ADVANTAGE PRO Chennais Premier Networking Training Centre

Agenda
Introduction to Designing a Directory Services Infrastructure DNS and Active Directory Designing a DNS Naming Strategy for Active Directory Designing an Active Directory Domain
Designing the Initial Active Directory Domain Planning for Security Groups Planning for OUs

Designing a Multiple-Domain Structure

Planning for Multiple-Domain Trees Planning for Multiple-Tree Forests Planning for Multiple Forests

Managing Operations Master Roles

ADVANTAGE PRO Chennais Premier Networking Training Centre

Conducting an Organizational Analysis

Identifying Organizational Needs Making Design Choices Planning Guidelines

ADVANTAGE PRO Chennais Premier Networking Training Centre

Identifying Organizational Needs

Determine the Goals of the Organization Analyze the Administrative Model Anticipate Growth and Reorganization Document the Gathered Information

ADVANTAGE PRO Chennais Premier Networking Training Centre

Making Design Choices

Decision Points Implications Risks and Costs Tradeoffs

ADVANTAGE PRO Chennais Premier Networking Training Centre

Planning Guidelines

Remember Business Needs Maintain a Clear Vision Make Solid Tradeoff Decisions Create a Simple Design Test the Design
ADVANTAGE PRO Chennais Premier Networking Training Centre

Architectural Elements of Active Directory

      

Designing a Naming Strategy Designing an Active Directory Domain Designing Multiple Domains Designing a Site Topology Designing for Delegation of Administrative Authority Designing for Group Policy Designing Schema Modifications

ADVANTAGE PRO Chennais Premier Networking Training Centre

Designing a Naming Strategy

 

Active Directory Uses DNS as Naming Service Internet Presence a Determining Factor in Selecting Domain Names23
Domain Name System (DNS)

nwtraders.msft

ADVANTAGE PRO Chennais Premier Networking Training Centre

Designing an Active Directory Domain



Create OUs to Support Delegation and Group Policy Create OU Structure to Reflect Administrative Model Carefully Name the First Domain
nwtraders.msft

First Domain
OU OU

OU

OU

OU

OU

ADVANTAGE PRO Chennais Premier Networking Training Centre

Designing Multiple Domains

 

Administered Separately But May Share Resources More Complex To Manage

nwtraders.msft

Root

Child Domain us.nwtraders.msft

Child Domain europe.nwtraders.msft

ADVANTAGE PRO Chennais Premier Networking Training Centre

Designing for Delegation of Administrative Authority

Relieves Burden of Centralized Management Separates administrative Authority from Rest of Network
nwtraders.msft

Domain

asia.nwtraders.msft HR Mfg na.nwtraders.msft recruiting training research

ADVANTAGE PRO Chennais Premier Networking Training Centre

Designing Schema Modifications

Schema Defines Objects and Attributes in Active Directory Changing the Schema Can Affect the Entire Network Create a Schema Modification Policy to Manage Changes

Schema

ADVANTAGE PRO Chennais Premier Networking Training Centre

Agenda

DNS & Active Directory

ADVANTAGE PRO Chennais Premier Networking Training Centre

ADVANTAGE PRO Chennais Premier Networking Training Centre

Introduction to the Role of DNS in Active Directory

Name Resolution
DNS translates computer names to IP addresses Computers use DNS to locate each other on the network

Naming Convention for Windows 2000 Domains

Windows 2000 uses DNS naming standards for domain names DNS domains and Active Directory domains share a common hierarchical naming structure

ADVANTAGE PRO Chennais Premier Networking Training Centre

Locating the Physical Components of Active Directory

DNS identifies domain controllers by the services they provide Computers use DNS to locate domain controllers and global catalog servers

ADVANTAGE PRO Chennais Premier Networking Training Centre

DNS and Active Directory Namespaces

DNS Namespace Internet
DNS Node Active Directory Domain

.
com.

