A domain is a container in Active Directory that defines a logical boundary for objects that share common requirements for security, replication, and administration.
A domain is a security boundary within which objects (users, groups, computers, printers, and so on) can be managed. For example, all users in a domain can log on to the domain using their usernames and passwords. Domains also have their own security policy, called a domain security policy, that defines account policies such as password and account lockout settings. See Group Policy later in this chapter for more information on domain security policies.
A new domain is created when you install the first domain controller for the domain. Domains are also units of replication, for all domain controllers in a domain automatically replicate their Active Directory updates to one another. See Domain Controller later in this chapter for more information.
Domains share common administration, and members of the Domain Admins group have broad rights and permissions for performing administrative tasks on objects in the domain. These administrators can also delegate aspects of domain administration to other trusted users using the Delegation of Control Wizard. Administrators can add further structure to a domain by creating a hierarchy of OUs within the domain. Administrators can delegate authority over OUs to trusted users to allow them to perform specific administrative ...