Slide 1Slide 2Slide 3Slide 4Slide 5Slide 6Slide 7Slide 8Slide 9Slide 10Slide 11Slide 12Slide 13Slide 14Slide 15Slide 16Slide 17Slide 18Slide 19Slide 20Slide 21Slide 22Slide 23Slide 24Slide 25Slide 26Slide 27Slide 28Slide 29Slide 303.1 © 2004 Pearson Education, Inc.Exam 70-297 Designing a Microsoft® Windows® Server 2003 Active Directory and Network InfrastructureLesson 3: Examining the Current Directory Services InfrastructureNumber and configuration of domains and trustsDefines the domain model in useOf utmost concern when upgrading rather than restructuringTypes of domain models used in Windows NTSingle master Multi-master Mesh (full trust)Examining a Windows NT Infrastructure (2)(Skill 1)3.2 © 2004 Pearson Education, Inc.Exam 70-297 Designing a Microsoft® Windows® Server 2003 Active Directory and Network InfrastructureLesson 3: Examining the Current Directory Services InfrastructureSingle master domain modelConsists of one account domain trusted by one or more resource domainsUser accounts are contained in the account domain (also called master domain)Resources are administered from the resource domainAdvantage: centralized model with well-defined administrative boundaryDisadvantages: reduced user limits and potential for excessive WAN trafficExamining a Windows NT Infrastructure (3)(Skill 1)3.3 © 2004 Pearson Education, Inc.Exam 70-297 Designing a Microsoft® Windows® Server 2003 Active Directory and Network InfrastructureLesson 3: Examining the Current Directory Services InfrastructureMulti-master domain modelConsists of multiple account and resource domains, with master domains all trusting each other and resource domains trusting all master domainsAccounts are contained in all master domainsResources are administered in the resource domainAdvantages: fairly well-centralized, strong administrative boundaries, and higher account limits than single masterDisadvantages: increased complexity and still some potential for excessive WAN trafficExamining a Windows NT Infrastructure (4)(Skill 1)3.4 © 2004 Pearson Education, Inc.Exam 70-297 Designing a Microsoft® Windows® Server 2003 Active Directory and Network InfrastructureLesson 3: Examining the Current Directory Services InfrastructureMesh (full trust) domain modelContains multiple domains that all trust all other domains Accounts and resources are administered in each domainAdvantages: unlimited account limits and few traffic problemsDisadvantages: very complex administrative structure, difficult to administer if more than four domains, requires defining and administering an excessive number of trust relationshipsExamining a Windows NT Infrastructure (5)(Skill 1)3.5 © 2004 Pearson Education, Inc.Exam 70-297 Designing a Microsoft® Windows® Server 2003 Active Directory and Network InfrastructureLesson 3: Examining the Current Directory Services InfrastructureAdministrative modelNormally follows domain structureImportant to understand because the model helps define administrative boundaries in new networkMost accurate way to determine is to examine daily functions of each member of administrative teamOther methods Interviewing administrative or IT managementExamining permissions, rights, and group membershipsHelpful to create diagram once examination is completeExamining a Windows NT Infrastructure (6)(Skill 1)3.6 © 2004 Pearson Education, Inc.Exam 70-297 Designing a Microsoft® Windows® Server 2003 Active Directory and Network InfrastructureLesson 3: Examining the Current Directory Services InfrastructureReplicationAlmost entirely dependent on domain model chosen and domain controller layoutWindows NT uses replicator service to replicate file and folder structures to specific serversIn Windows Server 2003 and Windows 2000 Server, this function has been taken over by the File Replication Service (FRS)During design process, you must know which folders will need to be replicated by FRS, which almost always includes a subset of the files currently replicated by the replicator serviceExamining a Windows NT Infrastructure (7)(Skill 1)3.7 © 2004 Pearson Education, Inc.Exam 70-297 Designing a Microsoft® Windows® Server 2003 Active Directory and Network InfrastructureLesson 3: Examining the Current Directory Services InfrastructureSystem policiesCurrently configured system policies provide a good starting point on which to base Group PoliciesSystem policies also define rights assignments, which are important when designing the security and administrative structure of the new networkExamining a Windows NT Infrastructure (8)(Skill 1)3.8 © 2004 Pearson Education, Inc.Exam 70-297 Designing a Microsoft® Windows® Server 2003 Active Directory and Network InfrastructureLesson 3: Examining the Current Directory Services InfrastructureGroup structureMust take into account global and local group membershipsIn many Windows NT networks, global groups are used almost exclusively, which leads to a large number of global groupsRearrange group structure to utilize both global and local groups and follow the Microsoft ruleMicrosoft rule (A-G-DL-P): Put user accounts (A) into global groups (G), put global groups into domain local groups (DL), and then grant permissions (P)Examining a Windows NT Infrastructure (9)(Skill 1)3.9 © 2004 Pearson Education, Inc.Exam 70-297 Designing a Microsoft® Windows® Server 2003 Active Directory and Network InfrastructureLesson 3: Examining the Current Directory Services InfrastructureDomain controller configurationIf reusing existing domain controllers, hardware specifications become criticalCheck compatibility and ability to scale Perform a pilot upgrade if possibleIf a pilot is not possible, use Performance Monitor or third-party tools to determine peak number of interactive logins that must be supported by each domain controller (primary metric)RAM, disk, and network requirements fairly staticProcessor requirements depend on number of users interactively logging in during peak periodTake other services into accountExamining a Windows NT Infrastructure (10)(Skill 1)3.10 © 2004 Pearson Education, Inc.Exam 70-297 Designing a Microsoft® Windows® Server 2003 Active Directory and Network InfrastructureLesson 3: Examining the Current