Defining OUs to Administer Group Policy
Recall that group policies are collections of user and computer configuration settings that can be linked to computers, sites, domains, and OUs to specify the behavior of users’ desktops. To create a specific desktop configuration for a particular group of users, you create Group Policy Objects (GPOs), which are collections of Group Policy settings. By linking GPOs to OUs, GPOs can be applied to either users or computers in the OU. Group Policy is discussed in more detail in Chapter 11, “Administering Group Policy.”
Defining OUs to Hide Objects
Your organization might require that certain domain objects, such as objects within an OU or OUs themselves, be hidden from certain users. For example, although a user might not have the permission to read an object’s attributes, the user, if permitted to view the contents of the object’s parent container, can still see that the object exists. You can hide objects in a domain by creating an OU for the objects and limiting the set of users who have the List Contents permission for that A plus certification online. Permissions are discussed in more detail in Chapter 9, “Administering Active Directory Objects.”
Note Because there is only one way to delegate administration and there are multiple ways to administer Group Policy, you must define OU structures to delegate administration first. After an OU structure is defined to handle delegation of administration, you can define addi?tional OUs to administer Group Policy or hide objects.
A site link bridge is the linking of more than two sites for replication using the same transport. When more than two sites are linked for replication and use the same transport, by default, all of the site links are “bridged” in terms of cost,assuming the site links have common sites. If site link transitivity is enabled, which it is by default, creating a site link bridge has no effect. Therefore, it is seldom necessary to create site link bridges.
A global catalog server is a domain controller that stores a full copy of all objects in the directory for its host domain and a partial copy of all objects for all other domains in the forest. For optimum network response time and application availability, designate at least one domain controller in each site as the global catalog server. To optimize replication in a multiple site environment, you might need to consider adding global catalogs for specific sites.
An application directory partition is a directory partition that is replicated only to specific domain controllers running Windows Server 2003. Application directory partitions are usually created by the Free A+ exam questions applications that use them to store and replicate data.