12

QUARTER 1
LO 1: SET UP USER ACCESS

SELF- LEARNING MODULE 12 :

AD DS Forest and Schema

Writer/Illustrator/Layout Artist : Cyrus N. Caruz
Editor/Reviewer : Virgie M. Alfaras
Introductory Message
For the facilitator:

Welcome to the Technical Vocational Livelihood Education ICT Grade 12 CSS NC II

Module on Set Up User Access: AD DS Forest and Schema.
This module was collaboratively designed, developed and reviewed by educators
from Schools Division Office of Pasig City headed by its Officer-In-Charge Schools Division
Superintendent, Ma. Evalou Concepcion A. Agustin in partnership with the Local
Government of Pasig through its Mayor, Honorable Victor Ma. Regis N. Sotto.
The writers utilized the standards set by the K to 12 Curriculum using the Most Essential
Learning Competencies (MELC) while overcoming their personal, social, and economic
constraints in schooling.

This learning material hopes to engage the learners into guided and independent
learning activities at their own pace and time. Further, this also aims to help learners
acquire the needed 21st century skills especially the 5 Cs namely: Communication,
Collaboration, Creativity, Critical Thinking and Character while taking into consideration
their needs and circumstances.

In addition to the material in the main text, you will also see this box in the body of the
module:

Notes to the Teacher

This contains helpful tips or strategies
that will help you in guiding the learners.

As a facilitator you are expected to orient the learners on how to use this module.
You also need to keep track of the learners' progress while allowing them to manage their
own learning. Moreover, you are expected to encourage and assist the learners as they do
the tasks included in the module.
For the learner:

Welcome to the Technical Vocational Livelihood Education ICT Grade 12 CSS NC II

Module on Set Up User Access: AD DS Forest and Schema

The hand is one of the most symbolized part of the human body. It is often used to depict
skill, action and purpose. Through our hands we may learn, create and accomplish. Hence,
the hand in this learning resource signifies that you as a learner is capable and empowered
to successfully achieve the relevant competencies and skills at your own pace and time.
Your academic success lies in your own hands!

This module was designed to provide you with fun and meaningful opportunities for guided
and independent learning at your own pace and time. You will be enabled to process the
contents of the learning material while being an active learner.

This module has the following parts and corresponding icons:

Expectation - These are what you will be able to know after

completing the lessons in the module

Pre-test - This will measure your prior knowledge and the concepts
to be mastered throughout the lesson.

Recap - This section will measure what learnings and skills that
you understand from the previous lesson.

Lesson- This section will discuss the topic for this module.

Activities - This is a set of activities you will perform.

Wrap Up- This section summarizes the concepts and applications of

the lessons.

Valuing-this part will check the integration of values in the learning

competency.

Post-test - This will measure how much you have learned from
the entire module.
 EXPECTATION

After completing the lesson the learners should be able to:

A. differentiate Forest from Schema.
B. draw a sample schema of the domains.
C. cite the importance of Forest in the AD DS.

PRE–TEST

TRUE or FALSE

Directions: Read each item carefully. Write the word TRUE if the statement follows
the principles of schema or Forest in the Active Directory and FALSE
if not. Write your answer on a separate sheet of paper.

_______1. The AD DS Schema is the AD DS component that defines all object types and
attributes that AD DS uses to store data..
_______2. Tree is a collection of one or more forest.
_______3. The AD DS forest is a security boundary.
_______4. The Schema contains a few objects that do not exist in other
domain in the forest.
_______5. Trust relationship is a logical link established between two domains.

RECAP
TRUE or FALSE

Directions: Read each statement below carefully. Write T if the statement is correct and
F if not in the space provided before each number.
______1. An organizational unit (OU) is a container object within a domain that you
can use to consolidate users, groups, computer and other objects.
______2. In AD DS, user accounts provide a mechanism that you can use to authenticate
and then authorize users to access resources on the network.
______3. Every AD DS domain contains standard set of containers and OU that are
created when you install AD DS.
______4. You can assign GPOs to the OU and the settings apply to all objects within the
OU.
______5. Domain is the replication boundary.
 LESSON

AD DS Forest and Schema

Introduction

In our previous discussion, we have learned about the organizational unit which
is the container object within a domain that can use to consolidate users, groups,
computers and other objects.
And today’s lesson, we will be discussing another domains of active directory
Having these domains store and secure your data. This will also explain to you how
active directory is represented in an enterprise environment.

What is an AD DS Forest
Forest is a collection of one or more domain tree. A tree is a collection of one
or more domains. The first domain that is created in the forest is called the forest
root domain. The forest root domain contains a few objects that do not exist in other
domain in the forest.
For example, the forest root domain contains two special domain controller
roles, the schema master and the domain naming master.In addition, the Enterprise
Admins group and the Schema Admins group exist only in the forest root domain.
The Enterprise Admins group has full control over every domain within the forest.
The AD DS forest is a security boundary. This means that, by default, no users
from outside the forest can access any resources inside the forest. It also means that
administrators from outside the forest have no administrative access within the forest.
one of the primary reasons why organizations deploy multiple forest because they need
to isolate administrative permissions between different parts of the organization.

Fig. 1. Illustration of
forest
 What is AD DS Schema?

The AD DS Schema is the AD DS component that defines all object types

and attributes that AD DS uses to store data. It is sometimes referred to as the
blueprint for AD DS.
AD DS stores and retrieves information from a wide variety of applications
and services. AD DS standardizes how data is stored in the AD DS directory so
that it can store and replicate data from various sources. By standardizing how
data is stored, AD DS can retrieve, update andf replicate data, while ensuring that
the integrity of the data is maintained.
The illustration below shows the trust relationship from parents to child
domain:

Trust Trust
Relationship Relationship

Fig. 2. Showing the schema of the six domains.

