:43,740
that are DNS servers in the domain or replicate them to all the main controllers that are DNS servers

42
00:04:43,840 --> 00:04:44,740
in the forest.

43
00:04:44,950 --> 00:04:51,580
So this is you to decide how to replicate this DNS information by default.

44
00:04:51,580 --> 00:04:59,200
When you deploy the first domain controller in an entity as domain and configure that server as a DNS

45
00:04:59,200 --> 00:05:09,220
server to separate application partitions which are domain DNS zones and as darkness zones are created

46
00:05:09,580 --> 00:05:19,840
the domain DNS zones partition contains domain specific DNS records and is replicated only to other

47
00:05:19,840 --> 00:05:26,710
DNS servers that are also Active Directory Domain Controllers in the domain.

48
00:05:26,740 --> 00:05:32,010
So all these boundaries are active directory domain boundaries.

49
00:05:32,020 --> 00:05:36,620
Now let's review Active Directory forest boundaries and did.

50
00:05:36,670 --> 00:05:45,220
Forest provides the following boundaries security boundary the forest boundary is a security boundary

51
00:05:45,460 --> 00:05:54,930
because by default no account outside the forest has any administrative permissions inside the forest.

52
00:05:55,030 --> 00:06:03,370
The next forest boundary is replication boundary for the schema partition the schema partition contains

53
00:06:03,490 --> 00:06:08,820
the rules and syntax for the edit is database.

54
00:06:08,830 --> 00:06:14,680
This is replicated to all the domain controllers in the 80 days forest.

55
00:06:14,800 --> 00:06:21,230
The next forest boundary is a replication boundary for the configuration partition.

56
00:06:21,230 --> 00:06:29,980
The configuration partition contains details about the edit it is the main layout including domains

57
00:06:30,220 --> 00:06:40,690
domain controllers replication partners site and subnet information and dynamic Host Configuration Protocol

58
00:06:40,990 --> 00:06:45,960
authorisation or dynamic access control configuration.

59
00:06:46,050 --> 00:06:54,420
The configuration partition also contains information about applications that integrate with the edit

60
00:06:54,460 --> 00:06:55,630
is database.

61
00:06:55,690 --> 00:06:59,170
For example Microsoft Exchange server.

62
00:06:59,170 --> 00:07:04,090
This partition is replicated to all domain controllers in the forest.

63
00:07:04,150 --> 00:07:09,480
The next boundary is replication boundary for the global catalogue.

64
00:07:09,520 --> 00:07:18,550
The global catalogue is on the list that contains every object in the entire 80 days forest to keep

65
00:07:18,550 --> 00:07:20,860
it to a manageable size.

66
00:07:20,860 --> 00:07:26,340
The global catalog contains only some attributes for each object.

67
00:07:26,410 --> 00:07:33,130
The global catalog is replicated to all domain controllers in the entire forest.

68
00:07:33,130 --> 00:07:40,750
There are also global catalog sorrows and the last forest boundary is a replication boundary for the

69
00:07:41,050 --> 00:07:43,330
forest DNS zones.

70
00:07:43,450 --> 00:07:51,310
The forest DNS zones partition is replicated to all domain controllers in the entire forest that are

71
00:07:51,310 --> 00:07:53,040
also DNS servers.

72
00:07:53,050 --> 00:08:01,330
This zone contains the records that are important to enable forest wide DNS name resolution.