A container in Active Directory that defines a logical boundary for objects sharing common security requirements, administration, and replication.


Think of a domain as a security boundary. Within the boundary, objects (users, groups, computers, printers, and so on) share common security requirements. For example, all users in a domain can log on to the network using their username, password, and domain name. Domains also have their own security policy (Domain Security Policy), which defines account policies such as password and account lockout settings.

A domain is created when you install the first domain controller for the domain. This can be done either during Windows 2000 Setup or by promoting a standalone server to the role of domain controller using the Active Directory Installation Wizard. Domains are also units of replication: all domain controllers in a domain automatically replicate their Active Directory updates to each other. See domain controller in this chapter for more information.

Domains share common administration, and members of the Domain Admins group have full rights and permissions for performing any tasks they want on any object in the domain. These administrators can also delegate aspects of domain administration to other trusted users using the Delegation of Control Wizard. Administrators can add further structure to a domain by creating a hierarchy of OUs within the domain. An OU (organizational unit) is a container in Active ...

Get Windows 2000 Administration in a Nutshell now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.