3.1 Domain Naming Context
Each Active Directory domain is represented by a
Domain NC, which
holds the domain-specific data. The root of this NC is represented by
a domain's distinguished name (DN). For example, the
mycorp.com domain's DN would be
dc=mycorp,dc=com. Each domain controller in the
domain replicates a copy of the Domain NC.
Table 3-1 contains a list of the default top-level
containers found in a Domain NC. Note that to see all of these
containers with the Active Directory Users and Computers (ADUC)
snap-in, you must select View  Advanced Features
from the menu. Alternatively, you can browse all of these containers
with the ADSI Edit tool available in the Windows Support Tools on any
Windows Server 2003 or Windows 2000 CD.
Table 3-1. Default top-level containers of a Domain NC
|
cn=Builtin
|
Container for predefined built-in local security groups. Examples
include Administrators, Users and Account Operators.
|
|
cn=Computers
|
Default container for computer objects representing member servers
and workstations.
|
|
ou=Domain Controllers
|
Default organizational unit for computer objects representing domain
controllers.
|
|
cn=ForeignSecurityPrincipals
|
Container for placeholder objects representing members of groups in
the domain that are from a domain external to the forest.
|
|
cn=LostandFound
|
Container for orphaned objects.
|
|
cn=NTDS Quotas
|
Container to store quota objects, which are used to restrict the
number of objects a security principal can create in a partition or
container. This container is new in Windows Server 2003.
|
|
cn=Program Data
|
Container for applications to store data instead of using a custom
top-level container. This container is new in Windows Server 2003.
|
|
cn=System
|
Container for miscellaneous domain configuration objects. Examples
include trust objects, DNS objects, and group policy objects.
|
|
cn=Users
|
Default container for user and group objects.
|
|
