Presentation is loading. Please wait.

Presentation is loading. Please wait.

70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure Chapter 2: Developing the Active Directory.

Published byShannon Charles Modified over 9 years ago

Similar presentations

Presentation on theme: "70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure Chapter 2: Developing the Active Directory."— Presentation transcript:

1 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure Chapter 2: Developing the Active Directory Infrastructure Design

2 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure 2 Exam Objectives 1.5 Design the Active Directory infrastructure to meet business and technical requirements –1.5.1 Design the envisioned administration model –1.5.2 Create the conceptual design of the Active Directory forest structure –1.5.3 Create the conceptual design of the Active Directory domain structure –1.5.5 Create the conceptual design of the organizational unit (OU) structure –1.5.4 Design the Active Directory replication strategy

3 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure 3 Introduction Active Directory designs are developed after the environment has been assessed and fully documented During the initial stages of the Active Directory services infrastructure design, identify the administrative model that will be implemented

4 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure 4 Assessing and Designing the Administrative Model Service administrators are responsible for: –Maintaining the Active Directory infrastructure –Ensuring that the infrastructure provides the necessary functions and services to end users –Not the same people performing the data administrator role

5 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure 5 The Role of the Service Administrator The service administrator is responsible for: –Management and maintenance of domain controllers (DCs) –Management and maintenance of a Domain Name System (DNS) –Management and maintenance of forestwide components –Management and maintenance of Active Directory replication within the forest –Deployment of Active Directory infrastructure throughout the organization –Management and maintenance of trusts within the forest –Management and maintenance of trusts with external domains, forests, and Kerberos realms

6 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure 6 The Role of the Data Administrator The data administrator is responsible for: –Management of user objects –Management of group objects –Management of machine objects –Management of printer objects –Management of NTFS file and share access control lists (ACLs) –Management of member servers and workstations

7 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure 7 Understanding Isolation and Autonomy Autonomy: –Implies a degree of independence –Can be achieved at the service admin level –Can be achieved at the data administrator level Isolation: –Only administrators of the resource have access

8 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure 8 Autonomy and Isolation Flow Chart

9 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure 9 Assessing and Defining the Forest Design Forest design factors: –Organizational –Operational –Legal –Naming considerations –Timescales –Management overhead –Test environments –External facing environments

10 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure 10 Forest Models Multiple forest scenarios: –The Service Provider model –The Restricted Access model –The Resource model –The Organizational model –The Single-Forest model

11 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure 11 The Service Provider Model

12 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure 12 The Restricted Access Model

13 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure 13 The Resource Model

14 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure 14 The Organizational Forest Model

15 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure 15 The Single Forest Model Simplest to design, engineer, and deploy Cheapest option to deploy and the cheapest to own Isolation requires a separate forest to be established Autonomy needs a separate domain to be established

16 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure 16 Ownership, Accountability, and Change Management Sponsors are responsible for ensuring that: –Each business’s requirements are voiced during the design phase –Designs are appropriate and relevant to each participating business Owners are responsible for assigning the appropriate people to the appropriate roles

17 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure 17 Assessing and Creating the Domain Design Decision to deploy additional domains is influenced by: –Geographic separation –Network limitations –Service autonomy

18 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure 18 Maximum Number of Users Supported in a Single Domain

19 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure 19 Names and Hierarchies When designing Active Directory forests and domains –Each domain has two names: a NetBIOS name and a DNS name Dedicated root domain –When deploying the first domain in a forest, the DNS name chosen is used as the suffix for all other domains

20 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure 20 Using a Dedicated Root Domain Deployed simply to exist as the root domain Advantages: –Forest service admins are separated from domain service admins –Simpler to reconfigure the forest –Politically neutral

21 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure 21 The Dedicated Root Domain Model

22 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure 22 The Nondedicated Domain

23 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure 23 Regional Domains Regional model implies that a separate domain is created for each distinct region within the organization Disadvantages associated with introducing additional regional domains: –Multiple service admin groups –Additional overhead in duplicating settings –Interdomain object moves

24 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure 24 The Regional Domain Model

25 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure 25 Functional Domains Established per functional group or business group within the organization Within the functional domain model: –Forest might be home to multiple, disparate, autonomous businesses –Degree of collaboration is required

26 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure 26 The Functional Domain Model

27 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure 27 Comparing Trees with Domains Advantages of the single tree approach: –Only one namespace needs to be created and managed –No interoperability issues exist between disparate namespaces Disadvantages of the single tree approach: –Disparate, autonomous businesses are constrained to using the first namespace –Businesses do not have autonomy within their own namespace

