Domain resides within a forest.
You will run across two terms when working with Active Directory – domain and forest.
A forest is the top tier in the Active Directory.
Any folders that you create for yourself inside AD are going to be OUs (Organizational Units).
OUs are structural containers that we use inside Active Directory in order to organize our objects and keep them all in useful places.
Just like with folders on a file server, you can create your own hierarchy of organizational units.
Another useful unit of organization inside Active Directory is security groups.
Suppose, we have an employee that handles some HR and some accounting responsibilities. File and folder permissions on our file servers are typically managed by individualized or group-based access to read and write into particular folders.
Susie from HR needs to have access to the payroll folder but Jim from HR does not. Both Susie and Jim reside inside the same OU, so at that level, they will have the same permissions and capabilities but we clearly need a different way to distinguish between them so that only Susie gets access to payroll information.
By creating security groups inside Active Directory, we grant ourselves the ability to add and remove specific user accounts, computer accounts or even other groups so that we can granularly define access to our resources.
Feww!
There’s lot to come ahead, stay tuned!