Professional Documents
Culture Documents
AD Design
AD Design
Exam Objectives
1.5 Design the Active Directory infrastructure to meet business and technical requirements
1.5.1 Design the envisioned administration model 1.5.2 Create the conceptual design of the Active Directory forest structure 1.5.3 Create the conceptual design of the Active Directory domain structure 1.5.5 Create the conceptual design of the organizational unit (OU) structure 1.5.4 Design the Active Directory replication strategy
70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure 2
Introduction
Active Directory designs are developed after the environment has been assessed and fully documented During the initial stages of the Active Directory services infrastructure design, identify the administrative model that will be implemented
70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure 3
70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure 4
70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure 6
Isolation:
Only administrators of the resource have access
70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure 7
70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure 8
70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure 9
Forest Models
Multiple forest scenarios:
The Service Provider model The Restricted Access model The Resource model The Organizational model The Single-Forest model
70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure 10
70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure 11
70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure 12
70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure 13
70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure 14
70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure 15
Owners are responsible for assigning the appropriate people to the appropriate roles
70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure 16
70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure 17
70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure 18
70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure 19
70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure 20
70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure 21
70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure 22
Regional Domains
Regional model implies that a separate domain is created for each distinct region within the organization Disadvantages associated with introducing additional regional domains:
Multiple service admin groups Additional overhead in duplicating settings Interdomain object moves
70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure 23
70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure 24
Functional Domains
Established per functional group or business group within the organization Within the functional domain model:
Forest might be home to multiple, disparate, autonomous businesses Degree of collaboration is required
70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure 25
70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure 26
Only one namespace needs to be created and managed No interoperability issues exist between disparate namespaces
70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure 27
A Single Tree
70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure 28
Multiple Trees
Advantages:
Disparate businesses can use their own different namespaces Autonomy within the business namespace
Disadvantages:
Multiple DNS names Increased DNS maintenance
70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure 29
70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure 30
70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure 31
70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure 32
70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure 33
OU Design Models
Geographic models
Start by creating geography-based OUs at the root of the domain
Functional models
Start by creating functional-based OUs at the root of the domain
70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure 35
70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure 36
70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure 37
70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure 38
70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure 39
70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure 40
70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure 41
70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure 42
Summary
Service administrators manage the Active Directory infrastructure Data administrators manage data contained within Active Directory and member computers If service or data isolation is required, create a separate forest If disparate schemas or Configuration partition data is required, create a separate forest
70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure 43
Summary (continued)
Consider geographic domains to better manage replication Consider functional domains for service autonomy OU design influences:
Administrative models Group policy Protection of sensitive objects