Designing Active Directory Child Domain Sainath K.E.V Directory Services MVP 5/Aug/2015.

Slides:



Advertisements
Similar presentations
Active Directory: Beyond The Basics
Advertisements

Internet Information Services 7.0 and Internet Information Services 7.5 Infrastructure Planning and Design Published: June 2008 Updated: November 2011.
Windows Server ® 2008 and Windows Server ® 2008 R2 Active Directory ® Domain Services Infrastructure Planning and Design Published: February 2008 Updated:
IP ADDRESS MANAGEMENT [IPAM]
Module 14: Implementing an Active Directory Infrastructure.
Module 1: Demystifying Software Defined Networking Module 2: Realizing SDN - Microsoft’s Software Defined Networking Solutions with Windows Server 2012.
“It’s going to take a month to get a proof of concept going.” “I know VMM, but don’t know how it works with SPF and the Portal” “I know Azure, but.
Microsoft IT Academy Server Server 2008 courses 6424 and cr 31
Module 3 Windows Server 2008 Branch Office Scenario.
70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure Chapter 2: Developing the Active Directory.
3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.
6 Hypervisor Management OS Guest VM 1 Guest VM n Hardware User Mode Kernel Mode User Mode … Kernel Mode User Mode.
Understanding Active Directory
Active Directory Implementation Class 4
Migrating Applications to Windows Azure Virtual Machines Michael Washam Senior Technical Evangelist Microsoft Corporation.
Windows Azure Networking & Active Directory Nasir (Muhammad Nasiruddin) Developer Evangelist - Azure Microsoft Corporation
LB VIP:Input Endpoint Internal Endpoint foo.cloudapp.net  VIP.
11 REVIEWING MICROSOFT ACTIVE DIRECTORY CONCEPTS Chapter 1.
Advanced Deployment and Administration of AD DS
SharePoint Farm On Azure IAAS Prepared By : Prakhar Rastogi Premier Field engineer Microsoft India.
MCTS Guide to Configuring Microsoft Windows Server 2008 Active Directory Chapter 3: Introducing Active Directory.
Partner Practice Enablement - Overview This session will focus on integration strategies for applications deployed using Microsoft Azure Websites and Microsoft.
Module 12: Designing High Availability in Windows Server ® 2008.
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
CustomerSegment and workloads Your Datacenter Active Directory SharePoint SQL Server.
Appendix B Planning a Virtualization Strategy for Exchange Server 2010.
System Center 2012 Certification and Training May 2012.
A detailed look at the Microsoft Windows Infrastructure at UWE including Active Directory (AD), MIIS, Exchange, SMS, IIS, SQL Server, Terminal Services.
Windows Azure Conference 2014 Lessons Learned From Large Scale Migrations to Windows Azure IaaS.
Module 2 Designing Microsoft® Exchange Server 2010 Integration with the Current Infrastructure.
70-294: MCSE Guide to Microsoft Windows Server 2003 Active Directory, Enhanced Chapter 5: Active Directory Logical Design.
MDC417 Follow me on Working as Practice Manager for Insight, he is a subject matter expert in cloud, virtualization and management.
Module 11: Implementing ISA Server 2004 Enterprise Edition.
Website s Azure Websites is an enterprise class cloud solution for developing, testing and running web apps. Azure Websites allows you to focus on what.
Windows Azure Migrating Applications and Workloads Speaker Title Organization.
Alessandro Cardoso Microsoft MVP | Readify National Manager |
Hands-On Microsoft Windows Server 2008 Chapter 4-Part 1 Introduction to Active Directory and Account Manager.
Module 1 Introduction to Designing a Microsoft® Exchange Server 2010 Deployment.
Active Directory Infrastructure Microsoft Windows 2003 Active Directory Infrastructure MCSE Exam
System Center Lesson 4: Overview of System Center 2012 Components System Center 2012 Private Cloud Components VMM Overview App Controller Overview.
20409A 7: Installing and Configuring System Center 2012 R2 Virtual Machine Manager Module 7 Installing and Configuring System Center 2012 R2 Virtual.
Introduction to Active Directory
Configuring, Managing and Maintaining Windows Server® 2008 Servers Course 6419A.
MICROSOFT TESTS /291/293 Fairfax County Adult Education Courses 1477/1478/1479.
Complete VM Mobility Across the Datacenter Server Virtualization Hyper-V 2012 Live Migrate VM and Storage to Clusters Live Migrate VM and Storage Between.
Module 8: Planning for Windows Server 2008 Active Directory Services.
Labs. Session 1 Lab 1: Designing an Active Directory Forest Infrastructure in Windows Server 2008 Exercise 1: Designing an Active Directory Forest Exercise.
7.1 © 2004 Pearson Education, Inc. Exam Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 7: Planning.
Marin Franković MVP: SCCDM Algebra visoko učilište What’s new in Azure for IT Pro.
Deploying Highly Available SQL Server in Windows Azure A Presentation and Demonstration by Microsoft Cluster MVP David Bermingham.
Active Directory Domain Services (AD DS). Identity and Access (IDA) – An IDA infrastructure should: Store information about users, groups, computers and.
Copyright © New Signature Who we are: Focused on consistently delivering great customer experiences. What we do: We help you transform your business.
Microsoft Exam
Implementing Active Directory Domain Services
ConfigMgr and Azure – A Compelling Partnership – Part II
(ITI310) SESSIONS 6-7-8: Active Directory.
MCSA VCE
SharePoint disaster recovery as a service
[Company Name] Veeam Offerings
Design and Implement Cloud Data Platform Solutions
Acutelearn Azure Administration Training in Hyderabad Classroom Training Instructor led trainings at Acutelearn premises Corporate Training Custom tailored.
NTC 324 RANK Education for Service-- ntc324rank.com.
Dev Test on Windows Azure Solution in a Box
20409A 7: Installing and Configuring System Center 2012 R2 Virtual Machine Manager Module 7 Installing and Configuring System Center 2012 R2 Virtual.
Microsoft Virtual Academy
In the Cloud, Inspection Checklists and Auditing Can Be Managed with a Smartphone or Tablet MINI-CASE STUDY “We needed the ability to be able to host our.
Productive + Hybrid + Intelligent + Trusted
06 | SQL Server and the Cloud
Presentation transcript:

