SlideShare une entreprise Scribd logo

Designing the active directory logical structure

Télécharger en tant que PPTX, PDF
J
John Carlo Catacutan

This document provides guidance on designing the logical structure of Active Directory. It discusses designing forests, domains, and organizational units (OUs) to simplify management, optimize performance, and delegate administration appropriately. The key steps are: 1. Identify project teams and assign roles like executive sponsor, architect and manager. 2. Design forests based on autonomy and isolation needs. Common models are organizational, resource and restricted access forests. 3. Design domains considering models like single or regional domains. 4. Integrate Active Directory with the existing DNS infrastructure. 5. Design OUs to delegate control over resources to appropriate administrators.

Carrière
1  sur  49
Designing the Active Directory Logical Structure
Active Directory Logical Structure Design • Simplified management of Windows networks that contain large numbers of objects. • A consolidated domain structure and reduced administration costs. • The ability to delegate administrative control over resources as appropriate. • Reduced impact on network bandwidth
Active Directory Logical Structure Design • Simplified resource sharing. • Optimal search performance. • Low total cost of ownership.
Process for Designing the Active Directory Logical Structure 1. Identify the project deployment project participants 2. Create a forest design 3. Create a domain design for each forest 4. Create a DNS infrastructure to support Active Directory for each forest 5. Design organization units for delegation of administration for each forest.
1. Identifying the Deployment Project Participants • The first step in establishing an Active Directory deployment project is to establish the design and deployment project teams who will be responsible for managing the design phase and deployment phase of the Active Directory project cycle..
1.1 Defining Project-Specific Roles • An important step in establishing the project teams is to identify the individuals who are to hold project- specific roles. These include the executive sponsor, the project architect, and the project manager. • These individuals establish channels of communication throughout the organization, build project schedules, and identify the individuals who will be members of the project teams, beginning with the various owners.
1.1 Defining Project-Specific Roles • Executive sponsor – understands the business value of the deployment, supports the project at the executive level, and can help resolve conflicts across the organization. • Project architect – The architect provides technical expertise to assist with the process of designing and deploying Active Directory
1.1 Defining Project-Specific Roles • Project manager – facilitates cooperation across business units and between technology management groups. – someone from within the organization who is familiar with the operational policies of the IT group and the design requirements for the groups that are preparing to deploy Active Directory – oversees the entire deployment project, beginning with design and continuing through implementation, and makes sure that the project stays on schedule and within budget
1.2 Establishing Owners and Administrators • Owners – are held accountable by management for making sure that deployment tasks are completed and that Active Directory design specifications meet the needs of the organization. Owners do not necessarily have access to or manipulate the directory infrastructure directly.
1.2 Establishing Owners and Administrators • Administrators – are the individuals responsible for completing the required deployment tasks. Administrators have the network access and permissions necessary to manipulate the directory and its infrastructure.
Two Types of Owners • Service owners – are responsible for the planning and long-term maintenance of the Active Directory infrastructure, and ensuring that the directory continues to function, and that the goals established in service level agreements are maintained. • Data owners – are responsible for the maintenance of the information stored in the directory. This includes user and computer account management and management of local resources, such as member servers and workstations.
Two Types of Administrators • Service administrators – implement policy decisions made by service owners and handle the day-to-day tasks associated with maintaining the directory service and infrastructure. • Data administrators – are users within a domain who are responsible for maintaining data that is stored in Active Directory and maintaining computers that are members of their domain.
Service and Data Owners for Active Directory • Forest owner – typically a senior IT manager in the organization, who is responsible for the Active Directory deployment process and who is ultimately accountable for maintaining service delivery within the forest after the deployment is complete. • Active Directory DNS owner – is an individual who has a thorough understanding of the existing DNS infrastructure and the existing namespace of the organization.
Service and Data Owners for Active Directory • Site topology owner – is familiar with the physical structure of the network of the organization, including the mapping of individual subnets, routers, and the areas of the network that are connected by means of slow links • OU owner – is responsible for managing data stored in the directory. This individual needs to be familiar with the operational and security policies that are in place on the network.
1.3 Building Project Teams • The Active Directory project teams are temporary groups that are responsible for completing Active Directory design and deployment tasks. When the Active Directory deployment project is complete, the owners assume responsibility for the directory and the project teams can disband.
1.3 Building Project Teams • Identifying Potential Forest Owners – the IT group is generally the forest owner and therefore the potential forest owner for any future deployments. • Establishing a Design Team – responsible for gathering all of the information needed to make decisions about the Active Directory logical structure design. • Establishing a Deployment Team – responsible for testing and implementing the Active Directory logical structure design.
1.3 Building Project Teams • Document the Design and Deployment Teams – Document the names of and contact information for the people who will participate in the design and deployment of Active Directory. Identify who will be responsible for each role on the design and deployment teams.
2. Creating a Forest Design • Identifying Forest Design Requirements • Determine the number of Forest • Document the Design and Deployment Teams
2.1 Identifying Forest Design Requirements • This involves determining how much autonomy the groups in your organization need to manage their network resources, and whether each group needs to isolate their resources on the network from other groups.
2.1 Identifying Forest Design Requirements Types of requirements • Organizational structure requirements • Operational requirements • Legal Requirements
Autonomy vs. Isolation • Autonomy. – Autonomy involves independent but not exclusive control of a resource. When you achieve autonomy, administrators have the authority to manage resources independently; however, administrators with greater authority exist who also have control over those resources and can take control away if necessary.
Autonomy vs. Isolation • Service autonomy. – This type of autonomy involves control over all or part of service management. • Data autonomy. – This type of autonomy involves control over all or part of the data stored in the directory or on member computers joined to the directory.
Autonomy vs. Isolation • Isolation. – involves independent and exclusive control of a resource. When you achieve isolation, administrators have the authority to manage a resource independently and no other administrators can take control of the resource away
Autonomy vs. Isolation • Service isolation – This type of isolation prevents administrators other than those specifically designated to control service management from controlling or interfering with service management. • Data isolation – This type of isolation prevents administrators other than those specifically designated to control or view data from controlling or viewing a subset of data in the directory or on member computers joined to the directory.
2. Determining the Number of Forests Required • In order to determine the number of forests that you must deploy, you need to carefully identify and evaluate the isolation and autonomy requirements for each group in your organization and map those requirements to the appropriate forest design models.
Forest Design Models • Organizational Forest Model • Resource Forest Model • Restricted Access Forest Model
Organizational Forest Model • In the organizational forest model, user accounts and resources are contained in the forest and managed independently. The organizational forest can be used to provide service autonomy, service isolation, or data isolation, if the forest is configured to prevent access to anyone outside the forest.
Organizational Forest Model
Resource Forest Model • In the resource forest model, a separate forest is used to manage resources. Resource forests do not contain user accounts other than those required for service administration and those required to provide alternate access to the resources in that forest if the user accounts in the organizational forest become unavailable.
Resource Forest Model
Restricted Access Forest Model • In the restricted access forest model, a separate forest is created to contain user accounts and data that must be isolated from the rest of the organization.
Restricted Access Forest Model
Type of Service Management • Management of domain controller operations – Creating and removing domain controllers. – Monitoring the functioning of domain controllers. – Managing services that are running on domain controllers. – Backing up and restoring the directory.
Type of Service Management • Configuration of domain-wide settings – Creating domain and domain user account policies, such as password, Kerberos, and account lockout policies. – Creating and applying domain-wide Group Policies.
Type of Service Management • Delegation of data-level administration – Creating OUs and delegating administration. – Repairing problems in the OU structure that OU owners do not have sufficient access rights to fix • Management of external trusts – Establishing trust relationships with domains outside the forest.
2.3 Documenting the Forest Design • The proposed forest design should be documented. Include in your documentation the name of the group for which the forest is designed, the contact information for the forest owner, the type of forest for each forest that you include, and the requirements that each forest is designed to meet.
3. Creating a Domain Design • Reviewing the Domain Models • Determine the number of domains required • Determine whether to upgrade existing or deploy new domains • Assign domain names • Select the forest root domain
3.1 Reviewing the Domain Models • The amount of available capacity on your network that you are willing to allocate to Active Directory. • The number of users in your organization.
Domain Design Models • Single Domain Model – It is the easiest to administer and the least expensive to maintain. It consists of a forest that contains a single domain. • Regional Domain Model – enables you to maintain a stable environment over time. Base the regions used to define domains in your model on stable elements such as continental boundaries.
3.2 Determining the Number of Domains Required • Every forest starts with a single domain. The maximum number of users that a single domain forest can contain is based on the slowest link that must accommodate replication between domain controllers and the available bandwidth that you want to allocate to Active Directory.
Maximum Number of Users in a Single Domain
3.4 Determining Whether to Upgrade Existing or Deploy New Domains • Each domain in your design will either be a new domain or an existing domain that has been upgraded in place. Users from existing domains that you do not upgrade in place must be migrated into new domains.
3.5 Assigning Domain Names • You must assign a name to every domain in your plan. Active Directory domains have two types of names: DNS names and NetBIOS names. In general, both names are visible to end users. The DNS names of Active Directory domains include two parts, a prefix and a suffix.
Selecting the Forest Root Domain • The first domain that you deploy in an Active Directory forest is called the forest root domain. • Selecting the forest root domain involves determining whether one of the Active Directory domains in your domain design can function as the forest root domain, or whether you need to deploy a dedicated forest root domain.
Choosing a Regional or Dedicated Forest Root Domain • A dedicated forest root domain is a domain that is created specifically to function as the forest root. It does not contain any user accounts other than the service administrator accounts for the forest root domain, and it does not represent any region in your domain structure.
Choosing a Regional or Dedicated Forest Root Domain • If you choose not to deploy a dedicated forest root domain, then you must select a regional domain to function as the forest root domain. This domain is the parent domain of all the other regional domains and will be the first domain that you deploy.
Assigning the Forest Root Domain Name • The forest root domain name is also the name of the forest. The forest root name is a DNS name that consists of a prefix and a suffix in the form of prefix.suffix. For example, an organization might have the forest root name corp.contoso.com. In this example, corp is the prefix and contoso.com is the suffix.
4. Designing a DNS Infrastructure to Support Active Directory • Review DNS concepts • Review DNS and Active Directory • Integrate Active Directory into an existing DNS infrastructure • Document your DNS infrastructure design
5. Designing Organizational Units for Delegation of Administration • Review organizational unit design concepts • Delegate administration using OU objects • Create account OUs • Document the organizational unit design for each domain • Apply Group Policy to OUs