With the example above, imagine that you have a secured organization which is
Slhspasig.com. who has all the secured files for all its teacher. And with the existence
of Covid 19 pandemic, Slhspasig.com needs a separate group of people to work with their
own domain and even hire a support staff like IT personnel. This separate department,
Slhspasig.clinic.com will be added to their original domain as a Child Domain. So,
Slhspasig.com is a Parent Domain. When you have two domains like these that shared
the same root namespace, in this case, Slhspasig.com, this is referred to as on the same
tree. Slhspasig.com is at the top of the tree so it is considered as the root tree.

Fig. 3. Parent (root tree) and child domains Fig.4. Adding another child domain
showing trust relationship on a the same root namespace.
as represented by a red
line.

To illustrate this better, you can add yet another domain for example, Slhspasig.
admin.com. as shown in fig. 4. For as long as Slhspasig.admin.com shares the
namespace, it is still part of the tree. Under Slhspasig.admin.com, you can still add
another child domains, for example Slhspasig.juniorhs.com and Slhspasig.seniorhs.com.
as shown below (fig.5):

Fig.5. Adding another child domains. Fig. 6. Adding another domain with different
namespace.

All of these domains share the Slhspasig.com namespace and thus, considered
to be on the same tree in AD DS. Each domain, however has its own groups of user,
computers and thus, each domain has its own active directory database. The advantage
of having domains like these in the tree is that active directory will automatically create
a trust relationship between the child and the parent domains (see fig.2). These trust
relationships allow each member of the domain to access resources in any other domain
as soon as they have access. Now, what would happen when you add another domain
that has different namespace to the other domains? Example, if we added the new
domain, SDOpasig.com. When this happens, SDOpasig.com will be part of the new tree.
We have now two trees: Slhspasig.com and SDOpasig.com. So far, we have looked at the
root domain and the child domain on their tree, but there is one structure that links all
these together called a FOREST.

So, why is there a need to have a forest?

All the domains in the
forest has something in
common. They share
what is called the
SCHEMA. As previously
defines the active direc-
tory database. It defines
what can be stored in
the database and the
structure of that data.
Each domain has its
own copy of the data-
base but it is the
schema that determines
its design and the
schema is shared bet -
ween all the domains in
the forest. When chan-
ges are made to the
schema, these changes
are replicated to every
domain in the forest.

The advantage of
having a forest is that
all domains in the forest also has trust relationship generated automatically, between
parent and child domains and between trees in the forest.

ACTIVITIES

Activity 1. Let DRAW IT!!

Creating a Schema

Direction: On your separate worksheet, draw a sample of a schema with the following
domains:

1. Root Domain = abscbn.com

2. Child Domains:
 a. abscbn.security.com
b. abscbn.broadcasting.com
c. abs.cbn.entertainment.com
d. abscbn.news.com
e. gma.com
3. To show the trust relationship, make a thick line between the domains.

Rubrics:
1. Design – 5 points
2. Trust relationship -2 points
3. Short explanation within and across the domains- 3 points
TOTAL = 10 points

W RA P – U P

Forest is a collection of one or more domain tree. A tree is a collection of one

or more domains. The first domain that is created in the forest is called the forest
root domain. The forest root domain contains a few objects that do not exist in other
domain in the forest. The AD DS Schema is the AD DS component that defines all object
types and attributes that AD DS uses to store data. It is sometimes referred to as the
blueprint for AD DS.

VALUING

What is the importance of having a forest in the AD DS?

___________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
 POST TEST

Identification

Directions: Read and understand the following statement below. Identify the following
statement and write the correct term on the space provided before each
item. Do this on a worksheet for this activity.

______1. It is a collection of one or more domain tree

_____2. It is a collection of one or more domains.
_____3. It is the AD DS component that defines all object types and attributes that AD
DS uses to store data.
______4. It is a logical link established between two domains.
______5. The first domain that is created in the forest
 KEY TO CORRECTION

E. TRUE Domain
a thick line between the domains.
D. FALSE 5. Root
3. To show the trust relationship, make
Relationship e. anc.com
C. TRUE
4. Trust d. abscbn.news.com
B. FALSE c. abs.cbn.entertainment.com
3. Schema
b. abscbn.broadcasting.com
A. TRUE
2. Tree a. abscbn.security.com
PRETEST : 2. Child Domains:
1. Forest
1. Root Domain = abscbn.com
POST TEST with the following domains:
5. T
schema
4. T Direction: On your separate worksheet, draw a sample of a
Let the students draw the SCHEMA using the following :
3. T
Creating a Schema Let’s DRAW IT!
2. T
ACTIVITY
1. T
RECAP

R E F E R E N CE S

Online Sites:
https://www.gocit.vn/files/Sams.Windows.Server.2008.R2.Unleashed-www.gocit.vn.pdf
(access July 24, 2020)

http://tutorial.programming4.us/windows_server/Windows-Server-2008-R2---Server-
Manager-Diagnostics-Page.aspx (access July 26, 2020)

Images:

Set Up Computer Servers

Cover Page was designed using Adobe Photoshop 2018 photo manipulation.
https://www.computerhope.com/jargon/s/server.htm
(accessed June 20, 2020)

http://www.itgeared.com/articles/1016-active-directory-trust-relationships
(accessed Augus 4, 2020)

All images in each figure were originally captured by the writer via Microsoft paint
Windows 10 version 1903(OS Build 18362.900).Copyright 2019 by Microsoft Corp.
from Windows Server 2008 R2 Software