Presentation is loading. Please wait.

Presentation is loading. Please wait.

Active Directory design recommended practices Mark Cribben Consultant.

Published byFlorence Stevenson Modified over 9 years ago

Similar presentations

Presentation on theme: "Active Directory design recommended practices Mark Cribben Consultant."— Presentation transcript:

1 Active Directory design recommended practices Mark Cribben Consultant

2 Agenda Forest design principles Domain design principles Name space design recommendations Site / Physical design OU design Base security considerations Branch scenarios Management

3 Forest design principles Identify security boundaries – The forest is the security boundary Start with single forest. Considerations: – Acquisition and divesting pattern of the organisation – Schema ownership – Security – Legal considerations (typical in banking scenarios but by no means exclusive to them.)

4 Domain design principles Start with a single domain. Considerations are: – Replication boundaries – Account policy requirements – Political So what about a placeholder / empty forest root domain? – Design recommendations changed within 18 months of Windows 2000 launching but the message seems to be taking a long time to get out. – There is no additional security to be gained through an empty forest root domain.

5 Name space design How to name an AD – So what’s in a name? How important is it after all? Where to put name servers – Understand the importance of _msdcs. zone How to replicate DNS information – Where possible try and use AD integrated as it increases the security and reduces the management of replicating the information – Allows for multi master DNS How to configure the DC’s and clients – Advice is different for Windows 2000 and Windows Server 2003 DC’s – Clients should be configured to use their local DNS server as the primary. Nearest hub / data centre as the alternate

6 Site / Physical design (1) Identify your deployment model: – Centralised – Distributed – Branch – Combination Define sites and subnets. Consider: – Data Centre failure – Redundancy – Client and application needs

7 Site / Physical design (2) Domain controllers: – Location – Security – Function – Administration Designing for discovery and failover – SRV registration strategy – Autositecoverage decisions

8 Site / Physical design (3) Replication: – Load balancing on BH Servers – Schedule and Interval – Compression value – TombstoneLifetime

9 OU design OU’s have two primary roles: – Delegation of admin – Application of Group Policy Most common (sensible!) OU design approaches: – Device / object type Try to avoid: – Too many OUs / levels of nesting – Following your org chart

10 Branch Scenarios Bear in mind that Branch Office does not automatically mean retail banking! Primarily a scenario where you have lots of remote locations that have users but not necessarily a large number of them or good quality, high bandwidth connections. Key issues: – Administration – Placement of Domain Controllers / GC’s – Applications at the remote site – Available bandwidth – Replication including BH Server load balancing, replication scheduling, convergence

11 Management Do not even think about deploying Active Directory without providing management support. – We have seen too many situations where customers have problems that could so easily have been avoided with even a basic monitoring solution / process! Managing the Directory Service: – MOM is an option – If MOM cannot be deployed then provide processes, scripts and tools to allow ongoing management Group Policy – At the very least install GPMC!

12 ©2004 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

13 Welcome to this TechNet Event FREE bi-weekly technical newsletter FREE regular technical events hosted across the UK FREE weekly UK & US led technical webcasts FREE comprehensive technical web site Monthly CD / DVD subscription with the latest technical tools & resources FREE quarterly technical magazine We would like to bring your attention to the key elements of the TechNet programme; the central information and community resource for IT professionals in the UK: To subscribe to the newsletter or just to find out more, please visit www.microsoft.com/uk/technet or speak to a Microsoft representative during the break www.microsoft.com/uk/technet

14 http://www.microsoft.com/uk/technet

Download ppt "Active Directory design recommended practices Mark Cribben Consultant."

Similar presentations

Accelerating Content Management Server solutions with MCMS.RAPID Mark Harrison – Microsoft Tony Sloggett.

Accelerating Content Management Server solutions with MCMS.RAPID Mark Harrison – Microsoft Tony Sloggett.
Active Directory: Beyond The Basics

Active Directory: Beyond The Basics
Active Directory Fundamentals

Active Directory Fundamentals
Service Manager for MSPs

Service Manager for MSPs
Windows Server ® 2008 and Windows Server ® 2008 R2 Active Directory ® Domain Services Infrastructure Planning and Design Published: February 2008 Updated:

Windows Server ® 2008 and Windows Server ® 2008 R2 Active Directory ® Domain Services Infrastructure Planning and Design Published: February 2008 Updated:
Remote Desktop Services

Remote Desktop Services
Introduction to Systems Management Server 2003 Tyler S. Farmer Sr. Technology Specialist II Education Solutions Group Microsoft Corporation.

Introduction to Systems Management Server 2003 Tyler S. Farmer Sr. Technology Specialist II Education Solutions Group Microsoft Corporation.
Active Directory Fundamentals Thomas Lee Chief Technologist QA

Active Directory Fundamentals Thomas Lee Chief Technologist QA
Module 14: Implementing an Active Directory Infrastructure.

Module 14: Implementing an Active Directory Infrastructure.
Windows Server ® 2008 Active Directory ® Domain Services Infrastructure Planning and Design Series Published: February 2008 Updated: July 2009.

Windows Server ® 2008 Active Directory ® Domain Services Infrastructure Planning and Design Series Published: February 2008 Updated: July 2009.
70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure Chapter 2: Developing the Active Directory.

70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure Chapter 2: Developing the Active Directory.
Dan Stolts IT Pro Evangelist US DPE - North East Microsoft Corporation

Dan Stolts IT Pro Evangelist US DPE - North East Microsoft Corporation
More Control and Flexibility Vitalis Konopelec Technology Solution Professional Microsoft Slovakia s.r.o.

More Control and Flexibility Vitalis Konopelec Technology Solution Professional Microsoft Slovakia s.r.o.
Michael Kleef Technology Advisor | Microsoft Australia

Michael Kleef Technology Advisor | Microsoft Australia
F5 solution for Microsoft Exchange

F5 solution for Microsoft Exchange
Kalpesh Patel Ramprabhu Rathnam

Kalpesh Patel Ramprabhu Rathnam
Advanced Infrastructures In System Center Configuration Manager 2012 R2 Jason blog.configmgrftw.com m Wally.

Advanced Infrastructures In System Center Configuration Manager 2012 R2 Jason blog.configmgrftw.com m Wally.
7.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.

7.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.
Making Identity and Access Management Real – The Early Days Brian Lauge Pedersen Senior Technology Specialist.

Making Identity and Access Management Real – The Early Days Brian Lauge Pedersen Senior Technology Specialist.
Understanding Active Directory

Understanding Active Directory

Similar presentations

Ads by Google