COMP 208 - Professor Lisa MacLean

advertisement
COMP 563
PROF. MACLEAN
ACTIVE DIRECTORY DESIGN for 2003
Name: ______________________________
Most of this information can be found in your textbook, and also at:
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/.
You must complete a comprehensive design of your Active Directory logical structure before you
deploy Active Directory. Thoroughly preparing your Active Directory design is essential to a costeffective deployment.
Benefits of Windows Server 2003



Support of multiple processors, multitasking and symmetric multiprocessing (splitting server
and network operations across multiple processors)
A comprehensive system for organizing and managing multiple network objects (Active
Directory)
Centralized management of multiple objects, resources and services through the Microsoft
Management Console (MMC)
Logical Structure Design
Before you deploy Windows Server 2003 Active Directory, you must plan for and design the
Active Directory logical structure for your environment. The Active Directory logical structure
determines how your directory objects are organized, and provides an effective method for
managing your network accounts and shared resources. When you design your Active Directory
logical structure, you define a significant part of the network infrastructure of your organization.
To design the Active Directory logical structure, determine the number of forests that your
organization requires, and then create designs for domains, DNS, and organizational units.
Advanced Active Directory Features
Functional levels in Windows Server 2003 Active Directory allow you to enable new features, such
as improved group membership replication, deactivation and redefinition of attributes and classes
in the schema, and forest trust relationships that require that all domain controllers within the
participating domain or forest run Windows Server 2003. Part of the Active Directory design
process involves identifying the domain and forest functional levels that your organization requires.
To implement these Windows Server 2003 Active Directory features in your organization, you
must first deploy Windows Server 2003 Active Directory and then raise the forest and domain to
the appropriate functional level.
Designing your Microsoft® Windows® Server 2003 Active Directory® directory service logical
structure involves defining the structure of and relationships between the forests, domains, and
organizational units that you plan to deploy. Carefully designing your Active Directory logical
structure enables you to minimize the time and effort required implementing Active Directory in
your organization. In this way, you can establish an efficient structure that best meets the
administrative needs of your organization.
Overview of Designing the Active Directory Logical Structure
A well-designed Active Directory logical structure provides the following benefits:
• Simplified management of Windows networks that contain large numbers of objects.
• A consolidated domain structure and reduced administration costs.
• The ability to delegate administrative control over resources as appropriate.
• Reduced impact on network bandwidth.
• Simplified resource sharing.
• Optimal search performance.
• Low total cost of ownership.
A well-designed Active Directory logical structure facilitates the efficient integration of features
such as Group Policy, enabling desktop lockdown, software distribution, and user, group,
workstation, and server administration, into your system. In addition, a carefully designed logical
structure facilitates the integration of services such as Microsoft® Exchange 2000, public key
infrastructure (PKI), and domain-based distributed file system (DFS).
Creating a Forest Design
Creating a forest design involves first identifying the groups within your organization that have the
resources available to host an Active Directory forest, and then defining your forest design
requirements. Finally, you need to determine the number of forests that you require in order to meet
the needs of your organization.
Creating a Domain Design
The forest owner is responsible for creating a domain design for the forest.
Creating a domain design involves examining the replication requirements and
the existing capacity of your network infrastructure, and then building a domain structure that
enables Active Directory to function in the most efficient way.
Domains are used to partition the directory so that the information in the directory can be
distributed and managed efficiently throughout the enterprise. The goal for your domain design is
to maximize the efficiency of the Active Directory replication topology while ensuring that
replication does not use too much available network bandwidth and does not interfere with the
daily operation of your network.
Designing a DNS Infrastructure to Support Active Directory
After you create your Active Directory forest and domain designs, you must design a DNS
infrastructure to support your Active Directory logical structure. DNS enables users to use friendly
names that are easy to remember to connect to computers and other resources on IP networks.
Windows Server 2003 uses DNS for name resolution instead of the Windows Internet Name
Service (WINS) NetBIOS name resolution method used in Windows NT 4.0–based networks. It is
still possible to use WINS for applications that require it; however, Active Directory requires DNS.
The process for designing DNS to support Active Directory varies according to whether your
organization already has an existing DNS service or whether you are deploying a new DNS service.

Note from Instructor: WINS is notoriously slow. There have been rumors of its demise
for many years; however, it persists and Microsoft still supports it.
Designing Organizational Units for Delegation of
Administration
Forest owners are responsible for creating organizational unit designs for their domains. Creating
an OU design involves designing the OU structure, assigning the OU owner role, and creating
account and resource OUs. Initially, design your OU structure to enable delegation of
administration. When the OU design is complete, you can create additional OU structures for the
application of Group Policy to the users and computers and to limit the visibility of objects.
This link leads you to a sample design process:
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/DepKit/25
1fed44-59a3-4a49-8cde-0de2cb5f9f81.mspx
Questions
1) What is an object in the Active Directory structure?
2) What is NetBEUI and why it is no longer supported?
3) What is the sequence of commands for installing Active Directory?
4) Do an Active Directory Design for the Colleges of the Fenway. Turn your design in via email
or on paper.
Download