Recommandé

Microsoft Active Directory
Microsoft Active DirectoryMicrosoft Active Directory
Microsoft Active Directory
thebigredhemi
 
Microsoft Active Directory.pptx
Microsoft Active Directory.pptxMicrosoft Active Directory.pptx
Microsoft Active Directory.pptx
masbulosoke
 
Active Directory Training
Active Directory TrainingActive Directory Training
Active Directory Training
Nishad Sukumaran
 
Active Directory
Active Directory Active Directory
Active Directory
Sandeep Kapadane
 
What is active directory
What is active directoryWhat is active directory
What is active directory
Adeel Khurram
 
Active directory slides
Active directory slidesActive directory slides
Active directory slides
Timothy Moffatt
 
Windows Server 2012 Managing Active Directory Domain
Windows Server 2012 Managing Active Directory DomainWindows Server 2012 Managing Active Directory Domain
Windows Server 2012 Managing Active Directory Domain
Napoleon NV
 
Workgroup vs domain
Workgroup vs domainWorkgroup vs domain
Workgroup vs domain
tameemyousaf
 

Recommandé

Microsoft Active Directory
Microsoft Active DirectoryMicrosoft Active Directory
Microsoft Active Directory
thebigredhemi
 
Microsoft Active Directory.pptx
Microsoft Active Directory.pptxMicrosoft Active Directory.pptx
Microsoft Active Directory.pptx
masbulosoke
 
