The schema defines the attributes of all objects defined and used in Active Directory. The diagram indicates that as in the figure, all AD users must have the attributes shown:
When you extend the schema, such as when you install Exchange Server On-prem, you must have Schema Admin or Enterprise Admin permissions to be able to add additional attributes to Active Directory objects.
The security boundary of an Active Directory environment is not actually the domain but the forest.
Sites are useful for facilitating and managing a geo-distributed infrastructure.
To search objects in AD, first we need to understand the basic structure of the AD database and find out where we should search from. Active Directory can support tens of millions of objects and to scale up those objects, the AD database is divided up into partitions (aka naming context) for replication and administration.
Each logical partition replicates its changes separately among domain controllers in the forest. See the typical structure below:
<aside> 💡
Download ADExplorer to view this structure
</aside>
Domain Partition: DC=privatelab,DC=local
It stores information about directory objects found in the given domain. (E.g. Users/Groups/Computers/OUs.)
Configuration Partition: CN=Configuration,DC=privatelab,DC=local
It stores information about the directory structure such as available domains/sites and domain controllers in the forest.
Schema Partition: CN=Schema,CN=Configuration,DC=privatelab,DC=local
It stores definition of all objects, along with their properties.