Designing Active Directory Child Domain Sainath K.E.V Directory Services MVP 5/Aug/2015

Overview The scope of the work for Active Directory has been confined to installing and configuring a Child domain for an existing AD Forest. The Child domain will be used for testing internal applications before Go-Live. The solution will be built on supported operating system which is compatible with implemented Active Directory forest which is Windows Server 2012 R2. Contoso Corp does not use test domain for validating and testing their home grown applications. There are three major options 1.Create a child domain within existing Active Directory forest 2.Create a separate Active Directory Forest 3.Create a separate Active Directory Forest in Microsoft Cloud –Azure (Recommended) The design recommends Option 2 or Option 3 for as this provides an isolated environment for testing applications which will allow Directory aware applications to create custom attributes or schema extensions. Option 3 is a cloud solution managed by Microsoft and allows the solution to be hosted on Azure.

Design Scope In Scope 1.Create on premise dedicated Active Directory Forest a)Domain Controller planning b)Client affinity c)Sites and Services, Replication configuration d)Group Policy, Delegation and Account administration e)Application integration, Schema extensions f)Backup and Restore, Name resolution configuration. 2. Create on premise Active Directory Child domain a)Domain Controller planning b)Client affinity c)Sites and Services, Replication configuration d)Group Policy, Delegation and Account administration e)Application integration, Schema extensions f)Backup and Restore, Name resolution configuration.