Active Directory Training
Active Directory TrainingActive Directory Training
Active Directory Training
Nishad Sukumaran
 
Active Directory
Active Directory Active Directory
Active Directory
Sandeep Kapadane
 
What is active directory
What is active directoryWhat is active directory
What is active directory
Adeel Khurram
 
Active directory slides
Active directory slidesActive directory slides
Active directory slides
Timothy Moffatt
 
Windows Server 2012 Managing Active Directory Domain
Windows Server 2012 Managing Active Directory DomainWindows Server 2012 Managing Active Directory Domain
Windows Server 2012 Managing Active Directory Domain
Napoleon NV
 
Workgroup vs domain
Workgroup vs domainWorkgroup vs domain
Workgroup vs domain
tameemyousaf
 
Active directory
Active directory Active directory
Active directory
deshvikas
 
Active Directory component
Active Directory componentActive Directory component
Active Directory component
kuldeep singh shishodia
 
Introduction to Active Directory
Introduction to Active DirectoryIntroduction to Active Directory
Introduction to Active Directory
thoms1i
 
active-directory-domain-services
active-directory-domain-servicesactive-directory-domain-services
active-directory-domain-services
202066
 
Active Directory Domain Services.pptx
Active Directory Domain Services.pptxActive Directory Domain Services.pptx
Active Directory Domain Services.pptx
syedasadraza13
 
Exchange server.pptx
Exchange server.pptxExchange server.pptx
Exchange server.pptx
Vignesh kumar
 
Oracle DBA
Oracle DBAOracle DBA
Oracle DBA
shivankuniversity
 
Active Directory Services
Active Directory ServicesActive Directory Services
Active Directory Services
Varun Arora
 
Overview of Microsoft Exchange Server
Overview of Microsoft Exchange ServerOverview of Microsoft Exchange Server
Overview of Microsoft Exchange Server
bedekarpm
 
Oracle Security Presentation
Oracle Security PresentationOracle Security Presentation
Oracle Security Presentation
Francisco Alvarez
 
Windows Server 2019.pptx
Windows Server 2019.pptxWindows Server 2019.pptx
Windows Server 2019.pptx
masbulosoke
 
Active directory domain service
Active directory domain serviceActive directory domain service
Active directory domain service
Festus Oriaku
 
Active directory architecture
Active directory architectureActive directory architecture
Active directory architecture
rahuldaredia21
 
Resize sga
Resize sgaResize sga
Resize sga
Hitesh Kumar Markam
 
Network operating systems
Network operating systemsNetwork operating systems
Network operating systems
rahmanitayulia
 
Active directory interview questions
Active directory interview questionsActive directory interview questions
Active directory interview questions
Anand Dhouni
 
Active-Directory-Domain-Services.pptx
Active-Directory-Domain-Services.pptxActive-Directory-Domain-Services.pptx
Active-Directory-Domain-Services.pptx
MeriemBalhaddad
 
Oracle Enterprise Manager Cloud Control 13c for DBAs
Oracle Enterprise Manager Cloud Control 13c for DBAsOracle Enterprise Manager Cloud Control 13c for DBAs
Oracle Enterprise Manager Cloud Control 13c for DBAs
Gokhan Atil
 
Windows Server 2019 -InspireTech 2019
Windows Server 2019 -InspireTech 2019Windows Server 2019 -InspireTech 2019
Windows Server 2019 -InspireTech 2019
Diana Carolina Torres Viasus
 
Windows server
Windows serverWindows server
Windows server
Hideo Amezawa
 
Active Directory Proposal
Active Directory ProposalActive Directory Proposal
Active Directory Proposal
MJ Ferdous
 
windows-active-directory-password-settings-objects
windows-active-directory-password-settings-objectswindows-active-directory-password-settings-objects
windows-active-directory-password-settings-objects
Sanjay Pather
 

Contenu connexe

Tendances

Active directory
Active directory Active directory
Active directory
deshvikas
 
active-directory-domain-services
active-directory-domain-servicesactive-directory-domain-services
active-directory-domain-services
202066
 
Active Directory Services
Active Directory ServicesActive Directory Services
Active Directory Services
Varun Arora
 

Tendances (20)

Active directory
Active directory Active directory
Active directory
 
Active Directory component
Active Directory componentActive Directory component
Active Directory component
 
Introduction to Active Directory
Introduction to Active DirectoryIntroduction to Active Directory
Introduction to Active Directory
 
active-directory-domain-services
active-directory-domain-servicesactive-directory-domain-services
active-directory-domain-services
 
Active Directory Domain Services.pptx
Active Directory Domain Services.pptxActive Directory Domain Services.pptx
Active Directory Domain Services.pptx
 
Exchange server.pptx
Exchange server.pptxExchange server.pptx
Exchange server.pptx
 
Oracle DBA
Oracle DBAOracle DBA
Oracle DBA
 
Active Directory Services
Active Directory ServicesActive Directory Services
Active Directory Services
 
Overview of Microsoft Exchange Server
Overview of Microsoft Exchange ServerOverview of Microsoft Exchange Server
Overview of Microsoft Exchange Server
 
Oracle Security Presentation
Oracle Security PresentationOracle Security Presentation
Oracle Security Presentation
 
Windows Server 2019.pptx
Windows Server 2019.pptxWindows Server 2019.pptx
Windows Server 2019.pptx
 
Active directory domain service
Active directory domain serviceActive directory domain service
Active directory domain service
 
Active directory architecture
Active directory architectureActive directory architecture
Active directory architecture
 
Resize sga
Resize sgaResize sga
Resize sga
 
Network operating systems
Network operating systemsNetwork operating systems
Network operating systems
 
Active directory interview questions
Active directory interview questionsActive directory interview questions
Active directory interview questions
 
Active-Directory-Domain-Services.pptx
Active-Directory-Domain-Services.pptxActive-Directory-Domain-Services.pptx
Active-Directory-Domain-Services.pptx
 
