Active Directory (AD)

What are subnets? 

Subnets map network addresses to sites

Subnets identify the network addresses that map computers to AD DS sites. A subnet is a segment of a TCP/IP network to which a set of logical IP addresses are assigned. A site can consist of one or more subnets.

Keep your subnet information up to date

When you design your AD DS site configuration, it’s critical that you correctly map IP subnets to sites. Similarly, if the underlying network configuration changes, make sure that you update the configuration to reflect the new site mapping. Domain controllers use the AD DS subnet information to map client computers and servers to sites. If this mapping isn’t accurate, operations such as logon traffic and applying GPOs are likely to occur across WAN links, and may be disruptive.

When to create more OUs? 

Although you can manage a small organization without creating additional OUs, even small organizations typically create an OU hierarchy. An OU hierarchy lets you subdivide the administration of your domain for management purposes. There are basically two reasons to create OUs.

Application of GPOs. To group objects together to make it easier to manage them by applying Group Policy Objects (GPOs) to the whole group. You can link GPOs to the OU, and the settings apply to all objects within the OU. For example, you create an OU for contractors who have different security requirements than full-time employees.

Delegation of control. To delegate administrative control of objects within the OU. You can assign management permissions on an OU, thereby delegating control of that OU to an AD DS user or group. For example, you create an OU to manage a satellite office in a different geographical location. Then, you delegate control of the OU to a group.

What is Active Directory Domain Services (AD DS)?

Active Directory Domain Services (AD DS)is a scalable, secure, and manageable infrastructure for user and resource management. AD DS is a Windows Server role that’s installed and hosted on a server known as a domain controller. AD DS uses Lightweight Directory Access Protocol (LDAP) to access, search, and change the directory service. LDAP is a based on the X.500 standard and TCP/IP.  

AD DS provides a centralized system for managing users, computers, and other resources on the network. AD DS features a centralized directory, single sign-on access, integrated security, scalability, and a common management interface.