You must understand how Active Directory is put together to make good security decisions. Five key structural components make up Active Directory. Each component has a distinct function and security considerations that follow. To understand how each component fits into the overall scheme of Active Directory, you must first understand the details about each component. Then we can start to put the different components together with regard to functionality and security. The key components include domain, tree, forest, organizational unit, and site.

As you read through each structural component description, consider that domains, trees, forest, and sites are not only integral with Active Directory but also integral with DNS. Active Directory relies on DNS to ensure that the information stored in the DNS database is reliable and secured. If DNS is compromised or becomes unstable, aspects such as name resolution, domain controller location, Kerberos, and GPOs would fail. This will leave the IT infrastructure vulnerable and in a state of weakened security.