Planning an Active Directory Implementation

1
Chapter 3

• Planning an Active Directory Implementation

2
Planning

• Understand the Business need
• Technology capabilities
• Beware of evolution networking
• Decision
• DNS namespace
• Domain model
• Organize to adapt to company structure

3
Active Directory and DNS

• AD use DNS for name resolution
• WIN 2000 DNS tied directly to AD
• Namespace decision
• Internal and External same
• Internal and External different
• Register name with ICANN

4
Namespace

• Different namespaces for internal and external
  resources

5
Advantages

• Internal and external resources are easily
  separated
• Administration is separated for internal and
  external namespaces
• Internal resources are easily secured
• Better control when giving clients access to
  internal resources

6
Disadvantages

• Separate DNS name tables must be maintained
• Multiple domain name registrations must be
  purchased and maintained
• Logon names will be different from Internet
  e-mail addresses

7
Namespace Integration Same

• Two methods
• Integrate AD at the root level
• Define a subdomain of the root domain and then
  install the AD tree within that subdomain

8
Advantages

• Logon IDs and e-mail addresses are the same for
  users
• Internal and external resources can be accessed
  seamlessly
• The AD tree is the same for internal and external
  corporate resources

9
Disadvantages

• Internal resources may be published on the
  external DNS server
• Firewalls must be put in place to protect the
  internal network

10
Site Design

• Rayco

11
Site Design
Margo
12
Site Design Possibilities

• Single site
• Pro Ease of administration , no additional sites
  and site links
• Pro No need to move DCs between sites
• Con Domain replication and authentication
  traffic is uncontrollable

13
Site Design Possibilities

• Four sites
• Pro Allows for better use of long-haul links
  requires a minimum of DCs

14
Site Design Possibilities

• Seven sites
• Pro Allows the administrator to schedule
  replication with slower sites at off-peak times
• Con Bandwidth utilization at sites connected at
  less than 1.54 Mbps

15
Site Design Possibilities

• Nine sites
• Pro Each physical location can be defined as an
  independent site
• Pro Ability to control replication and
  authenticate locally result in the best AD
  performance
• Con Consumes a large amount of administrative
  and network resources

16
Sites

• DC can be placed in multiple sites
• May require a Registry hack
• Many Windows 2000 services site aware

17
Domain Structure

• A single-domain structure is recommended
• A multiple-domain structure may be necessary
  because
• A slow link exists between two or more physical
  locations
• A legacy Windows NT network structure must be
  maintained
• Political considerations exist

18
Use of Organizational Units

• OUs are not required in a Windows 2000
  environment
• An OU is a container object
• An OU is a domain object
• Therefore cannot contain objects from another
  domain

19
Possible OU Models

• Object model - create an OU for each type of
  object in the domain
• Pro Can be easily extended as new object types
  are added to the domain
• Con No direct relationship exists between the
  object model and the business processes within a
  company

20
Possible OU Models

• Departmental model - separate objects based on
  the business departments associated with those
  objects
• Pro Close integration of resources and the
  people who use them

21
Possible OU Models

• Geographic model - group objects based on the
  geographic location of the resources
• Pro Can cope with rapid changes in corporate
  structure

22
(No Transcript)
23
(No Transcript)
24
Possible OU Models

• Administrative model - mimic the administrative
  structure of the organization
• Con Does not cope well with rapid changes within
  the company

25
(No Transcript)
26
Possible OU Models

• Business unit model - based on divisions of a
  corporation that have a specific role
• Generally used in conjunction with a departmental
  model to mirror the corporate structure

27
Designing the Infrastructure

• Gather data about the network
• Lay out the AD sites
• Place the DCs within the sites
• Establish replication schedules

28
Chapter Summary

• Namespace is the first issue to consider when
  designing the network environment
• Develop a name resolution solution for DNS
• If a registered DNS domain name exists, you may
  wish to register an internal domain
• You may extend your existing domain to include
  internal resources
• Strive for the fewest possible domains in your
  environment

29
Chapter Summary

• Allow for flexibility in your OU structure
• Consider replication bandwidth when designing the
  infrastructure
• Balance costs with performance when designing
  your DC structure
• Replication traffic can be controlled through
  properties of the site links