SCN Wiki upgrade to version 6.13 on Tuesday 19.11.2019 - beginning 07:30 am CET

During upgrade process new content will not be transported to new Wiki version

Registration

Dear SAP Community Member,
In order to fully benefit from what the SAP Community has to offer, please register at:
http://scn.sap.com
Thank you,
The SAP Community team.
Skip to end of metadata
Go to start of metadata

Purpose

This Document explains the terminologies that we come across during configuration of Active Directory with Business Objects in Windows
It also explains how to view Active directory trusts using microsoft management console.

Overview

The Document contains the following

1.What are Domains
2.Organizational Units
3.Domain Trees
4.Forests
5.Site Objects
6.To view Active Directory Trusts using Microsoft Management Console (mmc).

 

What Are Domains

 

Domains are logical directory components that you create to manage the administrative requirements of your organization. The logical structure is based on the administrative requirements of an organization, such as the delegation of administrative authority, and operational requirements, such as the need to control replication. In general, domains are used to control where in the forest replication of domain data occurs and organizational units are used to further organize network objects into a logical hierarchy and delegate control to appropriate administrative support personnel.

A domain is a partition in an Active Directory forest. Partitioning data enables organizations to replicate data only to where it is needed. In this way, the directory can scale globally over a network that has limited available bandwidth. Domains can also be defined as:

  • Containers within a forest
  • Units of Policy
  • Units of Replication
  • Authentication and Authorization Boundaries
  • Units of Trust

Each domain has a domain administrators group. Domain administrators have full control over every object in the domain. These administrative rights are valid within the domain only and do not propagate to other domains

.

Organizational Units

Organizational units are container objects. You use these container objects to arrange other objects in a manner that supports your administrative purposes. By arranging objects in organizational units, you make it easier to locate and manage them. You can also delegate the authority to manage an organizational unit. Organizational units can be nested in other organizational units.

You can arrange objects that have similar administrative and security requirements into organizational units. Organizational units provide multiple levels of administrative authority, so that you can apply Group Policy settings and delegate administrative control. This delegation simplifies the task of managing these objects and enables you to structure Active Directory to fit your organization’s requirements

Domain Trees

Domain trees are collections of domains that are grouped together in hierarchical structures. When you add a domain to a tree, it becomes a child of the tree root domain. The domain to which a child domain is attached is called the parent domain.
A child domain might in turn have its own child domain. The name of a child domain is combined with the name of its parent domain to form its own unique Domain Name System (DNS) name such as Corp.nwtraders.msft. In this manner, a tree has a contiguous namespace

Forests

forest is a complete instance of Active Directory. Each forest acts as a top-level container in that it houses all domain containers for that particular Active Directory instance. A forest can contain one or more domain container objects, all of which share a common logical structure, global catalog, directory schema, and directory configuration, as well as automatic two-way transitive trust relationships. The first domain in the forest is called the forest root domain. The name of that domain refers to the forest, such as Nwtraders.msft. By default, information in Active Directory is shared only within the forest. In this way, the forest is a security boundary for the information that is contained in that instance of Active Directory

Site Objects

Sites are leaf and container objects. The sites container is the topmost object in the hierarchy of objects that are used to manage and implement Active Directory replication. The sites container stores the hierarchy of objects that are used by the Knowledge Consistency Checker (KCC) to effect the replication topology. Some of the objects located in the sites container include NTDS Site Settings objects, subnet objects, connection objects, server objects, and site objects (one site object for each site in the forest). The hierarchy is displayed as the contents of the Sites container, which is a child of the Configuration container


To view Active Directory Trusts using Microsoft Management Console (mmc)

From a windows 2000 or 2003 server go to the Start menu, select Run then type mmc

 

Select from the file menu Add Remove snap-in, click Add, Doubleclick Active Directory Domains and Trusts, then close, and ok


Expand the + in front of Active direcotry Domains, select your parent domain, (winauthtz.com in my screenshot) right click properties, then click the Trusts tab(see screenshot below)

 

                                                                                                      

Transitive trusts types are ...

Child
Tree Root
Forest
The transitive column on the right will indicate if the trust is transitive

A 2-way trust must exist as both incoming and outgoing 

 

Related Content 

http://technet.microsoft.com/en-us/library/cc961481.aspx

Related SAP Notes/KBAs

Insert links to any related notes/KBAs that support your topic or are related. Please hyperlink ONLY Note or KBA number.

https://service.sap.com/sap/support/notes/1384606