Active Directory Boundaries - Purpose Replication Boundaries Security Boundaries

Active Directory Boundaries - Types Geographic vs Organizational Contiguous vs Discontigous namespace i.e. oldcompany1.newcompany.com and oldcompany2.newcompany.com are 2 contiguous namespaces

Prestaging forestprep and domainprep Removal

Removing Domains or Trees ADMT pruning/grafting ADMTv3.1

Functional Levels Viewing Raising Interoperability UPN – User Principal Name

Simplifying Logon Each user Has a unique down-level logon name Can have multiple friendly UPN's

Trust Basics Trusts allow communication between the boundaries of domains and forests 1 way Trust 2 way Trust

Transitive Trusts Extend permissions across multiple domains Automatically created as new domain joins a tree or new child is created

Forest Trusts Forest wide Selective authentication

External Trusts Non-Transitive NT4.0 or Kerebos compatible

Shortcut Trust Transitive Speeds up authentication and authorization

Identity Security Identification (SID) filtering

Create Sites Balance service delivered to all locations. Inventory the number of users at each site Inventory the types of WAN links

Create AD Subnets Associate subnets with the site location that has the closest DC

Configure Site Links Site Links = WAN links Star vs Mesh

Associating Link Costs Cost = Speed/Availability of WAN

Configure Infrastructure Manually link Operational Masters with their backup servers

Global Catalog Servers Deploy Global Catalog servers at each site when possible

Replication Each domain can have its own replication topology and schedule Different events have different priorities to trigger replication

DFS DFS – Distributed File System Method for synchronizing shared folders

DFS DFS – Distributed File System Method for synchronizing shared folders Conflict and Deleted folder Good for application distribution or other read-only data

Replication - Automatic Knowledge Consistency Checker (KCC) Bridgehead Server Intersite Topology Generator

Replication - Automatic Knowledge Consistency Checker (KCC) Bridgehead Server Intersite Topology Generator Scheduling IP and SMTP protocols

Replication - Manual Designate a specific bridgehead server Make a one way replication partnership Manually force replication after making changes to AD

Global Catalog Server DC that contains information about other Domains

Promotion Use the AD snap-in Sites and Services Partial Attribute Set

Alternate Methods UGMC – Universal Group Membership Caching

Domain Operations Masters PDC emulator Relative ID (RID) Infrastructure

Forest Operations Masters Schema Master Domain Naming

Operations Master Seize vs Transfer Backup Placement

Schema Master Schema can be extended with various tools Placement should be on a Global Catalog Time Service is important for successful upgrades