Oracle Enterprise Manager Cloud Control 13c for DBAs
Oracle Enterprise Manager Cloud Control 13c for DBAsOracle Enterprise Manager Cloud Control 13c for DBAs
Oracle Enterprise Manager Cloud Control 13c for DBAs
 
Windows Server 2019 -InspireTech 2019
Windows Server 2019 -InspireTech 2019Windows Server 2019 -InspireTech 2019
Windows Server 2019 -InspireTech 2019
 
Windows server
Windows serverWindows server
Windows server
 

En vedette

Active Directory Proposal
Active Directory ProposalActive Directory Proposal
Active Directory Proposal
MJ Ferdous
 
windows-active-directory-password-settings-objects
windows-active-directory-password-settings-objectswindows-active-directory-password-settings-objects
windows-active-directory-password-settings-objects
Sanjay Pather
 
Windows Server 2008 Active Directory Guide
Windows Server 2008 Active Directory GuideWindows Server 2008 Active Directory Guide
Windows Server 2008 Active Directory Guide
webhostingguy
 
Active directory ds ws2008 r2
Active directory ds ws2008 r2Active directory ds ws2008 r2
Active directory ds ws2008 r2
MICTT Palma
 
Active directory installation windows 2003 1
Active directory installation windows 2003 1Active directory installation windows 2003 1
Active directory installation windows 2003 1
tameemyousaf
 
Active directory ii
Active directory iiActive directory ii
Active directory ii
deshvikas
 
Firewall
FirewallFirewall
Firewall
Muuluu
 
Active directory
Active directoryActive directory
Active directory
Muuluu
 
1.2 active directory
1.2 active directory1.2 active directory
1.2 active directory
Muuluu
 

En vedette (15)

Active Directory Proposal
Active Directory ProposalActive Directory Proposal
Active Directory Proposal
 
windows-active-directory-password-settings-objects
windows-active-directory-password-settings-objectswindows-active-directory-password-settings-objects
windows-active-directory-password-settings-objects
 
Presentación Servicio WDS
Presentación Servicio WDS Presentación Servicio WDS
Presentación Servicio WDS
 
Windows Server 2008 Active Directory Guide
Windows Server 2008 Active Directory GuideWindows Server 2008 Active Directory Guide
Windows Server 2008 Active Directory Guide
 
Advanced Directory Services Windows Server 2012
Advanced Directory Services Windows Server 2012Advanced Directory Services Windows Server 2012
Advanced Directory Services Windows Server 2012
 
Active directory ds ws2008 r2
Active directory ds ws2008 r2Active directory ds ws2008 r2
Active directory ds ws2008 r2
 
WDS
WDSWDS
WDS
 
Active directory installation windows 2003 1
Active directory installation windows 2003 1Active directory installation windows 2003 1
Active directory installation windows 2003 1
 
Active directory ii
Active directory iiActive directory ii
Active directory ii
 
70 640 Lesson01 Ppt 041009
70 640 Lesson01 Ppt 04100970 640 Lesson01 Ppt 041009
70 640 Lesson01 Ppt 041009
 
Firewall
FirewallFirewall
Firewall
 
Active directory
Active directoryActive directory
Active directory
 
1.2 active directory
1.2 active directory1.2 active directory
1.2 active directory
 
Windows Server 2008 Active Directory
Windows Server 2008 Active DirectoryWindows Server 2008 Active Directory
Windows Server 2008 Active Directory
 
Domain Modeling
Domain ModelingDomain Modeling
Domain Modeling
 

Similaire à Designing the active directory logical structure

Database Administration, Management & Security.pptx
Database Administration, Management & Security.pptxDatabase Administration, Management & Security.pptx
Database Administration, Management & Security.pptx
SaqibKhan60365
 
9a797dbms chapter1 b.sc2
9a797dbms chapter1 b.sc29a797dbms chapter1 b.sc2
9a797dbms chapter1 b.sc2
Mukund Trivedi
 
Charlotte SPUG - Planning for MySites and Social in the Enterprise
Charlotte SPUG - Planning for MySites and Social in the EnterpriseCharlotte SPUG - Planning for MySites and Social in the Enterprise
Charlotte SPUG - Planning for MySites and Social in the Enterprise
Michael Oryszak
 

Similaire à Designing the active directory logical structure (20)

Database Administration, Management & Security.pptx
Database Administration, Management & Security.pptxDatabase Administration, Management & Security.pptx
Database Administration, Management & Security.pptx
 
DBMS.pptx
DBMS.pptxDBMS.pptx
DBMS.pptx
 
Introduction to RDBMS
Introduction to RDBMSIntroduction to RDBMS
Introduction to RDBMS
 
CS3270 - DATABASE SYSTEM - Lecture (1)
CS3270 - DATABASE SYSTEM - Lecture (1)CS3270 - DATABASE SYSTEM - Lecture (1)
CS3270 - DATABASE SYSTEM - Lecture (1)
 
ARCHITECTURE.pptx
ARCHITECTURE.pptxARCHITECTURE.pptx
ARCHITECTURE.pptx
 
Chapter-1 Introduction to Database Management Systems
Chapter-1 Introduction to Database Management SystemsChapter-1 Introduction to Database Management Systems
Chapter-1 Introduction to Database Management Systems
 
Active Directoryptx sunday.pptx
Active Directoryptx sunday.pptxActive Directoryptx sunday.pptx
Active Directoryptx sunday.pptx
 
Introduction to Database Management System.pdf
Introduction to Database Management System.pdfIntroduction to Database Management System.pdf
Introduction to Database Management System.pdf
 
Active-Directory-Domain-Services.pptx
Active-Directory-Domain-Services.pptxActive-Directory-Domain-Services.pptx
Active-Directory-Domain-Services.pptx
 
Chapter 1
Chapter 1Chapter 1
Chapter 1
 
Unit 1 dbms
Unit 1 dbmsUnit 1 dbms
Unit 1 dbms
 
Introduction to DBMS.pptx
Introduction to DBMS.pptxIntroduction to DBMS.pptx
Introduction to DBMS.pptx
 
