Presentation is loading. Please wait.

Presentation is loading. Please wait.

Examining a Windows NT Infrastructure (2)

Similar presentations


Presentation on theme: "Examining a Windows NT Infrastructure (2)"— Presentation transcript:

1 Examining a Windows NT Infrastructure (2)
(Skill 1) Examining a Windows NT Infrastructure (2) Number and configuration of domains and trusts Defines the domain model in use Of utmost concern when upgrading rather than restructuring Types of domain models used in Windows NT Single master Multi-master Mesh (full trust)

2 Examining a Windows NT Infrastructure (3)
(Skill 1) Examining a Windows NT Infrastructure (3) Single master domain model Consists of one account domain trusted by one or more resource domains User accounts are contained in the account domain (also called master domain) Resources are administered from the resource domain Advantage: centralized model with well-defined administrative boundary Disadvantages: reduced user limits and potential for excessive WAN traffic

3 Examining a Windows NT Infrastructure (4)
(Skill 1) Examining a Windows NT Infrastructure (4) Multi-master domain model Consists of multiple account and resource domains, with master domains all trusting each other and resource domains trusting all master domains Accounts are contained in all master domains Resources are administered in the resource domain Advantages: fairly well-centralized, strong administrative boundaries, and higher account limits than single master Disadvantages: increased complexity and still some potential for excessive WAN traffic

4 Examining a Windows NT Infrastructure (5)
(Skill 1) Examining a Windows NT Infrastructure (5) Mesh (full trust) domain model Contains multiple domains that all trust all other domains Accounts and resources are administered in each domain Advantages: unlimited account limits and few traffic problems Disadvantages: very complex administrative structure, difficult to administer if more than four domains, requires defining and administering an excessive number of trust relationships

5 Examining a Windows NT Infrastructure (6)
(Skill 1) Examining a Windows NT Infrastructure (6) Administrative model Normally follows domain structure Important to understand because the model helps define administrative boundaries in new network Most accurate way to determine is to examine daily functions of each member of administrative team Other methods Interviewing administrative or IT management Examining permissions, rights, and group memberships Helpful to create diagram once examination is complete

6 Examining a Windows NT Infrastructure (7)
(Skill 1) Examining a Windows NT Infrastructure (7) Replication Almost entirely dependent on domain model chosen and domain controller layout Windows NT uses replicator service to replicate file and folder structures to specific servers In Windows Server 2003 and Windows 2000 Server, this function has been taken over by the File Replication Service (FRS) During design process, you must know which folders will need to be replicated by FRS, which almost always includes a subset of the files currently replicated by the replicator service

7 Examining a Windows NT Infrastructure (8)
(Skill 1) Examining a Windows NT Infrastructure (8) System policies Currently configured system policies provide a good starting point on which to base Group Policies System policies also define rights assignments, which are important when designing the security and administrative structure of the new network

8 Examining a Windows NT Infrastructure (9)
(Skill 1) Examining a Windows NT Infrastructure (9) Group structure Must take into account global and local group memberships In many Windows NT networks, global groups are used almost exclusively, which leads to a large number of global groups Rearrange group structure to utilize both global and local groups and follow the Microsoft rule Microsoft rule (A-G-DL-P): Put user accounts (A) into global groups (G), put global groups into domain local groups (DL), and then grant permissions (P)

9 Examining a Windows NT Infrastructure (10)
(Skill 1) Examining a Windows NT Infrastructure (10) Domain controller configuration If reusing existing domain controllers, hardware specifications become critical Check compatibility and ability to scale Perform a pilot upgrade if possible If a pilot is not possible, use Performance Monitor or third-party tools to determine peak number of interactive logins that must be supported by each domain controller (primary metric) RAM, disk, and network requirements fairly static Processor requirements depend on number of users interactively logging in during peak period Take other services into account

10 Examining a Windows NT Infrastructure (11)
(Skill 1) Examining a Windows NT Infrastructure (11) Domain controller placement Analysis of current placement helps determine the areas of the network that may be prone to performance or reliability constraints

11 Figure 3-1 Single master domain model
(Skill 1) Figure 3-1 Single master domain model

12 Figure 3-2 Multi-master domain model
(Skill 1) Figure 3-2 Multi-master domain model

13 Figure 3-3 Mesh domain model
(Skill 1) Figure 3-3 Mesh domain model

14 Figure 3-4 A diagram of a simple administrative model
(Skill 1) Figure 3-4 A diagram of a simple administrative model

15 Figure 3-5 The Microsoft Rule
(Skill 1) Figure 3-5 The Microsoft Rule

16 Examining a Windows 2000 Infrastructure
(Skill 2) Examining a Windows 2000 Infrastructure Redesigning a Windows 2000 Active Directory-based infrastructure typically requires a more thorough examination of the existing infrastructure than when redesigning a Windows NT infrastructure Active Directory adds significant complexity to the environment

