MCSE-07-Designing_of_an_Active_Directory_Service-01-Theory

Document Sample
MCSE-07-Designing_of_an_Active_Directory_Service-01-Theory Powered By Docstoc
					ADVANTAGE PRO – Chennai’s Premier Networking Training Centre
  Agenda
Introduction to Designing a Directory Services
Infrastructure
DNS and Active Directory
Designing a DNS Naming Strategy for Active
Directory
Designing an Active Directory Domain
  Designing the Initial Active Directory Domain
  Planning for Security Groups
  Planning for OUs
Designing a Multiple-Domain Structure
  Planning for Multiple-Domain Trees
  Planning for Multiple-Tree Forests
  Planning for Multiple Forests
Managing Operations Master Roles
                ADVANTAGE PRO – Chennai’s Premier Networking Training Centre
Conducting an Organizational Analysis

   Identifying Organizational Needs

   Making Design Choices

   Planning Guidelines




                  ADVANTAGE PRO – Chennai’s Premier Networking Training Centre
 Identifying Organizational Needs

Determine the Goals of the Organization

Analyze the Administrative Model

Anticipate Growth and Reorganization

Document the Gathered Information




              ADVANTAGE PRO – Chennai’s Premier Networking Training Centre
Making Design Choices



   Decision Points

   Implications

   Risks and Costs

   Tradeoffs




          ADVANTAGE PRO – Chennai’s Premier Networking Training Centre
Planning Guidelines



    Remember Business Needs

    Maintain a Clear Vision

    Make Solid Tradeoff Decisions

    Create a Simple Design

    Test the Design


             ADVANTAGE PRO – Chennai’s Premier Networking Training Centre
    Architectural Elements of Active
               Directory


   Designing a Naming Strategy
   Designing an Active Directory Domain
   Designing Multiple Domains
   Designing a Site Topology
   Designing for Delegation of Administrative Authority
   Designing for Group Policy
   Designing Schema Modifications


                ADVANTAGE PRO – Chennai’s Premier Networking Training Centre
      Designing a Naming Strategy
   Active Directory Uses DNS as Naming Service
   Internet Presence a Determining Factor in Selecting
    Domain Names23

                  Domain Name System
                         (DNS)




                  nwtraders.msft




                    ADVANTAGE PRO – Chennai’s Premier Networking Training Centre
        Designing an Active Directory Domain

   Create OUs to Support
    Delegation and Group Policy
   Create OU Structure to Reflect
    Administrative Model                       nwtraders.msft
   Carefully Name the First                         First
    Domain                                          Domain
                                                 OU              OU



                                             OU     OU       OU      OU



                      ADVANTAGE PRO – Chennai’s Premier Networking Training Centre
    Designing Multiple Domains

   Administered Separately But May Share Resources
   More Complex To Manage

                                          nwtraders.msft


                               Root




             Child                              Child
            Domain                             Domain
        us.nwtraders.msft               europe.nwtraders.msft



                     ADVANTAGE PRO – Chennai’s Premier Networking Training Centre
          Designing for Delegation of Administrative Authority


   Relieves Burden of
    Centralized Management
   Separates administrative Authority
    from Rest of Network                         nwtraders.msft


                                                     Domain



                                                              asia.nwtraders.msft
                                                                  Mfg     HR
                                na.nwtraders.msft

                                                                 recruiting
                                                          research          training
                         ADVANTAGE PRO – Chennai’s Premier Networking Training Centre
        Designing Schema Modifications


   Schema Defines Objects and
    Attributes in Active Directory
   Changing the Schema Can Affect the
    Entire Network                                                    Schema
   Create a Schema Modification Policy
    to Manage Changes




                    ADVANTAGE PRO – Chennai’s Premier Networking Training Centre
Agenda



             DNS

                &

   Active Directory


         ADVANTAGE PRO – Chennai’s Premier Networking Training Centre
ADVANTAGE PRO – Chennai’s Premier Networking Training Centre
       Introduction to the Role of DNS in Active
       Directory


   Name Resolution
      DNS translates computer names to IP addresses

      Computers use DNS to locate each other on the network


   Naming Convention for Windows 2000 Domains
      Windows 2000 uses DNS naming standards for domain
      names

      DNS domains and Active Directory domains share a
      common hierarchical naming structure


                     ADVANTAGE PRO – Chennai’s Premier Networking Training Centre
   Locating the Physical Components of Active
    Directory

      DNS identifies domain controllers by the services
      they provide

      Computers use DNS to locate domain controllers and
      global catalog servers




                    ADVANTAGE PRO – Chennai’s Premier Networking Training Centre
        DNS and Active Directory Namespaces