CHAPTER 1 Database system architecture.pptx
CHAPTER 1 Database system architecture.pptxCHAPTER 1 Database system architecture.pptx
CHAPTER 1 Database system architecture.pptx
 
Database administration and security
Database administration and securityDatabase administration and security
Database administration and security
 
9a797dbms chapter1 b.sc2
9a797dbms chapter1 b.sc29a797dbms chapter1 b.sc2
9a797dbms chapter1 b.sc2
 
Database
DatabaseDatabase
Database
 
Ch1_Intro-95(1).ppt
Ch1_Intro-95(1).pptCh1_Intro-95(1).ppt
Ch1_Intro-95(1).ppt
 
Charlotte SPUG - Planning for MySites and Social in the Enterprise
Charlotte SPUG - Planning for MySites and Social in the EnterpriseCharlotte SPUG - Planning for MySites and Social in the Enterprise
Charlotte SPUG - Planning for MySites and Social in the Enterprise
 
Introduction to databasecasmfnbskdfjnfkjsdnsjkdfn
Introduction to databasecasmfnbskdfjnfkjsdnsjkdfnIntroduction to databasecasmfnbskdfjnfkjsdnsjkdfn
Introduction to databasecasmfnbskdfjnfkjsdnsjkdfn
 
Database management systems components
Database management systems componentsDatabase management systems components
Database management systems components
 

Plus de John Carlo Catacutan

Plus de John Carlo Catacutan (7)

Reporting c
Reporting cReporting c
Reporting c
 
Chapter 1 introduction to statistics
Chapter 1 introduction to statisticsChapter 1 introduction to statistics
Chapter 1 introduction to statistics
 
Operating system basics
Operating system basicsOperating system basics
Operating system basics
 
Network operating system
Network operating systemNetwork operating system
Network operating system
 
Discuss open sourcelicensing
Discuss open sourcelicensingDiscuss open sourcelicensing
Discuss open sourcelicensing
 
Os concepts
Os conceptsOs concepts
Os concepts
 
Ad fundamentals 1
Ad fundamentals 1Ad fundamentals 1
Ad fundamentals 1
 

Dernier

Gabriel_Carter_EXPOLRATIONpp.pptx........
Gabriel_Carter_EXPOLRATIONpp.pptx........Gabriel_Carter_EXPOLRATIONpp.pptx........
Gabriel_Carter_EXPOLRATIONpp.pptx........
deejay178
 
Top profile Call Girls In Sagar [ 7014168258 ] Call Me For Genuine Models We ...
Top profile Call Girls In Sagar [ 7014168258 ] Call Me For Genuine Models We ...Top profile Call Girls In Sagar [ 7014168258 ] Call Me For Genuine Models We ...
Top profile Call Girls In Sagar [ 7014168258 ] Call Me For Genuine Models We ...
nirzagarg
 
Howrah [ Call Girls Kolkata ₹7.5k Pick Up & Drop With Cash Payment 8005736733...
Howrah [ Call Girls Kolkata ₹7.5k Pick Up & Drop With Cash Payment 8005736733...Howrah [ Call Girls Kolkata ₹7.5k Pick Up & Drop With Cash Payment 8005736733...
Howrah [ Call Girls Kolkata ₹7.5k Pick Up & Drop With Cash Payment 8005736733...
HyderabadDolls
 
Top profile Call Girls In Agartala [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Agartala [ 7014168258 ] Call Me For Genuine Models ...Top profile Call Girls In Agartala [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Agartala [ 7014168258 ] Call Me For Genuine Models ...
gajnagarg
 
Jual obat aborsi Jakarta ( 085657271886 )Cytote pil telat bulan penggugur kan...
Jual obat aborsi Jakarta ( 085657271886 )Cytote pil telat bulan penggugur kan...Jual obat aborsi Jakarta ( 085657271886 )Cytote pil telat bulan penggugur kan...
Jual obat aborsi Jakarta ( 085657271886 )Cytote pil telat bulan penggugur kan...
ZurliaSoop
 
K Venkat Naveen Kumar | GCP Data Engineer | CV
K Venkat Naveen Kumar | GCP Data Engineer | CVK Venkat Naveen Kumar | GCP Data Engineer | CV
K Venkat Naveen Kumar | GCP Data Engineer | CV
K VENKAT NAVEEN KUMAR
 
Top profile Call Girls In godhra [ 7014168258 ] Call Me For Genuine Models We...
Top profile Call Girls In godhra [ 7014168258 ] Call Me For Genuine Models We...Top profile Call Girls In godhra [ 7014168258 ] Call Me For Genuine Models We...
Top profile Call Girls In godhra [ 7014168258 ] Call Me For Genuine Models We...
gajnagarg
 
Cara Gugurkan Kandungan Awal Kehamilan 1 bulan (087776558899)
Cara Gugurkan Kandungan Awal Kehamilan 1 bulan (087776558899)Cara Gugurkan Kandungan Awal Kehamilan 1 bulan (087776558899)
Cara Gugurkan Kandungan Awal Kehamilan 1 bulan (087776558899)
Cara Menggugurkan Kandungan 087776558899
 
7737669865 Call Girls In Ahmedabad Escort Service Available 24×7 In In Ahmedabad
7737669865 Call Girls In Ahmedabad Escort Service Available 24×7 In In Ahmedabad7737669865 Call Girls In Ahmedabad Escort Service Available 24×7 In In Ahmedabad
7737669865 Call Girls In Ahmedabad Escort Service Available 24×7 In In Ahmedabad
gargpaaro
 
b-sc-agri-course-curriculum.pdf for Karnataka state board
b-sc-agri-course-curriculum.pdf for Karnataka state boardb-sc-agri-course-curriculum.pdf for Karnataka state board
b-sc-agri-course-curriculum.pdf for Karnataka state board
ramyaul734
 
