1 / 44

Chapter 2: Developing the Active Directory Infrastructure Design

70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure. Chapter 2: Developing the Active Directory Infrastructure Design. Exam Objectives. 1.5 Design the Active Directory infrastructure to meet business and technical requirements

hank
Download Presentation

Chapter 2: Developing the Active Directory Infrastructure Design

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure Chapter 2: Developing the Active Directory Infrastructure Design

  2. Exam Objectives • 1.5 Design the Active Directory infrastructure to meet business and technical requirements • 1.5.1 Design the envisioned administration model • 1.5.2 Create the conceptual design of the Active Directory forest structure • 1.5.3 Create the conceptual design of the Active Directory domain structure • 1.5.5 Create the conceptual design of the organizational unit (OU) structure • 1.5.4 Design the Active Directory replication strategy 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure

  3. Introduction • Active Directory designs are developed after the environment has been assessed and fully documented • During the initial stages of the Active Directory services infrastructure design, identify the administrative model that will be implemented 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure

  4. Assessing and Designing the Administrative Model • Service administrators are responsible for: • Maintaining the Active Directory infrastructure • Ensuring that the infrastructure provides the necessary functions and services to end users • Not the same people performing the data administrator role 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure

  5. The Role of the Service Administrator • The service administrator is responsible for: • Management and maintenance of domain controllers (DCs) • Management and maintenance of a Domain Name System (DNS) • Management and maintenance of forestwide components • Management and maintenance of Active Directory replication within the forest • Deployment of Active Directory infrastructure throughout the organization • Management and maintenance of trusts within the forest • Management and maintenance of trusts with external domains, forests, and Kerberos realms 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure

  6. The Role of the Data Administrator • The data administrator is responsible for: • Management of user objects • Management of group objects • Management of machine objects • Management of printer objects • Management of NTFS file and share access control lists (ACLs) • Management of member servers and workstations 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure

  7. Understanding Isolation and Autonomy • Autonomy: • Implies a degree of independence • Can be achieved at the service admin level • Can be achieved at the data administrator level • Isolation: • Only administrators of the resource have access 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure

  8. Autonomy and Isolation Flow Chart 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure

  9. Assessing andDefining the Forest Design • Forest design factors: • Organizational • Operational • Legal • Naming considerations • Timescales • Management overhead • Test environments • External facing environments 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure

  10. Forest Models • Multiple forest scenarios: • The Service Provider model • The Restricted Access model • The Resource model • The Organizational model • The Single-Forest model 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure

  11. The Service Provider Model 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure

  12. The Restricted Access Model 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure

  13. The Resource Model 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure

  14. The Organizational Forest Model 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure

  15. The Single Forest Model • Simplest to design, engineer, and deploy • Cheapest option to deploy and the cheapest to own • Isolation requires a separate forest to be established • Autonomy needs a separate domain to be established 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure

  16. Ownership, Accountability, and Change Management • Sponsors are responsible for ensuring that: • Each business’s requirements are voiced during the design phase • Designs are appropriate and relevant to each participating business • Owners are responsible for assigning the appropriate people to the appropriate roles 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure

  17. Assessing and Creating the Domain Design • Decision to deploy additional domains is influenced by: • Geographic separation • Network limitations • Service autonomy 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure

  18. Maximum Number of Users Supported in a Single Domain 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure

  19. Names and Hierarchies • When designing Active Directory forests and domains • Each domain has two names: a NetBIOS name and a DNS name • Dedicated root domain • When deploying the first domain in a forest, the DNS name chosen is used as the suffix for all other domains 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure

  20. Using a Dedicated Root Domain • Deployed simply to exist as the root domain • Advantages: • Forest service admins are separated from domain service admins • Simpler to reconfigure the forest • Politically neutral 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure

  21. The Dedicated Root Domain Model 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure

  22. The Nondedicated Domain 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure

  23. Regional Domains • Regional model implies that a separate domain is created for each distinct region within the organization • Disadvantages associated with introducing additional regional domains: • Multiple service admin groups • Additional overhead in duplicating settings • Interdomain object moves 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure

  24. The Regional Domain Model 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure

  25. Functional Domains • Established per functional group or business group within the organization • Within the functional domain model: • Forest might be home to multiple, disparate, autonomous businesses • Degree of collaboration is required 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure

  26. The Functional Domain Model 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure

  27. Comparing Trees with Domains • Advantages of the single tree approach: • Only one namespace needs to be created and managed • No interoperability issues exist between disparate namespaces • Disadvantages of the single tree approach: • Disparate, autonomous businesses are constrained to using the first namespace • Businesses do not have autonomy within their own namespace 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure

  28. A Single Tree 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure

  29. Multiple Trees • Advantages: • Disparate businesses can use their own different namespaces • Autonomy within the business namespace • Disadvantages: • Multiple DNS names • Increased DNS maintenance 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure

  30. A Forest with Multiple Trees 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure

  31. Single Domain Forest • Houses all objects, including: • Forest service admins • Domain service admins • Users • Groups • Computers • DCs 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure

  32. Advantages and Disadvantages of a Single Domain Forest 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure

  33. Developing the OU Model • OU design factors are dictated by: • The way in which the business is administered • The way in which group policy needs to be • The need to hide sensitive objects from users 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure

  34. OU Design Models • Geographic models • Start by creating geography-based OUs at the root of the domain • Functional models • Start by creating functional-based OUs at the root of the domain • Object type models • Start by creating object type-based OUs at the root of the domain 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure

  35. The Geographic OU Model 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure

  36. The Functional OU Model 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure

  37. The Object Type OU Model 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure

  38. Developing the Replication Design • Principles and concepts surrounding replication: • Sites • Subnets • Site links • Site link bridges • Connection objects • Multimaster replication 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure

  39. Developing the Replication Design (continued) • Principles and concepts surrounding replication: • Knowledge Consistency Checker (KCC) • Inter Site Topology Generator and bridgehead servers • SYSVOL • File Replication System (FRS) • Topology options • Ownership 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure

  40. Sites and Costs 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure

  41. Site Link Bridging 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure

  42. The Bridgehead and ISTG Roles 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure

  43. Summary • Service administrators manage the Active Directory infrastructure • Data administrators manage data contained within Active Directory and member computers • If service or data isolation is required, create a separate forest • If disparate schemas or Configuration partition data is required, create a separate forest 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure

  44. Summary (continued) • Consider geographic domains to better manage replication • Consider functional domains for service autonomy • OU design influences: • Administrative models • Group policy • Protection of sensitive objects • Be conversant with replication concepts 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure

More Related