DESIGNING THE FOREST AND DOMAIN INFRASTRUCTURE

1
DESIGNING THE FOREST AND DOMAIN INFRASTRUCTURE

• Chapter 5

2
DESIGN TEAM ROLES
3
DESIGN TASKS
4
DESIGN COMPONENTS
5
DETERMINING BUSINESS REQUIREMENTS AND PRIORITIES

• What is the main purpose for the infrastructure
  design?
• What, if any, are the organizations plans for
  growth or consolidation?
• Who will need to access the Active Directory
  structure?
• Do any organizational requirements require
  special security considerations?

6
DETERMINING THE FOREST DESIGN
7
DOCUMENTING THE FOREST PLAN
8
DETERMINING THE DOMAIN DESIGN
9
MULTIPLE DOMAIN MODEL
10
DETERMINING THE FOREST ROOT DOMAIN
11
DETERMINING THE DNS NAMESPACE DESIGN
12
SELECTING A DOMAIN NAME

• Use only Internet standard characters, including
  az, 09, and hyphen (-).
• Use short domain names that are easily
  identifiable and that conform to NetBIOS naming
  requirements.
• Use only registered domain names as the base for
  your root.
• Domain naming rules RFC 1034, RFC 1035, and RFC
  1123 specify the Internet domain naming rules
  that you should follow.
• Integrating with non-Windows Server 2003 DNS
  servers.

13
DOCUMENTING THE DNS NAMESPACE DESIGN

• Responsible design team members and contact
  information
• The namespace to be used both externally and
  internally
• Whether the name is registered
• Type and version of DNS implementation being used
• Rationale for your decisions based on the
  business requirements

14
DETERMINING A TRUST STRATEGY
15
FOREST TRUSTS
16
SHORTCUT TRUSTS
17
EXTERNAL TRUSTS
18
REALM TRUSTS
19
TRUST STRATEGY DESIGN GUIDELINES
20
DOCUMENTING THE TRUST STRATEGY

• Responsible design team members and their contact
  information.
• The trusted and trusting forest or domains
  involved in each trust.
• The types and categories of trusts to be used.
• The direction of the trusts.
• The type of authentication to be used
  forest-wide or selective.
• Rationale for each trust that supports the
  business requirements.

21
DETERMINING A MIGRATION PLAN
22
WINDOWS NT 4.0 CONSIDERATIONS

• Upgrade or restructure?
• Existing administrative model?
• Upgrade in place?
• Deploy latest Service Packs.

23
WINDOWS 2000 CONSIDERATIONS

• Upgrading domains and forests in place is the
  least expensive and most efficient method.
• You must use the Active Directory Preparation
  tool to prepare a Windows 2000 domain and forest
  for upgrade.
• SMB packet signing and secure channel security
  policies are enabled by default on Windows Server
  2003 domain controllers.

24
MIGRATION DECISION POINTS
25
DOCUMENTING THE MIGRATION STRATEGY

• Responsible design team members and contact
  information
• Names and versions of the domains to be migrated
• Type of migration to be used for each upgrade or
  restructure
• A hardware inventory of the computers involved in
  the upgrade process
• A risk assessment and fallback plan should the
  migration fail
• Rationale that supports the business requirements
  for the migration

26
SUMMARY

• Key tasks determining business requirements and
  priorities, determining a forest and domain
  design, determining a DNS namespace design,
  determining a trust strategy, and determining a
  migration plan.
• Choose a forest and domain infrastructure.
• Use a single domain whenever possible because it
  is by far the simplest structure to plan, deploy,
  and maintain.
• What are three options for designing a DNS
  namespace structure?
• Name four trust types.
• Name two options you have when performing a
  migration.