Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
In Windows 2000, a ___domain defines an administrative boundary for a collection of objects that are relevant to a specific group of users on a network. A ___domain is an administrative boundary because administrative privileges do not extend to other domains and because each ___domain has a security policy that extends to all security accounts within the ___domain. Active Directory stores information about objects in one or more domains.
Domains can be organized into parent-child relationships to form a hierarchy. A parent ___domain is the ___domain directly superior in the hierarchy to one or more subordinate, or child, domains. A child ___domain also can be the parent of one or more child domains, as shown in Figure 1.1.
.gif "Cc978009.DSBB01(en-us,TechNet.10).gif")
Figure 1.1 Example of a Domain Hierarchy
This hierarchical structure is a change from the flat ___domain structure of Microsoft® Windows NT® version 4.0 and Microsoft® Windows NT® version 3.51. The ___domain hierarchy of Windows 2000 allows you to search multiple domains in one query because each level of the hierarchy has information about the levels that are immediately above it and below it. This hierarchy information eliminates the need for you to know the ___location of a particular object in order for you to find it. In Windows NT 4.0 and earlier, you must know both the ___domain and the server where the object is located in order to find it.
For more information about Active Directory searches, see "Name Resolution in Active Directory" in this book.