Presentation is loading. Please wait.

Presentation is loading. Please wait.

Designing Active Directory Child Domain Sainath K.E.V Directory Services MVP 5/Aug/2015.

Published byRoxanne Barrett Modified over 8 years ago

Similar presentations

Presentation on theme: "Designing Active Directory Child Domain Sainath K.E.V Directory Services MVP 5/Aug/2015."— Presentation transcript:

1 Designing Active Directory Child Domain Sainath K.E.V Directory Services MVP 5/Aug/2015

2 Overview The scope of the work for Active Directory has been confined to installing and configuring a Child domain for an existing AD Forest. The Child domain will be used for testing internal applications before Go-Live. The solution will be built on supported operating system which is compatible with implemented Active Directory forest which is Windows Server 2012 R2. Contoso Corp does not use test domain for validating and testing their home grown applications. There are three major options 1.Create a child domain within existing Active Directory forest 2.Create a separate Active Directory Forest 3.Create a separate Active Directory Forest in Microsoft Cloud –Azure (Recommended) The design recommends Option 2 or Option 3 for as this provides an isolated environment for testing applications which will allow Directory aware applications to create custom attributes or schema extensions. Option 3 is a cloud solution managed by Microsoft and allows the solution to be hosted on Azure.

3 Design Scope In Scope 1.Create on premise dedicated Active Directory Forest a)Domain Controller planning b)Client affinity c)Sites and Services, Replication configuration d)Group Policy, Delegation and Account administration e)Application integration, Schema extensions f)Backup and Restore, Name resolution configuration. 2. Create on premise Active Directory Child domain a)Domain Controller planning b)Client affinity c)Sites and Services, Replication configuration d)Group Policy, Delegation and Account administration e)Application integration, Schema extensions f)Backup and Restore, Name resolution configuration.

4 Design Scope 3. Create Active Directory Child domain on Azure Setting up Azure Subscriptions Design and implementation of Azure Network Design and implementation of Azure Storage Design and implementation of Azure Security Configuring Azure Management Server Management High available and Disaster recovery Domain Controller planning Client affinity Sites and Services, Replication configuration Group Policy, Delegation and Account administration Application integration, Schema extensions Backup and Restore, Name resolution configuration. Out of Scope Storage configuration Network configuration Backups and AV configuration Server build and SOE Security and Firewall configuration

5 Background and Current State

6 Current State Current Active Directory infrastructure supports 4,000 users in the Hub / Datacentre site Four Domain Controllers running with Windows Server 2012 R2. Domain Functional Level and Forest Functional Level are set to Windows Server 2008 R2. There are 3 spoke sites connecting to Hub / Datacentre site with single Read Write domain controller at each site. Development, Test and Production directory aware applications use Production Active Directory for testing activities. All the Domain Controllers are configured as Virtual machines, staged on Hyper-V environment. FSMO roles are spread across 4 Domain Controllers Limitations: No dedicated test environment for Development and Testing(UAT) environments. Active Directory schema extensions required for testing are performed on production AD. Current configuration is not scaled to support different workloads and customizations. Ite m ServiceServerRolesOperating System No of Servers LocationMemoryTotal Memory 1Active Directory Domain Controller RW DCClient authentica tion and FSMO role holder Windows Server 2012 R2 4Hub Site8 GB32 GB

7 Child Domain Creation Solution

8 Child Domain Creation Solution 1 The following AD solution is based on extending existing AD Forest by creating additional Child Domain for performing Application Testing, this solution involves Infrastructure assessment and planning for placing Child Domain Domain Controller capacity planning Requires new virtual servers running Windows Server 2012 R2 for creating RW DC Active Directory OU structure and delegation Site and Subnets, AD Replication design Group Policy design and implementation Backup and Antivirus Application integration with Child Domain which involves changing hardcoded AD names in the applications Active Directory Trusts configuration Dependencies and Risks This solution operates under single security boundary which might introduce additional level of complexity when there is a need for schema changes Schema changes during testing will introduce additional level of complexities. Clean up of testing changes will not be seamless SLA for managing AD Solution should be aligned to existing standards which might impose additional risk when performing testing. Dedicated hardware required to stage the solution

9 Child Domain Creation Solution 2 The following AD solution is based on creating separate AD Forest for performing Application Testing, this solution involves Infrastructure assessment and planning for placing new AD forest Forest and Domain Planning Domain Controller capacity planning Requires new virtual servers running Windows Server 2012 R2 for creating RW DC Active Directory OU structure and delegation Site and Subnets, AD Replication design Group Policy design and implementation Backup and Antivirus Application integration with new AD Forest which involves changing hardcoded AD names in the applications Active Directory Trusts configuration High level integration testing of Domain Controllers and Application Advantages: Dedicated AD Forest for testing Applications Make changes to AD forest without production impact Dependencies and Risks Will increase Operational cost as it involves separate AD to be managed Dedicated hardware required to stage the solution

