Slide 1Slide 2Slide 3Slide 4Slide 5Slide 6Slide 7Slide 8Slide 9Slide 10Slide 11Slide 12Slide 13Slide 14Slide 15Slide 16Slide 17Slide 18Slide 19Slide 20Slide 21Slide 22Slide 23Slide 24Slide 25Slide 26Slide 27Slide 28Slide 29Slide 303.1 © 2004 Pearson Education, Inc.Exam 70-297 Designing a Microsoft® Windows® Server 2003 Active Directory and Network InfrastructureLesson 3: Examining the Current Directory Services InfrastructureNumber and configuration of domains and trustsDefines the domain model in useOf utmost concern when upgrading rather than restructuringTypes of domain models used in Windows NTSingle master Multi-master Mesh (full trust)Examining a Windows NT Infrastructure (2)(Skill 1)3.2 © 2004 Pearson Education, Inc.Exam 70-297 Designing a Microsoft® Windows® Server 2003 Active Directory and Network InfrastructureLesson 3: Examining the Current Directory Services InfrastructureSingle master domain modelConsists of one account domain trusted by one or more resource domainsUser accounts are contained in the account domain (also called master domain)Resources are administered from the resource domainAdvantage: centralized model with well-defined administrative boundaryDisadvantages: reduced user limits and potential for excessive WAN trafficExamining a Windows NT Infrastructure (3)(Skill 1)3.3 © 2004 Pearson Education, Inc.Exam 70-297 Designing a Microsoft® Windows® Server 2003 Active Directory and Network InfrastructureLesson 3: Examining the Current Directory Services InfrastructureMulti-master domain modelConsists of multiple account and resource domains, with master domains all trusting each other and resource domains trusting all master domainsAccounts are contained in all master domainsResources are administered in the resource domainAdvantages: fairly well-centralized, strong administrative boundaries, and higher account limits than single masterDisadvantages: increased complexity and still some potential for excessive WAN trafficExamining a Windows NT Infrastructure (4)(Skill 1)3.4 © 2004 Pearson Education, Inc.Exam 70-297 Designing a Microsoft® Windows® Server 2003 Active Directory and Network InfrastructureLesson 3: Examining the Current Directory Services InfrastructureMesh (full trust) domain modelContains multiple domains that all trust all other domains Accounts and resources are administered in each domainAdvantages: unlimited account limits and few traffic problemsDisadvantages: very complex administrative structure, difficult to administer if more than four domains, requires defining and administering an excessive number of trust relationshipsExamining a Windows NT Infrastructure (5)(Skill 1)3.5 © 2004 Pearson Education, Inc.Exam 70-297 Designing a Microsoft® Windows® Server 2003 Active Directory and Network InfrastructureLesson 3: Examining the Current Directory Services InfrastructureAdministrative modelNormally follows domain structureImportant to understand because the model helps define administrative boundaries in new networkMost accurate way to determine is to examine daily functions of each member of administrative teamOther methods Interviewing administrative or IT managementExamining permissions, rights, and group membershipsHelpful to create diagram once examination is completeExamining a Windows NT Infrastructure (6)(Skill 1)3.6 © 2004 Pearson Education, Inc.Exam 70-297 Designing a Microsoft® Windows® Server 2003 Active Directory and Network InfrastructureLesson 3: Examining the Current Directory Services InfrastructureReplicationAlmost entirely dependent on domain model chosen and domain controller layoutWindows NT uses replicator service to replicate file and folder structures to specific serversIn Windows Server 2003 and Windows 2000 Server, this function has been taken over by the File Replication Service (FRS)During design process, you must know which folders will need to be replicated by FRS, which almost always includes a subset of the files currently replicated by the replicator serviceExamining a Windows NT Infrastructure (7)(Skill 1)3.7 © 2004 Pearson Education, Inc.Exam 70-297 Designing a Microsoft® Windows® Server 2003 Active Directory and Network InfrastructureLesson 3: Examining the Current Directory Services InfrastructureSystem policiesCurrently configured system policies provide a good starting point on which to base Group PoliciesSystem policies also define rights assignments, which are important when designing the security and administrative structure of the new networkExamining a Windows NT Infrastructure (8)(Skill 1)3.8 © 2004 Pearson Education, Inc.Exam 70-297 Designing a Microsoft® Windows® Server 2003 Active Directory and Network InfrastructureLesson 3: Examining the Current Directory Services InfrastructureGroup structureMust take into account global and local group membershipsIn many Windows NT networks, global groups are used almost exclusively, which leads to a large number of global groupsRearrange group structure to utilize both global and local groups and follow the Microsoft ruleMicrosoft rule (A-G-DL-P): Put user accounts (A) into global groups (G), put global groups into domain local groups (DL), and then grant permissions (P)Examining a Windows NT Infrastructure (9)(Skill 1)3.9 © 2004 Pearson Education, Inc.Exam 70-297 Designing a Microsoft® Windows® Server 2003 Active Directory and Network InfrastructureLesson 3: Examining the Current Directory Services InfrastructureDomain controller configurationIf reusing existing domain controllers, hardware specifications become criticalCheck compatibility and ability to scale Perform a pilot upgrade if possibleIf a pilot is not possible, use Performance Monitor or third-party tools to determine peak number of interactive logins that must be supported by each domain controller (primary metric)RAM, disk, and network requirements fairly staticProcessor requirements depend on number of users interactively logging in during peak periodTake other services into accountExamining a Windows NT Infrastructure (10)(Skill 1)3.10 © 2004 Pearson Education, Inc.Exam 70-297 Designing a Microsoft® Windows® Server 2003 Active Directory and Network InfrastructureLesson 3: Examining the Current
View Full Document