70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure Chapter 2: Developing the Active Directory.

Slides:



Advertisements
Similar presentations
RM Technical Seminars Spring 2005 Masterclass Essentials.
Advertisements

Active Directory: Beyond The Basics
Windows Server ® 2008 and Windows Server ® 2008 R2 Active Directory ® Domain Services Infrastructure Planning and Design Published: February 2008 Updated:
Establishing an OU Hierarchy for Managing and Securing Clients Base design on business and IT needs Split hierarchy Separate user and computer OUs Simplifies.
COMP091 OS1 Active Directory. Some History Early 1990s Windows for Workgroups introduced peer-to-peer networking based on SMB over netbios (tcp/ip still.
Windows Server ® 2008 Active Directory ® Domain Services Infrastructure Planning and Design Series Published: February 2008 Updated: July 2009.
70-294: MCSE Guide to Microsoft Windows Server 2003 Active Directory, Enhanced Chapter 1: Introduction to Active Directory.
Chapter 6 Introducing Active Directory
Chapter 4 Chapter 4: Planning the Active Directory and Security.
Introduction to Active Directory
3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
By Rashid Khan Lesson 4-Preparing to Serve: Understanding Microsoft Networking.
Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.
Chapter 4 Introduction to Active Directory and Account Management
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
Introduction to Dfs. Limits of Dfs 260 characters per file path 32 alternatives per volume 1 Dfs root per server Unlimited Dfs roots per domain Volumes.
3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.
Understanding Active Directory
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.
Module 1: Introduction to Designing a Directory Services Infrastructure.
Hands-On Microsoft Windows Server 2008
Hands-On Microsoft Windows Server 2008
Vikram Thakur Introduction to Active Directory Structure.
Active Directory Implementation Class 4
Chapter 4: Active Directory Design and Security Concepts
ADVANCED MICROSOFT ACTIVE DIRECTORY CONCEPTS
Overview of Active Directory Domain Services Lesson 1.
Overview of Active Directory Domain Services Lesson 1.
Nassau Community College
(ITI310) SESSIONS : Active Directory By Eng. BASSEM ALSAID.
11 REVIEWING MICROSOFT ACTIVE DIRECTORY CONCEPTS Chapter 1.
Chapter 4 Introduction to Active Directory and Account Management
70-294: MCSE Guide to Microsoft Windows Server 2003 Active Directory, Enhanced Chapter 7: Active Directory Replication.
Auditing Logical Access in a Network Environment Presented By, Eric Booker and Mark Ren New York State Comptroller’s Office Network Security Unit.
Session 6 Windows Platform Dina Alkhoudari. Learning Objectives What is Active Directory Logical components of active directory Physical components of.
Windows Server 2008 Chapter 4 Last Update
MCTS Guide to Configuring Microsoft Windows Server 2008 Active Directory Chapter 3: Introducing Active Directory.
Working with domains and Active Directory
Designing Active Directory for Security
KAPLAN SCHOOL OF INFORMATION SYSTEMS AND TECHNOLOGY Welcome to Unit 4 IT278 Network Administration Course Name – IT278 Network Administration Instructor.
70-294: MCSE Guide to Microsoft Windows Server 2003 Active Directory, Enhanced Chapter 5: Active Directory Logical Design.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.
September 18, 2002 Windows 2000 Server Active Directory By Jerry Haggard.
Designing Authentication for a Microsoft Windows 2000 Network Designing Authentication in a Microsoft Windows 2000 Network Designing Kerberos Authentication.
Module 7 Active Directory and Account Management.
1 Administering Shared Folders Understanding Shared Folders Planning Shared Folders Sharing Folders Combining Shared Folder Permissions and NTFS Permissions.
Planning a Microsoft Windows 2000 Administrative Structure Designing default administrative group membership Designing custom administrative groups local.
10.1 © 2004 Pearson Education, Inc. Exam Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 10: Planning.
Hands-On Microsoft Windows Server 2008 Chapter 4-Part 1 Introduction to Active Directory and Account Manager.
1 Chapter Overview Managing Object and Container Permissions Locating and Moving Active Directory Objects Delegating Control Troubleshooting Active Directory.
Active Directory Infrastructure Microsoft Windows 2003 Active Directory Infrastructure MCSE Exam
70-412: Configuring Advanced Windows Server 2012 services
OVERVIEW OF ACTIVE DIRECTORY
Introduction to Active Directory
Configuring, Managing and Maintaining Windows Server® 2008 Servers Course 6419A.
© Wiley Inc All Rights Reserved. MCSE: Windows Server 2003 Active Directory Planning, Implementation, and Maintenance Study Guide, Second Edition.
Module 1: Introduction to Active Directory
Logical and Physical Network Design 1. Active Directory Objects Objects Represent Network Resources (Users,Groups,Computers,Printers) Attributes Store.
Unit 4 NT1330 Client-Server Networking II Date: 1/13/2016
Module 8: Planning for Windows Server 2008 Active Directory Services.
CEG 2400 Fall 2012 Directory Services Active Directory Tree Domain.
7.1 © 2004 Pearson Education, Inc. Exam Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 7: Planning.
MCSE: Windows Server 2003 Active Directory Planning, Implementation, and Maintenance Study Guide, Second Edition (70-294) Chapter 1: Overview of the Active.
Active Directory Domain Services (AD DS). Identity and Access (IDA) – An IDA infrastructure should: Store information about users, groups, computers and.
Practical IT Research that Drives Measurable Results Develop an Up-to-Date Active Directory Strategy, and Implement.
Planning an Active Directory Deployment Lesson 1.
Overview of Active Directory Domain Services Lesson 1.
Overview of Active Directory Domain Services
(ITI310) SESSIONS 6-7-8: Active Directory.
Presentation transcript:

70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure Chapter 2: Developing the Active Directory Infrastructure Design

70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure 2 Exam Objectives 1.5 Design the Active Directory infrastructure to meet business and technical requirements –1.5.1 Design the envisioned administration model –1.5.2 Create the conceptual design of the Active Directory forest structure –1.5.3 Create the conceptual design of the Active Directory domain structure –1.5.5 Create the conceptual design of the organizational unit (OU) structure –1.5.4 Design the Active Directory replication strategy

70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure 3 Introduction Active Directory designs are developed after the environment has been assessed and fully documented During the initial stages of the Active Directory services infrastructure design, identify the administrative model that will be implemented

70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure 4 Assessing and Designing the Administrative Model Service administrators are responsible for: –Maintaining the Active Directory infrastructure –Ensuring that the infrastructure provides the necessary functions and services to end users –Not the same people performing the data administrator role

70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure 5 The Role of the Service Administrator The service administrator is responsible for: –Management and maintenance of domain controllers (DCs) –Management and maintenance of a Domain Name System (DNS) –Management and maintenance of forestwide components –Management and maintenance of Active Directory replication within the forest –Deployment of Active Directory infrastructure throughout the organization –Management and maintenance of trusts within the forest –Management and maintenance of trusts with external domains, forests, and Kerberos realms

70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure 6 The Role of the Data Administrator The data administrator is responsible for: –Management of user objects –Management of group objects –Management of machine objects –Management of printer objects –Management of NTFS file and share access control lists (ACLs) –Management of member servers and workstations

70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure 7 Understanding Isolation and Autonomy Autonomy: –Implies a degree of independence –Can be achieved at the service admin level –Can be achieved at the data administrator level Isolation: –Only administrators of the resource have access

70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure 8 Autonomy and Isolation Flow Chart

70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure 9 Assessing and Defining the Forest Design Forest design factors: –Organizational –Operational –Legal –Naming considerations –Timescales –Management overhead –Test environments –External facing environments

70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure 10 Forest Models Multiple forest scenarios: –The Service Provider model –The Restricted Access model –The Resource model –The Organizational model –The Single-Forest model

70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure 11 The Service Provider Model

70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure 12 The Restricted Access Model