Top profile Call Girls In Varanasi [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Varanasi [ 7014168258 ] Call Me For Genuine Models ...Top profile Call Girls In Varanasi [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Varanasi [ 7014168258 ] Call Me For Genuine Models ...
gajnagarg
 
Top profile Call Girls In Anantapur [ 7014168258 ] Call Me For Genuine Models...
Top profile Call Girls In Anantapur [ 7014168258 ] Call Me For Genuine Models...Top profile Call Girls In Anantapur [ 7014168258 ] Call Me For Genuine Models...
Top profile Call Girls In Anantapur [ 7014168258 ] Call Me For Genuine Models...
gajnagarg
 
一比一定(购)中央昆士兰大学毕业证(CQU毕业证)成绩单学位证
一比一定(购)中央昆士兰大学毕业证(CQU毕业证)成绩单学位证一比一定(购)中央昆士兰大学毕业证(CQU毕业证)成绩单学位证
一比一定(购)中央昆士兰大学毕业证(CQU毕业证)成绩单学位证
eqaqen
 

Dernier (20)

Guide to a Winning Interview May 2024 for MCWN
Guide to a Winning Interview May 2024 for MCWNGuide to a Winning Interview May 2024 for MCWN
Guide to a Winning Interview May 2024 for MCWN
 
Gabriel_Carter_EXPOLRATIONpp.pptx........
Gabriel_Carter_EXPOLRATIONpp.pptx........Gabriel_Carter_EXPOLRATIONpp.pptx........
Gabriel_Carter_EXPOLRATIONpp.pptx........
 
Top profile Call Girls In Sagar [ 7014168258 ] Call Me For Genuine Models We ...
Top profile Call Girls In Sagar [ 7014168258 ] Call Me For Genuine Models We ...Top profile Call Girls In Sagar [ 7014168258 ] Call Me For Genuine Models We ...
Top profile Call Girls In Sagar [ 7014168258 ] Call Me For Genuine Models We ...
 
Brand Analysis for reggaeton artist Jahzel.
Brand Analysis for reggaeton artist Jahzel.Brand Analysis for reggaeton artist Jahzel.
Brand Analysis for reggaeton artist Jahzel.
 
Howrah [ Call Girls Kolkata ₹7.5k Pick Up & Drop With Cash Payment 8005736733...
Howrah [ Call Girls Kolkata ₹7.5k Pick Up & Drop With Cash Payment 8005736733...Howrah [ Call Girls Kolkata ₹7.5k Pick Up & Drop With Cash Payment 8005736733...
Howrah [ Call Girls Kolkata ₹7.5k Pick Up & Drop With Cash Payment 8005736733...
 
Personal Brand Exploration ppt.- Ronnie Jones
Personal Brand Exploration ppt.- Ronnie JonesPersonal Brand Exploration ppt.- Ronnie Jones
Personal Brand Exploration ppt.- Ronnie Jones
 
Top profile Call Girls In Agartala [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Agartala [ 7014168258 ] Call Me For Genuine Models ...Top profile Call Girls In Agartala [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Agartala [ 7014168258 ] Call Me For Genuine Models ...
 
Jual obat aborsi Jakarta ( 085657271886 )Cytote pil telat bulan penggugur kan...
Jual obat aborsi Jakarta ( 085657271886 )Cytote pil telat bulan penggugur kan...Jual obat aborsi Jakarta ( 085657271886 )Cytote pil telat bulan penggugur kan...
Jual obat aborsi Jakarta ( 085657271886 )Cytote pil telat bulan penggugur kan...
 
K Venkat Naveen Kumar | GCP Data Engineer | CV
K Venkat Naveen Kumar | GCP Data Engineer | CVK Venkat Naveen Kumar | GCP Data Engineer | CV
K Venkat Naveen Kumar | GCP Data Engineer | CV
 
Top profile Call Girls In godhra [ 7014168258 ] Call Me For Genuine Models We...
Top profile Call Girls In godhra [ 7014168258 ] Call Me For Genuine Models We...Top profile Call Girls In godhra [ 7014168258 ] Call Me For Genuine Models We...
Top profile Call Girls In godhra [ 7014168258 ] Call Me For Genuine Models We...
 
Cara Gugurkan Kandungan Awal Kehamilan 1 bulan (087776558899)
Cara Gugurkan Kandungan Awal Kehamilan 1 bulan (087776558899)Cara Gugurkan Kandungan Awal Kehamilan 1 bulan (087776558899)
Cara Gugurkan Kandungan Awal Kehamilan 1 bulan (087776558899)
 
7737669865 Call Girls In Ahmedabad Escort Service Available 24×7 In In Ahmedabad
7737669865 Call Girls In Ahmedabad Escort Service Available 24×7 In In Ahmedabad7737669865 Call Girls In Ahmedabad Escort Service Available 24×7 In In Ahmedabad
7737669865 Call Girls In Ahmedabad Escort Service Available 24×7 In In Ahmedabad
 
b-sc-agri-course-curriculum.pdf for Karnataka state board
b-sc-agri-course-curriculum.pdf for Karnataka state boardb-sc-agri-course-curriculum.pdf for Karnataka state board
b-sc-agri-course-curriculum.pdf for Karnataka state board
 
Top profile Call Girls In Varanasi [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Varanasi [ 7014168258 ] Call Me For Genuine Models ...Top profile Call Girls In Varanasi [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Varanasi [ 7014168258 ] Call Me For Genuine Models ...
 
UIowa Application Instructions - 2024 Update
UIowa Application Instructions - 2024 UpdateUIowa Application Instructions - 2024 Update
UIowa Application Instructions - 2024 Update
 
Vip Malegaon Escorts Service Girl ^ 9332606886, WhatsApp Anytime Malegaon
Vip Malegaon Escorts Service Girl ^ 9332606886, WhatsApp Anytime MalegaonVip Malegaon Escorts Service Girl ^ 9332606886, WhatsApp Anytime Malegaon
Vip Malegaon Escorts Service Girl ^ 9332606886, WhatsApp Anytime Malegaon
 
Top profile Call Girls In Anantapur [ 7014168258 ] Call Me For Genuine Models...
Top profile Call Girls In Anantapur [ 7014168258 ] Call Me For Genuine Models...Top profile Call Girls In Anantapur [ 7014168258 ] Call Me For Genuine Models...
Top profile Call Girls In Anantapur [ 7014168258 ] Call Me For Genuine Models...
 