10 Child Domain Creation Solution 3 (Recommended) The following AD solution is based on creating separate AD Forest in Microsoft Azure for performing Application testing, this solution involves Configuring Azure Subscriptions Azure Network security which involves Vnets/Network zones, Subnets, IP Address Allocation, NSGs, Firewall Rules, EndPoint configuration, VPN and Routing configurations. Azure Storage, Portal and Runbook configuration Infrastructure assessment and planning for placing new AD forest Forest and Domain Planning Domain Controller capacity planning Requires new virtual servers running Windows Server 2012 R2 for creating RW DC Active Directory OU structure and delegation Site and Subnets, AD Replication design Group Policy design and implementation Backup and Antivirus Application integration with new AD Forest which involves changing hardcoded AD names in the applications Active Directory Trusts configuration High level integration testing of Domain Controllers and Application Advantages: Dedicated AD Forest for testing Applications Make changes to AD forest without production impact Solution is managed by Microsoft which might reduce Operational and Maintenance cost.

Download ppt "Designing Active Directory Child Domain Sainath K.E.V Directory Services MVP 5/Aug/2015."

Similar presentations

Active Directory: Beyond The Basics

Active Directory: Beyond The Basics
Internet Information Services 7.0 and Internet Information Services 7.5 Infrastructure Planning and Design Published: June 2008 Updated: November 2011.

Internet Information Services 7.0 and Internet Information Services 7.5 Infrastructure Planning and Design Published: June 2008 Updated: November 2011.
Windows Server ® 2008 and Windows Server ® 2008 R2 Active Directory ® Domain Services Infrastructure Planning and Design Published: February 2008 Updated:

Windows Server ® 2008 and Windows Server ® 2008 R2 Active Directory ® Domain Services Infrastructure Planning and Design Published: February 2008 Updated:
IP ADDRESS MANAGEMENT [IPAM]

IP ADDRESS MANAGEMENT [IPAM]
Module 14: Implementing an Active Directory Infrastructure.

Module 14: Implementing an Active Directory Infrastructure.
Module 1: Demystifying Software Defined Networking Module 2: Realizing SDN - Microsoft’s Software Defined Networking Solutions with Windows Server 2012.

Module 1: Demystifying Software Defined Networking Module 2: Realizing SDN - Microsoft’s Software Defined Networking Solutions with Windows Server 2012.
“It’s going to take a month to get a proof of concept going.” “I know VMM, but don’t know how it works with SPF and the Portal” “I know Azure, but.

“It’s going to take a month to get a proof of concept going.” “I know VMM, but don’t know how it works with SPF and the Portal” “I know Azure, but.
Microsoft IT Academy Server Server 2008 courses 6424 and cr 31

Microsoft IT Academy Server Server 2008 courses 6424 and cr 31
Module 3 Windows Server 2008 Branch Office Scenario.

Module 3 Windows Server 2008 Branch Office Scenario.
70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure Chapter 2: Developing the Active Directory.

70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure Chapter 2: Developing the Active Directory.
3.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.

3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
3.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.

3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.
6 Hypervisor Management OS Guest VM 1 Guest VM n Hardware User Mode Kernel Mode User Mode … Kernel Mode User Mode.

6 Hypervisor Management OS Guest VM 1 Guest VM n Hardware User Mode Kernel Mode User Mode … Kernel Mode User Mode.
Understanding Active Directory

Understanding Active Directory
Active Directory Implementation Class 4

Active Directory Implementation Class 4
Migrating Applications to Windows Azure Virtual Machines Michael Washam Senior Technical Evangelist Microsoft Corporation.

Migrating Applications to Windows Azure Virtual Machines Michael Washam Senior Technical Evangelist Microsoft Corporation.
Windows Azure Networking & Active Directory Nasir (Muhammad Nasiruddin) Developer Evangelist - Azure Microsoft Corporation

Windows Azure Networking & Active Directory Nasir (Muhammad Nasiruddin) Developer Evangelist - Azure Microsoft Corporation
LB VIP:Input Endpoint Internal Endpoint foo.cloudapp.net  VIP.

LB VIP:Input Endpoint Internal Endpoint foo.cloudapp.net  VIP.
11 REVIEWING MICROSOFT ACTIVE DIRECTORY CONCEPTS Chapter 1.

11 REVIEWING MICROSOFT ACTIVE DIRECTORY CONCEPTS Chapter 1.

Similar presentations

Ads by Google