70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure 13 The Resource Model

70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure 14 The Organizational Forest Model

70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure 15 The Single Forest Model Simplest to design, engineer, and deploy Cheapest option to deploy and the cheapest to own Isolation requires a separate forest to be established Autonomy needs a separate domain to be established

70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure 16 Ownership, Accountability, and Change Management Sponsors are responsible for ensuring that: –Each business’s requirements are voiced during the design phase –Designs are appropriate and relevant to each participating business Owners are responsible for assigning the appropriate people to the appropriate roles

70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure 17 Assessing and Creating the Domain Design Decision to deploy additional domains is influenced by: –Geographic separation –Network limitations –Service autonomy

70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure 18 Maximum Number of Users Supported in a Single Domain

70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure 19 Names and Hierarchies When designing Active Directory forests and domains –Each domain has two names: a NetBIOS name and a DNS name Dedicated root domain –When deploying the first domain in a forest, the DNS name chosen is used as the suffix for all other domains

70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure 20 Using a Dedicated Root Domain Deployed simply to exist as the root domain Advantages: –Forest service admins are separated from domain service admins –Simpler to reconfigure the forest –Politically neutral

70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure 21 The Dedicated Root Domain Model

70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure 22 The Nondedicated Domain

70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure 23 Regional Domains Regional model implies that a separate domain is created for each distinct region within the organization Disadvantages associated with introducing additional regional domains: –Multiple service admin groups –Additional overhead in duplicating settings –Interdomain object moves

70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure 24 The Regional Domain Model

70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure 25 Functional Domains Established per functional group or business group within the organization Within the functional domain model: –Forest might be home to multiple, disparate, autonomous businesses –Degree of collaboration is required

70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure 26 The Functional Domain Model

70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure 27 Comparing Trees with Domains Advantages of the single tree approach: –Only one namespace needs to be created and managed –No interoperability issues exist between disparate namespaces Disadvantages of the single tree approach: –Disparate, autonomous businesses are constrained to using the first namespace –Businesses do not have autonomy within their own namespace

70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure 28 A Single Tree

70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure 29 Multiple Trees Advantages: –Disparate businesses can use their own different namespaces –Autonomy within the business namespace Disadvantages: –Multiple DNS names –Increased DNS maintenance

70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure 30 A Forest with Multiple Trees

70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure 31 Single Domain Forest Houses all objects, including: –Forest service admins –Domain service admins –Users –Groups –Computers –DCs

70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure 32 Advantages and Disadvantages of a Single Domain Forest

70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure 33 Developing the OU Model OU design factors are dictated by: –The way in which the business is administered –The way in which group policy needs to be –The need to hide sensitive objects from users

70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure 34 OU Design Models Geographic models –Start by creating geography-based OUs at the root of the domain Functional models –Start by creating functional-based OUs at the root of the domain Object type models –Start by creating object type-based OUs at the root of the domain

70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure 35 The Geographic OU Model

70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure 36 The Functional OU Model

70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure 37 The Object Type OU Model

70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure 38 Developing the Replication Design Principles and concepts surrounding replication: –Sites –Subnets –Site links –Site link bridges –Connection objects –Multimaster replication

70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure 39 Developing the Replication Design (continued) Principles and concepts surrounding replication: –Knowledge Consistency Checker (KCC) –Inter Site Topology Generator and bridgehead servers –SYSVOL –File Replication System (FRS) –Topology options –Ownership

70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure 40 Sites and Costs

70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure 41 Site Link Bridging

70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure 42 The Bridgehead and ISTG Roles

70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure 43 Summary Service administrators manage the Active Directory infrastructure Data administrators manage data contained within Active Directory and member computers If service or data isolation is required, create a separate forest If disparate schemas or Configuration partition data is required, create a separate forest

70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure 44 Summary (continued) Consider geographic domains to better manage replication Consider functional domains for service autonomy OU design influences: –Administrative models –Group policy –Protection of sensitive objects Be conversant with replication concepts

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.