Mysore Escorts Service Girl ^ 9332606886, WhatsApp Anytime Mysore
Mysore Escorts Service Girl ^ 9332606886, WhatsApp Anytime MysoreMysore Escorts Service Girl ^ 9332606886, WhatsApp Anytime Mysore
Mysore Escorts Service Girl ^ 9332606886, WhatsApp Anytime Mysore
 
一比一定(购)中央昆士兰大学毕业证(CQU毕业证)成绩单学位证
一比一定(购)中央昆士兰大学毕业证(CQU毕业证)成绩单学位证一比一定(购)中央昆士兰大学毕业证(CQU毕业证)成绩单学位证
一比一定(购)中央昆士兰大学毕业证(CQU毕业证)成绩单学位证
 
Novo Nordisk Kalundborg. We are expanding our manufacturing hub in Kalundborg...
Novo Nordisk Kalundborg. We are expanding our manufacturing hub in Kalundborg...Novo Nordisk Kalundborg. We are expanding our manufacturing hub in Kalundborg...
Novo Nordisk Kalundborg. We are expanding our manufacturing hub in Kalundborg...
 

Designing the active directory logical structure

  • 1. Designing the Active Directory Logical Structure
  • 2. Active Directory Logical Structure Design • Simplified management of Windows networks that contain large numbers of objects. • A consolidated domain structure and reduced administration costs. • The ability to delegate administrative control over resources as appropriate. • Reduced impact on network bandwidth
  • 3. Active Directory Logical Structure Design • Simplified resource sharing. • Optimal search performance. • Low total cost of ownership.
  • 4. Process for Designing the Active Directory Logical Structure 1. Identify the project deployment project participants 2. Create a forest design 3. Create a domain design for each forest 4. Create a DNS infrastructure to support Active Directory for each forest 5. Design organization units for delegation of administration for each forest.
  • 5. 1. Identifying the Deployment Project Participants • The first step in establishing an Active Directory deployment project is to establish the design and deployment project teams who will be responsible for managing the design phase and deployment phase of the Active Directory project cycle..
  • 6. 1.1 Defining Project-Specific Roles • An important step in establishing the project teams is to identify the individuals who are to hold project- specific roles. These include the executive sponsor, the project architect, and the project manager. • These individuals establish channels of communication throughout the organization, build project schedules, and identify the individuals who will be members of the project teams, beginning with the various owners.
  • 7. 1.1 Defining Project-Specific Roles • Executive sponsor – understands the business value of the deployment, supports the project at the executive level, and can help resolve conflicts across the organization. • Project architect – The architect provides technical expertise to assist with the process of designing and deploying Active Directory
  • 8. 1.1 Defining Project-Specific Roles • Project manager – facilitates cooperation across business units and between technology management groups. – someone from within the organization who is familiar with the operational policies of the IT group and the design requirements for the groups that are preparing to deploy Active Directory – oversees the entire deployment project, beginning with design and continuing through implementation, and makes sure that the project stays on schedule and within budget
  • 9. 1.2 Establishing Owners and Administrators • Owners – are held accountable by management for making sure that deployment tasks are completed and that Active Directory design specifications meet the needs of the organization. Owners do not necessarily have access to or manipulate the directory infrastructure directly.
  • 10. 1.2 Establishing Owners and Administrators • Administrators – are the individuals responsible for completing the required deployment tasks. Administrators have the network access and permissions necessary to manipulate the directory and its infrastructure.
  • 11. Two Types of Owners • Service owners – are responsible for the planning and long-term maintenance of the Active Directory infrastructure, and ensuring that the directory continues to function, and that the goals established in service level agreements are maintained. • Data owners – are responsible for the maintenance of the information stored in the directory. This includes user and computer account management and management of local resources, such as member servers and workstations.
  • 12. Two Types of Administrators • Service administrators – implement policy decisions made by service owners and handle the day-to-day tasks associated with maintaining the directory service and infrastructure. • Data administrators – are users within a domain who are responsible for maintaining data that is stored in Active Directory and maintaining computers that are members of their domain.
  • 13. Service and Data Owners for Active Directory • Forest owner – typically a senior IT manager in the organization, who is responsible for the Active Directory deployment process and who is ultimately accountable for maintaining service delivery within the forest after the deployment is complete. • Active Directory DNS owner – is an individual who has a thorough understanding of the existing DNS infrastructure and the existing namespace of the organization.
  • 14. Service and Data Owners for Active Directory • Site topology owner – is familiar with the physical structure of the network of the organization, including the mapping of individual subnets, routers, and the areas of the network that are connected by means of slow links • OU owner – is responsible for managing data stored in the directory. This individual needs to be familiar with the operational and security policies that are in place on the network.
  • 15. 1.3 Building Project Teams • The Active Directory project teams are temporary groups that are responsible for completing Active Directory design and deployment tasks. When the Active Directory deployment project is complete, the owners assume responsibility for the directory and the project teams can disband.
  • 16. 1.3 Building Project Teams • Identifying Potential Forest Owners – the IT group is generally the forest owner and therefore the potential forest owner for any future deployments. • Establishing a Design Team – responsible for gathering all of the information needed to make decisions about the Active Directory logical structure design. • Establishing a Deployment Team – responsible for testing and implementing the Active Directory logical structure design.
  • 17. 1.3 Building Project Teams • Document the Design and Deployment Teams – Document the names of and contact information for the people who will participate in the design and deployment of Active Directory. Identify who will be responsible for each role on the design and deployment teams.
  • 18. 2. Creating a Forest Design • Identifying Forest Design Requirements • Determine the number of Forest • Document the Design and Deployment Teams
  • 19. 2.1 Identifying Forest Design Requirements • This involves determining how much autonomy the groups in your organization need to manage their network resources, and whether each group needs to isolate their resources on the network from other groups.
  • 20. 2.1 Identifying Forest Design Requirements Types of requirements • Organizational structure requirements • Operational requirements • Legal Requirements