        DNS Namespace                                              DNS Node
           Internet
                                                                     Active Directory
            “.”            (DNS root domain)                         Domain


            com.
                                  Active Directory Namespace


                      microsoft           microsoft.com
                          training
sales
                                                   training. microsoft.com

                computer1 sales. microsoft.com

                             ADVANTAGE PRO – Chennai’s Premier Networking Training Centre
        DNS Host Names and Windows 2000
        Computer Names
                          DNS  host record and Active Directory
                           object represent the same physical
          “.”              computer
                          DNS  allows computers to locate domain
         com.              controllers within Active Directory

                                                                      Active Directory
        microsoft
                                                                         training.microsoft.com
sales         training
                                                                             Builtin
                                                                             Computers
            computer1                                                           Computer1
                                                                                Computer2

                         FQDN = computer1.training.microsoft.com
                         Windows 2000 Computer Name = Computer1
                               ADVANTAGE PRO – Chennai’s Premier Networking Training Centre
DNS Requirements for Active Directory


  DNS Requirements to Support Active Directory


       Support for SRV records (mandatory)

       Support for the dynamic update
       protocol (recommended)

       Support for incremental zone transfers
       (recommended)



              ADVANTAGE PRO – Chennai’s Premier Networking Training Centre
     Agenda




Designing a DNS Naming Strategy for Active Directory




                  ADVANTAGE PRO – Chennai’s Premier Networking Training Centre
          Identifying Business Needs

   Main Business Needs that Impact a Naming Strategy:

      Intended Scope of Active Directory

      Internet Presence




                   ADVANTAGE PRO – Chennai’s Premier Networking Training Centre
     Distinguishing Between DNS and Active
     Directory
 DNS   Servers Store Resource Records
 Active   Directory Servers Store Domain Objects
              Domain Name System
                     (DNS)




               contoso.msft




                   ADVANTAGE PRO – Chennai’s Premier Networking Training Centre
Planning Active Directory Domain Names


    Determining the Scope of Active Directory

    Designing the Naming Hierarchy

    Choosing Active Directory Domain Names




                   ADVANTAGE PRO – Chennai’s Premier Networking Training Centre
       Determining the Scope of Active Directory


   DNS Name Should Represent Entire Organization
      Headquarters
      Branch Locations
      Business Partners


   Active Directory Name Can Be Internet Name
      Register Name with ICANN




                     ADVANTAGE PRO – Chennai’s Premier Networking Training Centre
   Designing the Naming Hierarchy

                                     DNS Name: contoso.msft
                Root



                    contoso.msft
     Child                                            Child

 namerica.contoso.msft            europe.contoso.msft



DNS Name:                          DNS Name:
namerica.contoso.msft              europe.contoso.msft

                  ADVANTAGE PRO – Chennai’s Premier Networking Training Centre
        Choosing Active Directory Domain Names


   Choose a Root Domain Name Unique to the Internet

   Conform to DNS Naming Regulations

   Register Your DNS Domain Name

   Choose Meaningful, Stable, Scalable Names

   Use An Existing DNS Domain Name


                      ADVANTAGE PRO – Chennai’s Premier Networking Training Centre
       Designing a DNS Naming Strategy for
       Active Directory
   Making Initial Naming Decisions

   Using a Delegated Sub domain Name for the Internal
    Network

   Using a Single DNS Name for Public and Private
    Networks

   Using a Different DNS Name for Public and Private
    Networks

   Design Guidelines
                        ADVANTAGE PRO – Chennai’s Premier Networking Training Centre
    Making Initial Naming Decisions

   Registering the DNS Root Name

   Designing with an Existing DNS Implementation

   Determining   Internal         and       External         Naming
    Strategies

   Meeting Requirements of the DNS Design

   Assuring Client Name Resolution

                  ADVANTAGE PRO – Chennai’s Premier Networking Training Centre
           Using a Delegated Sub domain Name for
           the Internal Network


   Create a New DNS Zone in
                                                                        contoso.msft
    New Domain

   Configure Authoritative DNS                             Zone 1
    Server in Existing DNS
    Domain to Delegate to New                                         Firewall
    Domain

   Create    Active   Directory
    Forest Root in New Domain                              ad.contoso.msft


                                          Zone 2
                         ADVANTAGE PRO – Chennai’s Premier Networking Training Centre
       Designing a DNS Solution to Integrate with
       BIND

To Integrate BIND and Microsoft DNS You Can

   Use Existing DNS Strategy as the Root of Active Directory

   Create a Subdomain of the Existing DNS Strategy as the
    Root of Active Directory

   Keep the Existing BIND DNS Strategy, and Register
    Another Domain Name for the Root of Active Directory



                      ADVANTAGE PRO – Chennai’s Premier Networking Training Centre
        Design Guidelines


Naming Strategies Include:

   Delegated Subdomain for the Internal Network

   Single DNS Name for Public and Private Networks

   Different DNS Name for Public and Private Networks




                      ADVANTAGE PRO – Chennai’s Premier Networking Training Centre
ALL THE BEST




 ADVANTAGE PRO – Chennai’s Premier Networking Training Centre