28 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure 28 A Single Tree

29 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure 29 Multiple Trees Advantages: –Disparate businesses can use their own different namespaces –Autonomy within the business namespace Disadvantages: –Multiple DNS names –Increased DNS maintenance

30 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure 30 A Forest with Multiple Trees

31 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure 31 Single Domain Forest Houses all objects, including: –Forest service admins –Domain service admins –Users –Groups –Computers –DCs

32 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure 32 Advantages and Disadvantages of a Single Domain Forest

33 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure 33 Developing the OU Model OU design factors are dictated by: –The way in which the business is administered –The way in which group policy needs to be –The need to hide sensitive objects from users

34 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure 34 OU Design Models Geographic models –Start by creating geography-based OUs at the root of the domain Functional models –Start by creating functional-based OUs at the root of the domain Object type models –Start by creating object type-based OUs at the root of the domain

35 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure 35 The Geographic OU Model

36 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure 36 The Functional OU Model

37 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure 37 The Object Type OU Model

38 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure 38 Developing the Replication Design Principles and concepts surrounding replication: –Sites –Subnets –Site links –Site link bridges –Connection objects –Multimaster replication

39 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure 39 Developing the Replication Design (continued) Principles and concepts surrounding replication: –Knowledge Consistency Checker (KCC) –Inter Site Topology Generator and bridgehead servers –SYSVOL –File Replication System (FRS) –Topology options –Ownership

40 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure 40 Sites and Costs

41 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure 41 Site Link Bridging

42 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure 42 The Bridgehead and ISTG Roles

43 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure 43 Summary Service administrators manage the Active Directory infrastructure Data administrators manage data contained within Active Directory and member computers If service or data isolation is required, create a separate forest If disparate schemas or Configuration partition data is required, create a separate forest

44 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure 44 Summary (continued) Consider geographic domains to better manage replication Consider functional domains for service autonomy OU design influences: –Administrative models –Group policy –Protection of sensitive objects Be conversant with replication concepts

Download ppt "70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure Chapter 2: Developing the Active Directory."

Similar presentations

RM Technical Seminars Spring 2005 Masterclass Essentials.

RM Technical Seminars Spring 2005 Masterclass Essentials.
Active Directory: Beyond The Basics

Active Directory: Beyond The Basics
Windows Server ® 2008 and Windows Server ® 2008 R2 Active Directory ® Domain Services Infrastructure Planning and Design Published: February 2008 Updated:

Windows Server ® 2008 and Windows Server ® 2008 R2 Active Directory ® Domain Services Infrastructure Planning and Design Published: February 2008 Updated:
Establishing an OU Hierarchy for Managing and Securing Clients Base design on business and IT needs Split hierarchy Separate user and computer OUs Simplifies.

Establishing an OU Hierarchy for Managing and Securing Clients Base design on business and IT needs Split hierarchy Separate user and computer OUs Simplifies.
COMP091 OS1 Active Directory. Some History Early 1990s Windows for Workgroups introduced peer-to-peer networking based on SMB over netbios (tcp/ip still.

COMP091 OS1 Active Directory. Some History Early 1990s Windows for Workgroups introduced peer-to-peer networking based on SMB over netbios (tcp/ip still.
Windows Server ® 2008 Active Directory ® Domain Services Infrastructure Planning and Design Series Published: February 2008 Updated: July 2009.

Windows Server ® 2008 Active Directory ® Domain Services Infrastructure Planning and Design Series Published: February 2008 Updated: July 2009.
70-294: MCSE Guide to Microsoft Windows Server 2003 Active Directory, Enhanced Chapter 1: Introduction to Active Directory.

70-294: MCSE Guide to Microsoft Windows Server 2003 Active Directory, Enhanced Chapter 1: Introduction to Active Directory.
Chapter 6 Introducing Active Directory

Chapter 6 Introducing Active Directory
Chapter 4 Chapter 4: Planning the Active Directory and Security.

Chapter 4 Chapter 4: Planning the Active Directory and Security.
Introduction to Active Directory

Introduction to Active Directory
3.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.

3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
By Rashid Khan Lesson 4-Preparing to Serve: Understanding Microsoft Networking.

By Rashid Khan Lesson 4-Preparing to Serve: Understanding Microsoft Networking.
Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.

Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.
Chapter 4 Introduction to Active Directory and Account Management

Chapter 4 Introduction to Active Directory and Account Management
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
Introduction to Dfs. Limits of Dfs 260 characters per file path 32 alternatives per volume 1 Dfs root per server Unlimited Dfs roots per domain Volumes.

Introduction to Dfs. Limits of Dfs 260 characters per file path 32 alternatives per volume 1 Dfs root per server Unlimited Dfs roots per domain Volumes.
3.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.

3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.
Understanding Active Directory

Understanding Active Directory
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.

Similar presentations

Ads by Google