Add to collection(s) Add to saved
  1. Social Science
  2. Political Science
  3. Media

week2b - Angelfire

advertisement 
Active Directory Implementation
Class 4
CSIS 165 – Week 2B
Exams 70-217 & 70-294
Copyright Scott Wallihan, 2005
Active Directory – Class 4


Ch 5 – AD Logical Design
Ch 6 – AD Physical Design
Ch 5 – AD Logical Design
Ch 5 – AD Logical Design







Choosing DNS Names
Justifying Additional Forests
Justifying Additional Domains
Identifying Trust Requirements
Designing Organizational Units
Domain Functional Levels
Upgrading from Windows NT
Choosing DNS Names

Two primary role of domain names



External Internet presence
AD & Internal resource identification
Three DNS namespace design options



Use one DNS namespace for Internet & AD
Use discontinuous DNS Namespace for AD
Use a subdomain of Internet Namespace for AD
Using a single DNS namespace

Advantages:



Disadvantages:


Requires only one domain
Naming for email addresses is seamless
Manually maintained DNS server for Internet
Solution:


Ideal for companies desiring simplicity
Use a subset DNS server in a DMZ to service
Internet name resolutions
Discontinuous DNS Namespace

Advantages


Disadvantages:


Totally obfuscates internal namespace
Typically requires DNS forwarder – But this
solution is typically used in closed environments
Remark:


An uncommon solution
Used in high security environments
Subdomain DNS Namespace

Advantages:




Disadvantages:


Ideal support for forest root domain
Supports AD-aware dynamic DNS for the Internet
presence – an uncommon requirement
Easily replicates existing DNS topology
More domains = more domain controllers = $$$
Solution:


The only choice for larger companies
Don’t use a Windows Domain on the Internet
unless AD-aware DNS is required – Use zone files
Justifying Additional Forests

Forests contain:






A single AD schema
A single physical configuration
A single global catalog
A single Enterprise Admins group
Trusts between all domains
Factors justifying an additional forest:



The need to support incompatible schemas
The need to totally separate Enterprise Admins
The need for trust isolation – maximum security
Justifying Additional Domains

Domains define:




Security principals
Account policies
Domain Administrators
Factors justifying additional domains:


The need for differing account policies
The need to separate domain
administrators
Trusts





Default two-way, transitive trusts
Shortcut trusts
Forest trusts
Realm trusts
External trusts (Windows NT)
Organizational Units

Organizational units permit:


Application of group policy
Delegation of sub administration
Designing Organizational Units

Common uses of organizational units:


Geographical location
Department
Domain & Forest Functional
Levels




Windows
Windows
Windows
Windows
2000 mixed mode
2000 native
Server 2003 interim
Server 2003
Upgrading Windows NT Domains


In-place upgrade
Domain consolidation
Ch 6 – AD Physical Design
Ch 6 – AD Physical Design







Understanding & Managing Replication
Sites & Subnets
Site Links
Locating Domain Controllers
Site Link Bridges
Locating Domain Controllers
Locating Global Catalog Servers
Managing Replication

By default, all domain controllers:



Problems:




Are members of the same site
Replicate with all other DC’s in a ring
DC’s determine replication randomly
DC’s replicate frequently
By default, replication traffic is not compressed.
Solution:

Create sites to define replication boundaries
Sites & Subnets

Sites defined:


Sites direct clients’ access to resources:




A collection of one or more well-connected
subnets
Global catalog servers
DFS servers
Domain Controllers
Default-First-Site-Name site

Domain controllers are placed in here by default
Site Links


Site links define replication paths
between subnets
Site links define a replication schedule
and method
Site Link Bridges


By default, all site links are bridged.
This permits replication to occur
between all sites
In non-fully routed environments, site
link bridges define which sites can
communicate with each other
Locating Domain Controllers



Every domain should have at least two
domain controllers
Large sites should have two or more
DC’s
Small sites should have one DC
Locating Global Catalog Servers



Every domain MUST have one global catalog
server
Global catalog and Infrastructure master role
should be on separate domain controllers
Every site that processes logons must have
one global catalog server

To circumvent this requirement:



Run domain in “Windows Server 2003” mode
Enable Universal group caching – site object
In organizations with one domain, place a
global catalog on every domain controller
Review


Ch 5 – AD Logical Design
Ch 6 – AD Physical Design
Related documents
HOMEWORK 1 • DNS stands for do not submit (1) DNS Make up a
HOMEWORK 1 • DNS stands for do not submit (1) DNS Make up a
Questions for Unit-7
Questions for Unit-7
Assignment-2_old Paper
Assignment-2_old Paper
Matching game to review for Exam II
Matching game to review for Exam II
Super G on Raven PTarmigan January15th, 2009 RACE JURY
Super G on Raven PTarmigan January15th, 2009 RACE JURY
Lab 11 - Personal Web Pages
Lab 11 - Personal Web Pages
What Is DNS, And Why Do I Care
What Is DNS, And Why Do I Care
HOMEWORK 2 • DNS stands for do not submit 1. Problems In the
HOMEWORK 2 • DNS stands for do not submit 1. Problems In the
Download
advertisement