IPD - Active Directory Domain Services Version 2.0

8/7/2019 IPD - Active Directory Domain Services Version 2.0

1/31

Windows Server

2008Active Directory Domain Services

Infrastructure Planning and Design Series

Published: February 2008

Updated: July 2009


2/31

What Is IPD?

Guidance that aims to clarify and streamline the planning and

design process for Microsoftinfrastructure technologies

IPD:

Defines decision flow

Describes decisions to be made

Relates decisions and options for the business

Frames additional questions for business understanding

IPD Guides are available at www.microsoft.com/ipd

Page 2 |


3/31

ACTIVE

DIRE

CTORY

DOMAIN

SERVI

CE

S

Getting Started

Page 3 |


4/31

Purpose and Agenda

Purpose

To provide design guidance for Windows Server 2008Active Directory

AgendaDetermine process for Active Directory designAssist designers in the decision-making process

Provide design assistance based on best practices andreal-world experience

Page 4 |


5/31

Active Directory in Microsoft Infrastructure

Optimization

Page 5 |


6/31

Page 6 |

Decision Flow Diagram


7/31

Tips for the Planning Process

Considerations at each design phase

Complexity

Cost

Fault tolerance

Performance

Scalability

Security

Page 7 |


8/31

Decision Flow Start Path:

Determine Domain and Forest Components

Page 8 |


9/31

How Many Forests?

Option 1: Single forest

Option 2: Multiple forests

Multiple Forest Drivers

Multiple schemas

Resource forests

Forest administrator distrust

Legal regulations for application or data access

Page 9 |

Determine the Number of Forests

1 2 3 4


10/31

Determine the Number of Domains

Page 10 |

How Many Domains?

Option 1: Single domain

Option 2: Multiple domains

Multiple Domain Drivers

Large number of frequently changing attributes

Reduce replication traffic

Control replication traffic over slow links

Preserve legacy Active Directory

1 2 3 4


11/31

Assign Domain Names

Task 1: Assign the NetBIOS Name

Maximum effective length of 15 characters

Use a NetBIOS name that is unique across corporations

Task 2: Assign DNS Name

DNS name consists of host name and network name

Ensure uniqueness by not duplicating existing registered

Internet domain names

Register all top-level domain names with Internic

Name should not represent business unit or division

Page 11 |

1 2 3 4


12/31

Select the Forest Root Domain

Establish Forest Root Domain Structure:

Option 1: Use a planned domain

Option 2: Dedicated forest root domain

Additional Considerations:

Determine time synch strategy

Consider cost of final structure

Consider complexity of final structure

Page 12 |

1 2 3 4


13/31

Decision Flow Path A:

Determine Organizational Unit (OU) Structure

Page 13 |


14/31

Design the OU Structure

Choose an OU Design:

Task 1: Design OU configuration for delegation of

administration

Task 2: Design OU configuration for group policy application

Page 14 |

1


15/31

Decision Flow Path B:

Determine Domain Controller Placement andOperations Master Role Placement

Page 15 |


16/31

Determine Domain Controller

PlacementPlacement of the Domain Controllers:

Task 1: Hub locations

Task 2: Satellite locations

Page 16 |

1 2 3 4


17/31

Determine the Number of Domain

Controllers

Page 17 |

Number of Domain Controllers Needed and Their Type:

Task 1: Determine number of domain controllers

Task 2: Determine type of domain controllers placed in

location

1 2 3 4


18/31

Determine Global Catalog Placement

Page 18 |

Global Catalog Locations and Number Needed:

Task 1: Determine global catalog locations and counts

1 2 3 4


19/31

Determine Global Catalog Placement

Considerations:

Locate near applications that rely on global catalog

Number of users at the location greater than 100

WAN link availability

Roaming users at location

Use of universal group caching

How many global catalog servers?

Page 19 |

1 2 3 4


20/31

Determine Operations Master Role

PlacementDomain Roles

Primary domain controller (PDC) emulator operations master

Relative ID (RID) operations master

Infrastructure operations master

Forest Roles

Schema operations master

Domain naming operations master

Page 20 |

1 2 3 4


21/31

Determine Operations Master Role

PlacementOperations Master Role Placement:

Task 1: FSMO placement

Page 21 |

1 2 3 4


22/31


23/31

Create the Site Design

Creating the Site Design:

Task 1: Create a site for the location

Task 2: Associate location to nearest defined site

Page 23 |

1 2 3


24/31

Create a Site Link Design

Creating the Site Link Design:

Task 1: Determine the site link design

Page 24 |

1 2 3


25/31

Create the Site Link Bridge Design

Creating the site link bridge design:

Option 1: Default behavior

Option 2: Custom site link bridge

Page 25 |

1 2 3


26/31

Decision Flow Path D:

Determine Domain Controller Configuration

Page 26 |


27/31

Determine Domain Controller

ConfigurationPlan Domain Controller Configuration:

Task 1: Identify minimum disk space requirements for each

domain controller

Task 2: Identify memory requirements for each domain

controller

Task 3: Determine CPU requirements

Task 4: Identify network requirements for each domain

controller

Page 27 |

1


28/31

Active Directory Dependencies

Direct Dependencies

Domain Name Service (DNS)

Lightweight Directory Access Protocol (LDAP)

Indirect Dependencies

Windows Internet Naming Services (WINS)

Page 28 |


29/31

Whats Next? Discuss, Rinse, Repeat

Implement your design

Test and refine design along the way

Provide feedback on the doc to [email protected]

Page 29 |


30/31

Summary and Conclusion

Organizations should base the design of their ActiveDirectory infrastructure on business and technicalrequirements

Considerations should include:

The scope of the network and environment

Technical requirements and considerations

Additional business requirements

Designing an Active Directory infrastructure to meet these

requirements

Validating the overall approach

Page 30 |


31/31

Find More Information

Microsoft Solution Accelerators

microsoft.com/technet/SolutionAccelerators

[email protected]

Download the Full Document

http://go.microsoft.com/fwlink/?LinkId=100915

Online Resources

Creating a Forest Design: provides information on the details and needs for a forest design

Creating a Domain Design: provides information on the details and needs for a domain design

Namespace planning for DNS: provides information on the best practices and techniques forDNS names

Configuration of the time service within Active Directory will help with syntax and designrequirement for setting up the time for the Active Directory enterprise

Best Practice Active Directory Design for ManagingWindows NetworksWindows Server 2003 Deployment Guide: provides invaluable information for deploying andconfiguration servers for Active Directory

FSMO placement and optimization on Active Directory domain controllers

Best Practices for Active Directory Design and Deployment

Designing and Deploying Directory and Security Services

Page 31 |

Documents

IPD - Active Directory Domain Services Version 2.0