17 Examining a Windows 2000 Infrastructure (2)
(Skill 2) Examining a Windows 2000 Infrastructure (2) Factors to consider when designing an Active Directory-based network Forest and tree design Existing manual trust relationships DNS configuration Site configuration Schema modifications Organizational unit (OU) design

18 Examining a Windows 2000 Infrastructure (3)
(Skill 2) Examining a Windows 2000 Infrastructure (3) Factors to consider when designing an Active Directory-based network Active Directory security settings Group Policy Sysvol requirements Global catalog server requirements Security and distribution group configuration Flexible Single Master of Operations (FSMO) role configuration

19 Examining a Windows 2000 Infrastructure (4)
(Skill 2) Examining a Windows 2000 Infrastructure (4) Forest and tree design Forest design affects number of schemas, administrative model, number of global catalogs, and trust design If a network contains more than one forest, you should know the reasoning behind that decision Importance of tree design It describes the network’s domain naming model It defines the configuration of default trust relationships within the forest(s)

20 Examining a Windows 2000 Infrastructure (5)
(Skill 2) Examining a Windows 2000 Infrastructure (5) Existing manual trust relationships Types of manual trusts Shortcut trusts (manual two-way transitive trusts, also known as explicit trusts) One-way trusts (typically established between Windows NT and Active Directory domains or different Active Directory forests) Must understand reasoning behind why they exist, because it may influence new design

21 Examining a Windows 2000 Infrastructure (7)
(Skill 2) Examining a Windows 2000 Infrastructure (7) Site configuration Sites are commonly misconfigured Pay special attention to site links and the relationship between physical topology and site topology Mistakes can lead to significantly higher WAN link usage

22 Examining a Windows 2000 Infrastructure (8)
(Skill 2) Examining a Windows 2000 Infrastructure (8) Schema modifications Of concern because schema modifications can make drastic changes to the functionality of Active Directory Examine the number and type of schema modifications, organization’s schema modification guidelines, and reasoning Failure to take schema modifications into account can lead to last minute schema modifications, which can cause massive Active Directory replication and other problems

23 Examining a Windows 2000 Infrastructure (9)
(Skill 2) Examining a Windows 2000 Infrastructure (9) Organizational unit (OU) design One of most significant factors in Active Directory design Affects administrative delegation, object organization, and Group Policy application within each domain

24 Examining a Windows 2000 Infrastructure (10)
(Skill 2) Examining a Windows 2000 Infrastructure (10) Organizational unit (OU) design Need to analyze the certain facets Structure of the OU design Number of levels present in the OU design Organization (or lack thereof) in the design Delegation of permissions Group Policies applied to OUs Use of Block Inheritance and No Override permissions Contents of each OU

25 Examining a Windows 2000 Infrastructure (11)
(Skill 2) Examining a Windows 2000 Infrastructure (11) Active Directory security settings Related to OU design Typically applied to one or more groups within the structure in the form of delegated permissions applied to the OU Sometimes applied to individual objects All should be examined thoroughly

26 Examining a Windows 2000 Infrastructure (12)
(Skill 2) Examining a Windows 2000 Infrastructure (12) Group Policy Settings have a significant impact on operation of systems within the network Note which Group Policy Objects (GPOs) are applied at site, domain, and OU levels. Examine each GPO to determine their configured settings Examine use of No Override and Block Inheritance Examine permissions configured on each Group Policy

27 Examining a Windows 2000 Infrastructure (14)
(Skill 2) Examining a Windows 2000 Infrastructure (14) Global catalog server requirements Examine locations, paying special attention to locations that do not contain any global catalog servers Examine the configuration of each existing global catalog server Examine reliability and performance statistics Examine network traffic related to global catalog replication and queries

28 Examining a Windows 2000 Infrastructure (16)
(Skill 2) Examining a Windows 2000 Infrastructure (16) Flexible Single Master of Operations (FSMO) role configuration Examine placement of these roles closely, because they are so important Make sure in new design that you transfer roles as necessary to achieve maximum level of reliability and redundancy

29 Examining a Windows 2000 Infrastructure (17)
(Skill 2) Examining a Windows 2000 Infrastructure (17) FSMO role configuration Obtain the following information on servers currently hosting FSMO roles Server hardware configuration Server performance and reliability statistics Backup records or logs Other services configured Security settings Whether the server is a global catalog server Whether the server hosts more than one FSMO role

30 Figure 3-9 Analyzing Group Policy application
(Skill 2) Figure 3-9 Analyzing Group Policy application


Download ppt "Examining a Windows NT Infrastructure (2)"

Similar presentations


Ads by Google