Design Scope 3. Create Active Directory Child domain on Azure Setting up Azure Subscriptions Design and implementation of Azure Network Design and implementation of Azure Storage Design and implementation of Azure Security Configuring Azure Management Server Management High available and Disaster recovery Domain Controller planning Client affinity Sites and Services, Replication configuration Group Policy, Delegation and Account administration Application integration, Schema extensions Backup and Restore, Name resolution configuration. Out of Scope Storage configuration Network configuration Backups and AV configuration Server build and SOE Security and Firewall configuration

Background and Current State

Current State Current Active Directory infrastructure supports 4,000 users in the Hub / Datacentre site Four Domain Controllers running with Windows Server 2012 R2. Domain Functional Level and Forest Functional Level are set to Windows Server 2008 R2. There are 3 spoke sites connecting to Hub / Datacentre site with single Read Write domain controller at each site. Development, Test and Production directory aware applications use Production Active Directory for testing activities. All the Domain Controllers are configured as Virtual machines, staged on Hyper-V environment. FSMO roles are spread across 4 Domain Controllers Limitations: No dedicated test environment for Development and Testing(UAT) environments. Active Directory schema extensions required for testing are performed on production AD. Current configuration is not scaled to support different workloads and customizations. Ite m ServiceServerRolesOperating System No of Servers LocationMemoryTotal Memory 1Active Directory Domain Controller RW DCClient authentica tion and FSMO role holder Windows Server 2012 R2 4Hub Site8 GB32 GB

Child Domain Creation Solution

Child Domain Creation Solution 1 The following AD solution is based on extending existing AD Forest by creating additional Child Domain for performing Application Testing, this solution involves Infrastructure assessment and planning for placing Child Domain Domain Controller capacity planning Requires new virtual servers running Windows Server 2012 R2 for creating RW DC Active Directory OU structure and delegation Site and Subnets, AD Replication design Group Policy design and implementation Backup and Antivirus Application integration with Child Domain which involves changing hardcoded AD names in the applications Active Directory Trusts configuration Dependencies and Risks This solution operates under single security boundary which might introduce additional level of complexity when there is a need for schema changes Schema changes during testing will introduce additional level of complexities. Clean up of testing changes will not be seamless SLA for managing AD Solution should be aligned to existing standards which might impose additional risk when performing testing. Dedicated hardware required to stage the solution

Child Domain Creation Solution 2 The following AD solution is based on creating separate AD Forest for performing Application Testing, this solution involves Infrastructure assessment and planning for placing new AD forest Forest and Domain Planning Domain Controller capacity planning Requires new virtual servers running Windows Server 2012 R2 for creating RW DC Active Directory OU structure and delegation Site and Subnets, AD Replication design Group Policy design and implementation Backup and Antivirus Application integration with new AD Forest which involves changing hardcoded AD names in the applications Active Directory Trusts configuration High level integration testing of Domain Controllers and Application Advantages: Dedicated AD Forest for testing Applications Make changes to AD forest without production impact Dependencies and Risks Will increase Operational cost as it involves separate AD to be managed Dedicated hardware required to stage the solution

Child Domain Creation Solution 3 (Recommended) The following AD solution is based on creating separate AD Forest in Microsoft Azure for performing Application testing, this solution involves Configuring Azure Subscriptions Azure Network security which involves Vnets/Network zones, Subnets, IP Address Allocation, NSGs, Firewall Rules, EndPoint configuration, VPN and Routing configurations. Azure Storage, Portal and Runbook configuration Infrastructure assessment and planning for placing new AD forest Forest and Domain Planning Domain Controller capacity planning Requires new virtual servers running Windows Server 2012 R2 for creating RW DC Active Directory OU structure and delegation Site and Subnets, AD Replication design Group Policy design and implementation Backup and Antivirus Application integration with new AD Forest which involves changing hardcoded AD names in the applications Active Directory Trusts configuration High level integration testing of Domain Controllers and Application Advantages: Dedicated AD Forest for testing Applications Make changes to AD forest without production impact Solution is managed by Microsoft which might reduce Operational and Maintenance cost.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.