  • 21. Autonomy vs. Isolation • Autonomy. – Autonomy involves independent but not exclusive control of a resource. When you achieve autonomy, administrators have the authority to manage resources independently; however, administrators with greater authority exist who also have control over those resources and can take control away if necessary.
  • 22. Autonomy vs. Isolation • Service autonomy. – This type of autonomy involves control over all or part of service management. • Data autonomy. – This type of autonomy involves control over all or part of the data stored in the directory or on member computers joined to the directory.
  • 23. Autonomy vs. Isolation • Isolation. – involves independent and exclusive control of a resource. When you achieve isolation, administrators have the authority to manage a resource independently and no other administrators can take control of the resource away
  • 24. Autonomy vs. Isolation • Service isolation – This type of isolation prevents administrators other than those specifically designated to control service management from controlling or interfering with service management. • Data isolation – This type of isolation prevents administrators other than those specifically designated to control or view data from controlling or viewing a subset of data in the directory or on member computers joined to the directory.
  • 25. 2. Determining the Number of Forests Required • In order to determine the number of forests that you must deploy, you need to carefully identify and evaluate the isolation and autonomy requirements for each group in your organization and map those requirements to the appropriate forest design models.
  • 26. Forest Design Models • Organizational Forest Model • Resource Forest Model • Restricted Access Forest Model
  • 27. Organizational Forest Model • In the organizational forest model, user accounts and resources are contained in the forest and managed independently. The organizational forest can be used to provide service autonomy, service isolation, or data isolation, if the forest is configured to prevent access to anyone outside the forest.
  • 29. Resource Forest Model • In the resource forest model, a separate forest is used to manage resources. Resource forests do not contain user accounts other than those required for service administration and those required to provide alternate access to the resources in that forest if the user accounts in the organizational forest become unavailable.
  • 31. Restricted Access Forest Model • In the restricted access forest model, a separate forest is created to contain user accounts and data that must be isolated from the rest of the organization.
  • 33. Type of Service Management • Management of domain controller operations – Creating and removing domain controllers. – Monitoring the functioning of domain controllers. – Managing services that are running on domain controllers. – Backing up and restoring the directory.
  • 34. Type of Service Management • Configuration of domain-wide settings – Creating domain and domain user account policies, such as password, Kerberos, and account lockout policies. – Creating and applying domain-wide Group Policies.
  • 35. Type of Service Management • Delegation of data-level administration – Creating OUs and delegating administration. – Repairing problems in the OU structure that OU owners do not have sufficient access rights to fix • Management of external trusts – Establishing trust relationships with domains outside the forest.
  • 36. 2.3 Documenting the Forest Design • The proposed forest design should be documented. Include in your documentation the name of the group for which the forest is designed, the contact information for the forest owner, the type of forest for each forest that you include, and the requirements that each forest is designed to meet.
  • 37. 3. Creating a Domain Design • Reviewing the Domain Models • Determine the number of domains required • Determine whether to upgrade existing or deploy new domains • Assign domain names • Select the forest root domain
  • 38. 3.1 Reviewing the Domain Models • The amount of available capacity on your network that you are willing to allocate to Active Directory. • The number of users in your organization.
  • 39. Domain Design Models • Single Domain Model – It is the easiest to administer and the least expensive to maintain. It consists of a forest that contains a single domain. • Regional Domain Model – enables you to maintain a stable environment over time. Base the regions used to define domains in your model on stable elements such as continental boundaries.
  • 40. 3.2 Determining the Number of Domains Required • Every forest starts with a single domain. The maximum number of users that a single domain forest can contain is based on the slowest link that must accommodate replication between domain controllers and the available bandwidth that you want to allocate to Active Directory.
  • 41. Maximum Number of Users in a Single Domain
  • 42. 3.4 Determining Whether to Upgrade Existing or Deploy New Domains • Each domain in your design will either be a new domain or an existing domain that has been upgraded in place. Users from existing domains that you do not upgrade in place must be migrated into new domains.
  • 43. 3.5 Assigning Domain Names • You must assign a name to every domain in your plan. Active Directory domains have two types of names: DNS names and NetBIOS names. In general, both names are visible to end users. The DNS names of Active Directory domains include two parts, a prefix and a suffix.
  • 44. Selecting the Forest Root Domain • The first domain that you deploy in an Active Directory forest is called the forest root domain. • Selecting the forest root domain involves determining whether one of the Active Directory domains in your domain design can function as the forest root domain, or whether you need to deploy a dedicated forest root domain.
  • 45. Choosing a Regional or Dedicated Forest Root Domain • A dedicated forest root domain is a domain that is created specifically to function as the forest root. It does not contain any user accounts other than the service administrator accounts for the forest root domain, and it does not represent any region in your domain structure.
  • 46. Choosing a Regional or Dedicated Forest Root Domain • If you choose not to deploy a dedicated forest root domain, then you must select a regional domain to function as the forest root domain. This domain is the parent domain of all the other regional domains and will be the first domain that you deploy.
  • 47. Assigning the Forest Root Domain Name • The forest root domain name is also the name of the forest. The forest root name is a DNS name that consists of a prefix and a suffix in the form of prefix.suffix. For example, an organization might have the forest root name corp.contoso.com. In this example, corp is the prefix and contoso.com is the suffix.
  • 48. 4. Designing a DNS Infrastructure to Support Active Directory • Review DNS concepts • Review DNS and Active Directory • Integrate Active Directory into an existing DNS infrastructure • Document your DNS infrastructure design
  • 49. 5. Designing Organizational Units for Delegation of Administration • Review organizational unit design concepts • Delegate administration using OU objects • Create account OUs • Document the organizational unit design for each domain • Apply Group Policy to OUs