(DNS root domain) Active Directory Namespace microsoft training

microsoft.com

sales

training. microsoft.com computer1 sales. microsoft.com

ADVANTAGE PRO Chennais Premier Networking Training Centre

DNS Host Names and Windows 2000 Computer Names

 DNS

.
com.

host record and Active Directory object represent the same physical computer allows computers to locate domain controllers within Active Directory
Active Directory
training.microsoft.com

 DNS

microsoft sales training

Builtin Computers

computer1

Computer1 Computer2

FQDN = computer1.training.microsoft.com Windows 2000 Computer Name = Computer1

ADVANTAGE PRO Chennais Premier Networking Training Centre

DNS Requirements for Active Directory

DNS Requirements to Support Active Directory

Support for SRV records (mandatory) Support for the dynamic update protocol (recommended) Support for incremental zone transfers (recommended)

ADVANTAGE PRO Chennais Premier Networking Training Centre

Agenda

Designing a DNS Naming Strategy for Active Directory

ADVANTAGE PRO Chennais Premier Networking Training Centre

Identifying Business Needs



Main Business Needs that Impact a Naming Strategy: Intended Scope of Active Directory Internet Presence

ADVANTAGE PRO Chennais Premier Networking Training Centre

Distinguishing Between DNS and Active Directory

 DNS

Servers Store Resource Records Directory Servers Store Domain Objects

Domain Name System (DNS)

 Active

contoso.msft

ADVANTAGE PRO Chennais Premier Networking Training Centre

Planning Active Directory Domain Names

  

Determining the Scope of Active Directory Designing the Naming Hierarchy Choosing Active Directory Domain Names

ADVANTAGE PRO Chennais Premier Networking Training Centre

Determining the Scope of Active Directory

DNS Name Should Represent Entire Organization
Headquarters Branch Locations Business Partners

Active Directory Name Can Be Internet Name

Register Name with ICANN

ADVANTAGE PRO Chennais Premier Networking Training Centre

Designing the Naming Hierarchy

Root
DNS Name: contoso.msft

contoso.msft

Child
namerica.contoso.msft

Child
europe.contoso.msft

DNS Name: namerica.contoso.msft

DNS Name: europe.contoso.msft

ADVANTAGE PRO Chennais Premier Networking Training Centre

Choosing Active Directory Domain Names

Choose a Root Domain Name Unique to the Internet Conform to DNS Naming Regulations Register Your DNS Domain Name Choose Meaningful, Stable, Scalable Names Use An Existing DNS Domain Name

ADVANTAGE PRO Chennais Premier Networking Training Centre

Designing a DNS Naming Strategy for Active Directory



Making Initial Naming Decisions Using a Delegated Sub domain Name for the Internal Network Using a Single DNS Name for Public and Private Networks Using a Different DNS Name for Public and Private Networks Design Guidelines
ADVANTAGE PRO Chennais Premier Networking Training Centre

Making Initial Naming Decisions



Registering the DNS Root Name Designing with an Existing DNS Implementation Determining Strategies Internal and External Naming

Meeting Requirements of the DNS Design Assuring Client Name Resolution

ADVANTAGE PRO Chennais Premier Networking Training Centre

Using a Delegated Sub domain Name for the Internal Network



Create a New DNS Zone in New Domain Configure Authoritative DNS Server in Existing DNS Domain to Delegate to New Domain Create Active Directory Forest Root in New Domain Zone 2 Zone 1

contoso.msft

Firewall

ad.contoso.msft

ADVANTAGE PRO Chennais Premier Networking Training Centre

Designing a DNS Solution to Integrate with BIND

To Integrate BIND and Microsoft DNS You Can


Use Existing DNS Strategy as the Root of Active Directory Create a Subdomain of the Existing DNS Strategy as the Root of Active Directory Keep the Existing BIND DNS Strategy, and Register Another Domain Name for the Root of Active Directory

ADVANTAGE PRO Chennais Premier Networking Training Centre

Design Guidelines

Naming Strategies Include:



Delegated Subdomain for the Internal Network Single DNS Name for Public and Private Networks Different DNS Name for Public and Private Networks

ADVANTAGE PRO Chennais Premier Networking Training Centre

ALL THE BEST

ADVANTAGE PRO Chennais Premier Networking Training Centre