Contents Overview 1 Role of Active Directory in an Enterprise 2 Conducting an Organizational Analysis 3 Architectural Elements of Active Directory 7 Review 15 Module 1: Introduction to Designing a Directory Services Infrastructure Information in this document is subject to change without notice. The names of companies, products, people, characters, and/or data mentioned herein are fictitious and are in no way intended to represent any real individual, company, product, or event, unless otherwise noted. Complying with all applicable copyright laws is the responsibility of the user. No part of this document may be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without the express written permission of Microsoft Corporation. If, however, your only means of access is electronic, permission to print one copy is hereby granted. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.  2000 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows NT, Active Directory, BackOffice, PowerPoint, Visual Basic, and Visual Studio are either registered trademarks or trademarks of Microsoft Corporation in the U.S.A. and/or other countries. The names of companies, products, people, characters, and/or data mentioned herein are fictitious and are in no way intended to represent any real individual, company, product, or event, unless otherwise noted. Other product and company names mentioned herein may be the trademarks of their respective owners. Project Lead: Andy Sweet (S&T OnSite) Instructional Designers: Andy Sweet (S&T OnSite), Ravi Acharya (NIIT), Sid Benavente, Richard Rose, Kathleen Norton Instructional Design Consultants: Paul Howard, Susan Greenberg Program Managers: Lorrin Smith-Bates (Volt), Megan Camp (Independent Contractor) Technical Contributors: Angie Fultz, Lyle Curry, Brian Komar (3947018 Manitoba, Inc.), Jim Clark (Infotec Commercial Systems), Bill Wade (Excell Data Corporation), David Stern, Steve Tate, Greg Bulette (Independent Contractor), Kathleen Cole (S&T OnSite) Graphic Artist: Kirsten Larson (S&T OnSite) Editing Manager: Lynette Skinner Editor: Jeffrey Gilbert (Wasser) Copy Editor: Patti Neff (S&T Consulting) Online Program Manager: Debbi Conger Online Publications Manager: Arlo Emerson (Aditi) Online Support: Eric Brandt (S&T Consulting) Multimedia Development: Kelly Renner (Entex) Testing Leads: Sid Benavente, Keith Cotton Testing Developer: Greg Stemp (S&T OnSite) Courseware Testing: Testing Testing 123 Production Support: Ed Casper (S&T Consulting) Manufacturing Manager: Rick Terek (S&T OnSite) Manufacturing Support: Laura King (S&T OnSite) Lead Product Manager, Development Services: Bo Galford Lead Product Managers: Dean Murray, Ken Rosen Group Product Manager: Robert Stewart Module 1: Introduction to Designing a Directory Services Infrastructure iii Instructor Notes This module provides students with the basic context and terminology for the course. It starts by discussing how Microsoft ® Windows ® 2000 Active Directory ™ directory service works in an enterprise network. A framework is presented for identifying the business needs that guide the design of the Active Directory infrastructure. Finally, an overview of the architectural components of Active Directory is provided. At the end of this module, students will be able to: ! Describe Active Directory in Windows 2000. ! Explain the importance of determining business needs prior to designing an Active Directory infrastructure. ! Describe the architectural elements used in the design of the Active Directory infrastructure. Materials and Preparation This section provides you with the required materials and preparation tasks that are needed to teach this module. Required Materials To teach this module, you need the Microsoft PowerPoint ® file 1561B_01.ppt. Preparation Tasks To prepare for this module, you should: • Read all of the materials for this module. Presentation: 30 Minutes Lab: 00 Minutes iv Module 1: Introduction to Designing a Directory Services Infrastructure Module Strategy Use the following strategy to present this module: ! Role of Active Directory in an Enterprise Explain that Active Directory is a directory service. Define the features of a typical directory service. Then, describe the added functionality that Active Directory provides. ! Conducting an Organizational Analysis Explain that prior to creating the design of the Active Directory infrastructure, an architect must have a thorough understanding of the organization and its needs. Emphasize that the business needs rather than the technology of the organization must guide the design. ! Architectural Elements of Active Directory Describe the different elements of Active Directory and how each element functions within Active Directory. Emphasize that a module will be devoted to each element. Customization Information This section identifies the lab setup requirements for a module and the configuration changes that occur on student computers during the labs. This information is provided to assist you in replicating or customizing Microsoft Official Curriculum (MOC) courseware. There are no labs in this module, and as a result, there are no lab setup requirements or configuration changes that affect replication or customization. Module 1: Introduction to Designing a Directory Services Infrastructure 1 Overview ! Role of Active Directory in an Enterprise ! Conducting an Organizational Analysis ! Architectural Elements of Active Directory This module provides the basic context and terminology for the course. It starts by describing how Microsoft ® Windows ® 2000 Active Directory ™ directory service works in an enterprise network environment. Prior to designing the Active Directory structure, the architect must first identify the administrative and business goals of an organization. General guidelines for identifying business needs are provided, and a framework for making good design choices is discussed. Finally, an overview of the architectural elements of Active Directory is presented. At the end of this module, you will be able to: ! Describe Active Directory in Windows 2000. ! Explain the importance of determining business needs prior to designing an Active Directory infrastructure. ! Describe the architectural elements used in the design of the Active Directory infrastructure. Slide Objective To provide an overview of the module topics and objectives. Lead-in In this module, you will understand the function and components of Active Directory. 