Chapter 3 Planning an Active Directory Implementation Planning 3 Understand the Business need Technology capabilities Beware of evolution networking Decision DNS namespace Domain model Organize to adapt to company structure 2 Active Directory and DNS 3 AD use DNS for name resolution WIN 2000 DNS tied directly to AD Namespace decision Internal and External same Internal and External different Register name with ICANN 3 3 Namespace Different namespaces for internal and external resources 4 3 Advantages Internal and external resources are easily separated Administration is separated for internal and external namespaces Internal resources are easily secured Better control when giving clients access to internal resources 5 3 Disadvantages Separate DNS name tables must be maintained Multiple domain name registrations must be purchased and maintained Logon names will be different from Internet e mail addresses 6 Namespace Integration Same 3 Two methods Integrate AD at the root level Define a subdomain of the root domain and then install the AD tree within that subdomain 7 3 Advantages Logon IDs and e mail addresses are the same for users Internal and external resources can be accessed seamlessly The AD tree is the same for internal and external corporate resources 8 3 Disadvantages Internal resources may be published on the external DNS server Firewalls must be put in place to protect the internal network 9 Site Design 3 Rayco 10 3 Site Design Margo 11 Site Design Possibilities 3 Single site Pro Ease of administration no additional sites and site links Pro No need to move DCs between sites Con Domain replication and authentication traffic is uncontrollable 12 Site Design Possibilities 3 Four sites Pro Allows for better use of long haul links requires a minimum of DCs 13 Site Design Possibilities 3 Seven sites Pro Allows the administrator to schedule replication with slower sites at off peak times Con Bandwidth utilization at sites connected at less than 1 54 Mbps 14 Site Design Possibilities 3 Nine sites Pro Each physical location can be defined as an independent site Pro Ability to control replication and authenticate locally result in the best AD performance Con Consumes a large amount of administrative and network resources 15 3 Sites DC can be placed in multiple sites May require a Registry hack Many Windows 2000 services site aware 16 Domain Structure 3 A single domain structure is recommended A multiple domain structure may be necessary because A slow link exists between two or more physical locations A legacy Windows NT network structure must be maintained Political considerations exist 17 Use of Organizational Units 3 OUs are not required in a Windows 2000 environment An OU is a container object An OU is a domain object Therefore cannot contain objects from another domain 18 Possible OU Models 3 Object model create an OU for each type of object in the domain Pro Can be easily extended as new object types are added to the domain Con No direct relationship exists between the object model and the business processes within a company 19 Possible OU Models 3 Departmental model separate objects based on the business departments associated with those objects Pro Close integration of resources and the people who use them 20 Possible OU Models 3 Geographic model group objects based on the geographic location of the resources Pro Can cope with rapid changes in corporate structure 21 3 22 3 23 Possible OU Models 3 Administrative model mimic the administrative structure of the organization Con Does not cope well with rapid changes within the company 24 3 25 Possible OU Models 3 Business unit model based on divisions of a corporation that have a specific role Generally used in conjunction with a departmental model to mirror the corporate structure 26 3 Designing the Infrastructure Gather data about the network Lay out the AD sites Place the DCs within the sites Establish replication schedules 27 3 Chapter Summary Namespace is the first issue to consider when designing the network environment Develop a name resolution solution for DNS If a registered DNS domain name exists you may wish to register an internal domain You may extend your existing domain to include internal resources Strive for the fewest possible domains in your environment 28 3 Chapter Summary Allow for flexibility in your OU structure Consider replication bandwidth when designing the infrastructure Balance costs with performance when designing your DC structure Replication traffic can be controlled through properties of the site links 29
View Full Document
Unlocking...