ipd - active directory domain services version 2.2
TRANSCRIPT
![Page 1: IPD - Active Directory Domain Services Version 2.2](https://reader033.vdocument.in/reader033/viewer/2022050817/55721380497959fc0b926d3b/html5/thumbnails/1.jpg)
Windows Server® 2008 and Windows Server 2008 R2 Active Directory® Domain Services
Infrastructure Planning and Design
Published: February 2008Updated: November 2011
![Page 2: IPD - Active Directory Domain Services Version 2.2](https://reader033.vdocument.in/reader033/viewer/2022050817/55721380497959fc0b926d3b/html5/thumbnails/2.jpg)
What Is IPD?Guidance that clarifies and streamlines the planning and design process for Microsoft® infrastructure technologies
IPD:• Defines decision flow
• Describes decisions to be made
• Relates decisions and options for the business
• Frames additional questions for business understanding
IPD guides are available at www.microsoft.com/ipd
![Page 3: IPD - Active Directory Domain Services Version 2.2](https://reader033.vdocument.in/reader033/viewer/2022050817/55721380497959fc0b926d3b/html5/thumbnails/3.jpg)
Getting Started
Active Directory Domain Services
![Page 4: IPD - Active Directory Domain Services Version 2.2](https://reader033.vdocument.in/reader033/viewer/2022050817/55721380497959fc0b926d3b/html5/thumbnails/4.jpg)
Purpose and Overview
Purpose• To provide design guidance for Windows Server
2008 Active Directory Domain Services (AD DS)
Overview• Determine process for AD DS design
• Assist designers in the decision-making process
• Provide design assistance based on best practices and real-world experience
![Page 5: IPD - Active Directory Domain Services Version 2.2](https://reader033.vdocument.in/reader033/viewer/2022050817/55721380497959fc0b926d3b/html5/thumbnails/5.jpg)
Active Directory Domain Services Decision Flow
SCM ITAMAP
w/ CAL Tracker
Sta
rtStep 1:
Determine the Number of
Forests
Step 2:Determine the
Number of Domains
Step 3:Assign Domain
Names
Step 4: Select the
Forest Root Domain
A & B, in either order
or in parallel
AStep A1:
Design the OU Structure
Are A & B Complete?
C & D, in either order
or in parallel
B
Step B1:Determine
Domain Controller Placement
Step B2:Determine Number of
Domain Controllers
Step B3:Determine
Global Catalog Placement
Step B4: Determine Operations Master Role Placement
Complete A or B
Yes
No
CStep C1:
Create the Site Design
Step C2:Create the Site
Link Design
Step C3:Create the Site
Link Bridge Design
Are C & D Complete?
Fin
ished
Yes
D
Step D1:Determine
Domain Controller
Configuration
Complete C or D
No
![Page 6: IPD - Active Directory Domain Services Version 2.2](https://reader033.vdocument.in/reader033/viewer/2022050817/55721380497959fc0b926d3b/html5/thumbnails/6.jpg)
Decision Flow Start Path: Determine Domain and Forest Components
Sta
rt
Step 1:Determine the
Number of Forests
Step 2:Determine the
Number of Domains
Step 3:Assign Domain
Names
Step 4: Select the
Forest Root Domain
A & B, in either order
or in parallel
![Page 7: IPD - Active Directory Domain Services Version 2.2](https://reader033.vdocument.in/reader033/viewer/2022050817/55721380497959fc0b926d3b/html5/thumbnails/7.jpg)
Determine the Number of Forests
• How Many Forests?• Option 1: Single forest
• Option 2: Multiple forests
• Multiple Forest Drivers• Multiple schemas
• Resource forests
• Forest administrator distrust
• Legal regulations for application or data access
![Page 8: IPD - Active Directory Domain Services Version 2.2](https://reader033.vdocument.in/reader033/viewer/2022050817/55721380497959fc0b926d3b/html5/thumbnails/8.jpg)
Determine the Number of Domains
• How Many Domains?• Option 1: Single domain
• Option 2: Multiple domains
• Multiple Domain Drivers• Large number of frequently changing attributes
• Reduce replication traffic
• Control replication traffic over slow links
• Preserve legacy Active Directory
![Page 9: IPD - Active Directory Domain Services Version 2.2](https://reader033.vdocument.in/reader033/viewer/2022050817/55721380497959fc0b926d3b/html5/thumbnails/9.jpg)
Assign Domain Names
• Task 1: Assign the NetBIOS Name• Maximum effective length of 15 characters
• Use a NetBIOS name that is unique across corporations
• Task 2: Assign DNS Name• DNS name consists of host name and network name
• Ensure uniqueness by not duplicating existing registered Internet domain names
• Register all top-level domain names with InterNIC
• Name should not represent business unit or division
![Page 10: IPD - Active Directory Domain Services Version 2.2](https://reader033.vdocument.in/reader033/viewer/2022050817/55721380497959fc0b926d3b/html5/thumbnails/10.jpg)
Select the Forest Root Domain
• Establish Forest Root Domain Structure• Option 1: Use a planned domain
• Option 2: Dedicated forest root domain
• Additional Considerations• Determine time synch strategy
• Consider cost of final structure
• Consider complexity of final structure
