Presentation is loading. Please wait.

Presentation is loading. Please wait.

Active Directory Implementation Class 4

Published byAllyson Norris Modified over 8 years ago

Similar presentations

Presentation on theme: "Active Directory Implementation Class 4"— Presentation transcript:

1 Active Directory Implementation Class 4
CSIS 165 – Week 2B Exams & Copyright Scott Wallihan, 2005

2 Active Directory – Class 4
Ch 5 – AD Logical Design Ch 6 – AD Physical Design

3 Ch 5 – AD Logical Design

4 Ch 5 – AD Logical Design Choosing DNS Names
Justifying Additional Forests Justifying Additional Domains Identifying Trust Requirements Designing Organizational Units Domain Functional Levels Upgrading from Windows NT

5 Choosing DNS Names Two primary role of domain names
External Internet presence AD & Internal resource identification Three DNS namespace design options Use one DNS namespace for Internet & AD Use discontinuous DNS Namespace for AD Use a subdomain of Internet Namespace for AD

6 Using a single DNS namespace
Advantages: Requires only one domain Naming for addresses is seamless Disadvantages: Manually maintained DNS server for Internet Solution: Ideal for companies desiring simplicity Use a subset DNS server in a DMZ to service Internet name resolutions

7 Discontinuous DNS Namespace
Advantages Totally obfuscates internal namespace Disadvantages: Typically requires DNS forwarder – But this solution is typically used in closed environments Remark: An uncommon solution Used in high security environments

8 Subdomain DNS Namespace
Advantages: Ideal support for forest root domain Supports AD-aware dynamic DNS for the Internet presence – an uncommon requirement Easily replicates existing DNS topology Disadvantages: More domains = more domain controllers = $$$ Solution: The only choice for larger companies Don’t use a Windows Domain on the Internet unless AD-aware DNS is required – Use zone files

9 Justifying Additional Forests
Forests contain: A single AD schema A single physical configuration A single global catalog A single Enterprise Admins group Trusts between all domains Factors justifying an additional forest: The need to support incompatible schemas The need to totally separate Enterprise Admins The need for trust isolation – maximum security

10 Justifying Additional Domains
Domains define: Security principals Account policies Domain Administrators Factors justifying additional domains: The need for differing account policies The need to separate domain administrators

11 Trusts Default two-way, transitive trusts Shortcut trusts
Forest trusts Realm trusts External trusts (Windows NT)

12 Organizational Units Organizational units permit:
Application of group policy Delegation of sub administration

13 Designing Organizational Units
Common uses of organizational units: Geographical location Department

14 Domain & Forest Functional Levels
Windows 2000 mixed mode Windows 2000 native Windows Server 2003 interim Windows Server 2003

15 Upgrading Windows NT Domains
In-place upgrade Domain consolidation

16 Ch 6 – AD Physical Design

17 Ch 6 – AD Physical Design Understanding & Managing Replication
Sites & Subnets Site Links Locating Domain Controllers Site Link Bridges Locating Global Catalog Servers

18 Managing Replication By default, all domain controllers: Problems:
Are members of the same site Replicate with all other DC’s in a ring Problems: DC’s determine replication randomly DC’s replicate frequently By default, replication traffic is not compressed. Solution: Create sites to define replication boundaries

19 Sites & Subnets Sites defined:
A collection of one or more well-connected subnets Sites direct clients’ access to resources: Global catalog servers DFS servers Domain Controllers Default-First-Site-Name site Domain controllers are placed in here by default

20 Site Links Site links define replication paths between subnets
Site links define a replication schedule and method

21 Site Link Bridges By default, all site links are bridged. This permits replication to occur between all sites In non-fully routed environments, site link bridges define which sites can communicate with each other

22 Locating Domain Controllers
Every domain should have at least two domain controllers Large sites should have two or more DC’s Small sites should have one DC

23 Locating Global Catalog Servers
Every domain MUST have one global catalog server Global catalog and Infrastructure master role should be on separate domain controllers Every site that processes logons must have one global catalog server To circumvent this requirement: Run domain in “Windows Server 2003” mode Enable Universal group caching – site object In organizations with one domain, place a global catalog on every domain controller

24 Review Ch 5 – AD Logical Design Ch 6 – AD Physical Design

Download ppt "Active Directory Implementation Class 4"

Similar presentations

Microsoft Active Directory

Microsoft Active Directory
Lecture 8 Active Directory Structure. Domains Domains group network objects and OUs into a unit with a security boundary. By default, security policies.

Lecture 8 Active Directory Structure. Domains Domains group network objects and OUs into a unit with a security boundary. By default, security policies.
Windows Server 2003 AD 安裝設定與管理維護 林寶森

Windows Server 2003 AD 安裝設定與管理維護 林寶森
70-294: MCSE Guide to Microsoft Windows Server 2003 Active Directory, Enhanced Chapter 1: Introduction to Active Directory.

70-294: MCSE Guide to Microsoft Windows Server 2003 Active Directory, Enhanced Chapter 1: Introduction to Active Directory.
70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure Chapter 2: Developing the Active Directory.

70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure Chapter 2: Developing the Active Directory.
Chapter 6 Introducing Active Directory

Chapter 6 Introducing Active Directory
Chapter 4 Chapter 4: Planning the Active Directory and Security.

Chapter 4 Chapter 4: Planning the Active Directory and Security.
Introduction to Active Directory

Introduction to Active Directory
6.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

6.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
3.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.

3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.
1.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

1.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
Hands-On Microsoft Windows Server 2003 Administration Chapter 1 Windows Server 2003 Network Administration.

Hands-On Microsoft Windows Server 2003 Administration Chapter 1 Windows Server 2003 Network Administration.
By Rashid Khan Lesson 4-Preparing to Serve: Understanding Microsoft Networking.

By Rashid Khan Lesson 4-Preparing to Serve: Understanding Microsoft Networking.
Chapter 4 Introduction to Active Directory and Account Management

Chapter 4 Introduction to Active Directory and Account Management
3.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.

3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.
Understanding Active Directory

Understanding Active Directory
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.
Module 1: Introduction to Active Directory

Module 1: Introduction to Active Directory
Hands-On Microsoft Windows Server 2008

Hands-On Microsoft Windows Server 2008

Similar presentations

Ads by Google