Designing the Logical Structure

Applies to: Windows Server 2022, Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, Windows Server 2012

Active Directory Domain Services (AD DS) enables organizations to create a scalable, secure, and manageable infrastructure for user and resource management. It also enables them to support directory-enabled applications.

A well-designed Active Directory logical structure provides the following benefits:

  • Simplified management of Microsoft Windows-based networks that contain large numbers of objects

  • A consolidated domain structure and reduced administration costs

  • The ability to delegate administrative control over resources, as appropriate

  • Reduced impact on network bandwidth

  • Simplified resource sharing

  • Optimal search performance

  • Low total cost of ownership

A well-designed Active Directory logical structure facilitates the efficient integration of such features as Group Policy; desktop lockdown; software distribution; and user, group, workstation, and server administration into your system. In addition, a carefully designed logical structure facilitates the integration of Microsoft and non-Microsoft applications and services, such as Microsoft Exchange Server, public key infrastructure (PKI), and a domain-based distributed file system (DFS).

When you design an Active Directory logical structure before you deploy AD DS, you can optimize your deployment process to best take advantage of Active Directory features. To design the Active Directory logical structure, your design team first identifies the requirements for your organization and, based on this information, decides where to place the forest and domain boundaries. Then, the design team decides how to configure the Domain Name System (DNS) environment to meet the needs of the forest. Finally, the design team identifies the organizational unit (OU) structure that is required to delegate the management of resources in your organization.

In this guide