![Page 11: IPD - Active Directory Domain Services Version 2.2](https://reader033.vdocument.in/reader033/viewer/2022050817/55721380497959fc0b926d3b/html5/thumbnails/11.jpg)
Decision Flow Path A: Determine Organizational Unit (OU) Structure
![Page 12: IPD - Active Directory Domain Services Version 2.2](https://reader033.vdocument.in/reader033/viewer/2022050817/55721380497959fc0b926d3b/html5/thumbnails/12.jpg)
Design the OU Structure
• Choose an OU Design• Task 1: Design OU configuration for delegation of administration
• Task 2: Design OU configuration for group policy application
![Page 13: IPD - Active Directory Domain Services Version 2.2](https://reader033.vdocument.in/reader033/viewer/2022050817/55721380497959fc0b926d3b/html5/thumbnails/13.jpg)
Decision Flow Path B: Determine Domain Controller Placement and Operations Master Role Placement
B
Step B1:Determine
Domain Controller Placement
Step B2:Determine Number of
Domain Controllers
Step B3:Determine
Global Catalog Placement
Step B4: Determine Operations Master Role Placement
![Page 14: IPD - Active Directory Domain Services Version 2.2](https://reader033.vdocument.in/reader033/viewer/2022050817/55721380497959fc0b926d3b/html5/thumbnails/14.jpg)
Determine Domain Controller Placement
• Placement of the Domain Controllers• Task 1: Hub locations
• Task 2: Satellite locations
![Page 15: IPD - Active Directory Domain Services Version 2.2](https://reader033.vdocument.in/reader033/viewer/2022050817/55721380497959fc0b926d3b/html5/thumbnails/15.jpg)
Determine the Number of Domain Controllers
• Number of Domain Controllers Needed and Their Type• Task 1: Determine number of domain controllers
• Task 2: Determine type of domain controllers placed in location
![Page 16: IPD - Active Directory Domain Services Version 2.2](https://reader033.vdocument.in/reader033/viewer/2022050817/55721380497959fc0b926d3b/html5/thumbnails/16.jpg)
Determine Global Catalog Placement
• Global Catalog Locations and Number Needed• Task 1: Determine global catalog locations and counts
![Page 17: IPD - Active Directory Domain Services Version 2.2](https://reader033.vdocument.in/reader033/viewer/2022050817/55721380497959fc0b926d3b/html5/thumbnails/17.jpg)
Determine Global Catalog Placement
• Considerations• Locate near applications that rely on global catalog
• Number of users at the location greater than 100
• WAN link availability
• Roaming users at location
• Use of universal group caching
• How many global catalog servers?
![Page 18: IPD - Active Directory Domain Services Version 2.2](https://reader033.vdocument.in/reader033/viewer/2022050817/55721380497959fc0b926d3b/html5/thumbnails/18.jpg)
Determine Operations Master Role Placement
• Domain Roles• Primary domain controller (PDC) emulator operations master
• Relative ID (RID) operations master
• Infrastructure operations master
• Forest Roles• Schema operations master
• Domain naming operations master
![Page 19: IPD - Active Directory Domain Services Version 2.2](https://reader033.vdocument.in/reader033/viewer/2022050817/55721380497959fc0b926d3b/html5/thumbnails/19.jpg)
Determine Operations Master Role Placement
• Operations Master Role Placement
• Task 1: Operations master role placement
![Page 20: IPD - Active Directory Domain Services Version 2.2](https://reader033.vdocument.in/reader033/viewer/2022050817/55721380497959fc0b926d3b/html5/thumbnails/20.jpg)
Decision Flow Path C: Determine Site Design and Structure
CStep C1:
Create the Site Design
Step C2:Create the Site
Link Design
Step C3:Create the Site
Link Bridge Design
![Page 21: IPD - Active Directory Domain Services Version 2.2](https://reader033.vdocument.in/reader033/viewer/2022050817/55721380497959fc0b926d3b/html5/thumbnails/21.jpg)
Create the Site Design
• Creating the Site Design• Task 1: Create a site for the location
• Task 2: Associate location to nearest defined site
![Page 22: IPD - Active Directory Domain Services Version 2.2](https://reader033.vdocument.in/reader033/viewer/2022050817/55721380497959fc0b926d3b/html5/thumbnails/22.jpg)
Create a Site Link Design
• Creating the Site Link Design
• Task 1: Determine the site link design
![Page 23: IPD - Active Directory Domain Services Version 2.2](https://reader033.vdocument.in/reader033/viewer/2022050817/55721380497959fc0b926d3b/html5/thumbnails/23.jpg)
Create the Site Link Bridge Design
• Creating the Site Link Bridge Design• Option 1: Default behavior
• Option 2: Custom site link bridge
![Page 24: IPD - Active Directory Domain Services Version 2.2](https://reader033.vdocument.in/reader033/viewer/2022050817/55721380497959fc0b926d3b/html5/thumbnails/24.jpg)
Decision Flow Path D: Determine Domain Controller Configuration
D
Step D1:Determine
Domain Controller
Configuration
![Page 25: IPD - Active Directory Domain Services Version 2.2](https://reader033.vdocument.in/reader033/viewer/2022050817/55721380497959fc0b926d3b/html5/thumbnails/25.jpg)
Determine Domain Controller Configuration
• Plan Domain Controller Configuration• Task 1: Identify minimum disk space requirements for each
domain controller
• Task 2: Identify memory requirements for each domain controller
![Page 26: IPD - Active Directory Domain Services Version 2.2](https://reader033.vdocument.in/reader033/viewer/2022050817/55721380497959fc0b926d3b/html5/thumbnails/26.jpg)
Determine Domain Controller Configuration (Continued)
• Plan Domain Controller Configuration• Task 3: Determine processor requirements
• Task 4: Identify network requirements for each domain controller
![Page 27: IPD - Active Directory Domain Services Version 2.2](https://reader033.vdocument.in/reader033/viewer/2022050817/55721380497959fc0b926d3b/html5/thumbnails/27.jpg)
Active Directory Domain Services Dependencies
• Direct Dependencies• Domain Name System (DNS)
• Lightweight Directory Access Protocol (LDAP)
• Indirect Dependencies
• Windows Internet Name Service (WINS)
![Page 28: IPD - Active Directory Domain Services Version 2.2](https://reader033.vdocument.in/reader033/viewer/2022050817/55721380497959fc0b926d3b/html5/thumbnails/28.jpg)
What’s Next? – Discuss, Rinse, Repeat
• Implement your design
• Test and refine design along the way
![Page 29: IPD - Active Directory Domain Services Version 2.2](https://reader033.vdocument.in/reader033/viewer/2022050817/55721380497959fc0b926d3b/html5/thumbnails/29.jpg)
Summary and Conclusion
• Organizations should base the design of their AD DS infrastructure on business and technical requirements
• Considerations should include:• The scope of the network and environment
• Technical requirements and considerations
• Additional business requirements
• Designing an AD DS infrastructure to meet these requirements
• Validating the overall approach
• Provide feedback to [email protected]
![Page 30: IPD - Active Directory Domain Services Version 2.2](https://reader033.vdocument.in/reader033/viewer/2022050817/55721380497959fc0b926d3b/html5/thumbnails/30.jpg)
Find More Information
• Download the full document and other IPD guides:www.microsoft.com/ipd
• Contact the IPD team:[email protected]
• Access the Microsoft Solution Accelerators website:www.microsoft.com/technet/SolutionAccelerators
![Page 31: IPD - Active Directory Domain Services Version 2.2](https://reader033.vdocument.in/reader033/viewer/2022050817/55721380497959fc0b926d3b/html5/thumbnails/31.jpg)
Questions?
![Page 32: IPD - Active Directory Domain Services Version 2.2](https://reader033.vdocument.in/reader033/viewer/2022050817/55721380497959fc0b926d3b/html5/thumbnails/32.jpg)
Addenda• Benefits for Consultants or Partners
• IPD in Microsoft Operations Framework 4.0
• Active Directory Domain Services in Microsoft Infrastructure Optimization
![Page 33: IPD - Active Directory Domain Services Version 2.2](https://reader033.vdocument.in/reader033/viewer/2022050817/55721380497959fc0b926d3b/html5/thumbnails/33.jpg)
Benefits of Using the Active Directory Domain Services Guide
• Benefits for Business Stakeholders/Decision Makers• Most cost-effective design solution for implementation
• Alignment between the business and IT from the beginning of the design process to the end
• Benefits for Infrastructure Stakeholders/Decision Makers• Authoritative guidance
• Business validation questions ensuring solution meets requirements of business and infrastructure stakeholders
• High integrity design criteria that includes product limitations
• Fault-tolerant infrastructure
• Infrastructure that’s sized appropriately for business requirements
![Page 34: IPD - Active Directory Domain Services Version 2.2](https://reader033.vdocument.in/reader033/viewer/2022050817/55721380497959fc0b926d3b/html5/thumbnails/34.jpg)
Benefits of Using the Active Directory Domain Services Guide (Continued)
• Benefits for Consultants or Partners• Rapid readiness for consulting engagements
• Planning and design template to standardize design and peer reviews
• A “leave-behind” for pre- and post-sales visits to customer sites
• General classroom instruction/preparation
• Benefits for the Entire Organization• Using the guide should result in a design that will be sized, configured, and
appropriately placed to deliver a solution for achieving stated business requirements
![Page 35: IPD - Active Directory Domain Services Version 2.2](https://reader033.vdocument.in/reader033/viewer/2022050817/55721380497959fc0b926d3b/html5/thumbnails/35.jpg)
IPD in Microsoft Operations Framework 4.0
Use MOF with IPD guides to ensure that people and process considerations are addressed when changes to an organization’s IT services are being planned.
![Page 36: IPD - Active Directory Domain Services Version 2.2](https://reader033.vdocument.in/reader033/viewer/2022050817/55721380497959fc0b926d3b/html5/thumbnails/36.jpg)
Active Directory Domain Services in Microsoft Infrastructure Optimization