2 Module 1: Introduction to Designing a Directory Services Infrastructure Role of Active Directory in an Enterprise ! Domains and OUs Form Hierarchical Structures ! Multiple Domains Can Form # Trees # Forests DomainDomain Domain Tree Tree Forest Objects OU OU OU OU OU OU Domain Domain Domain Domain Domain Domain Active Directory in Windows 2000 is a network directory service. Administrators use Active Directory to define, arrange, and manage objects, such as user data, printers, and servers, so that they are available to users and applications throughout the organization. Objects in Active Directory are logically organized into a hierarchical structure. The objects that create the overall structural hierarchy in Active Directory are: ! Domains. This is the core unit of Active Directory. A domain is a container of objects that share security requirements, replication processes, and administration. Active Directory uses a multi-master replication model in which all domain controllers are equal. ! Organizational units (OUs). An OU is a container object that is used to organize objects within a domain into logical administrative groups. Within a domain, OUs form a hierarchical structure based on the organization’s administrative model. Multiple domains within a single Active Directory can create additional structure in the form of: ! Trees. A tree is a hierarchical arrangement of one or more domains with a single root name. Domains within a tree share a common root domain name and share information through automatic trust relationships. ! Forests. A forest is a collection of one or more trees. Multiple trees within a forest do not share a common root domain name, but share information through automatic trust relationships. Multiple forests can share information only through explicit trusts. Slide Objective To describe the logical structure of Active Directory. Lead-in Active Directory has a hierarchical structure that you create with domains and organizational units. Module 1: Introduction to Designing a Directory Services Infrastructure 3 $ $$ $ Conducting an Organizational Analysis ! Identifying Organizational Needs ! Making Design Choices ! Planning Guidelines Enterprise architects must design the Active Directory directory service to meet the business needs of the customer. The first step in meeting this goal is performing an organizational analysis to determine the business as well as the information technology (IT) needs of the customer. Slide Objective To identify steps for obtaining information about an organization. Lead-in Before designing the Active Directory structure, you must identify the organization’s administrative needs that will influence the design of the Active Directory structure. 4 Module 1: Introduction to Designing a Directory Services Infrastructure Identifying Organizational Needs ! Determine the Goals of the Organization ! Analyze the Administrative Model ! Anticipate Growth and Reorganization ! Document the Gathered Information Identifying organizational needs consists of the following steps: ! Determine Goals of the Organization. As an architect, you must identify and then prioritize the business needs of an organization. Once you have identified the goals, you must translate them into a design for the Active Directory structure that meets those goals. In the design, you must ensure that Active Directory meets the business needs of the organization, instead of basing the goals of the organization on the Active Directory structure. ! Analyze the Administrative Model. The Active Directory directory service is designed to support the storage and easy retrieval of information. The design must support the administrative model. The administrators of an organization support the enterprise. Therefore, you need to design Active Directory to support administrator needs. These needs may be different from the business practices of the organization. Identify and analyze the current administrative model, and determine if any improvements can be made. ! Anticipate Growth and Reorganization. An Active Directory structure has an anticipated life span of three to five years. When designing the Active Directory structure, you must anticipate future growth and reorganization, and then design Active Directory so it can easily accommodate growth. ! Document the Gathered Information. After your initial organizational analysis, document your findings. Documentation will guide you through the design process and clarify any conflicts that may occur as you design Active Directory. Slide Objective To identify the steps for identifying organizational needs. Lead-in Identifying the needs of a business or organization begins by determining the goals of the organization. Module 1: Introduction to Designing a Directory Services Infrastructure 5 Making Design Choices ! Decision Points ! Implications ! Risks and Costs ! Tradeoffs When making design choices, identify the following factors that will influence design: ! Decision Points. You should filter information you received from your organizational analysis. Organizations can often provide too little or too much information about their business needs. Careful examination of your information will help you incorporate only the most pertinent information into the design of the Active Directory structure. ! Implications. Be aware of the implications of making a particular design decision, and possible alternatives to the decision. There are often several ways to achieve an intended outcome in the design of the Active Directory structure. Knowing the implications of each possible option will help guide your design choices. ! Risks and Costs. Identifying risks before beginning the design process gives you an opportunity to mitigate or decrease possible problems. For example, if there are limited resources for testing, then implementation of a design can be scheduled for off-peak hours to mitigate any unforeseen results of the implementation. ! Tradeoffs. Every organization will have individuals or departments with different goals for the project. Not all goals may be achievable due to schedule and resource constraints. By prioritizing goals and identifying positive and negative characteristics of each goal, you can make effective tradeoff decisions. Slide Objective To describe design choices that must be identified when designing Active Directory. Lead-in You must evaluate the information you receive from your organizational analysis, as some information may not be pertinent to the design of the Active Directory structure. 6 Module 1: Introduction to Designing a Directory Services Infrastructure Planning Guidelines ! Remember Business Needs ! Maintain a Clear Vision ! Make Solid Tradeoff Decisions ! Create a Simple Design ! Test the Design When designing an Active Directory structure, ensure that the business needs, rather than the technology, determine the design. Only allow technology to influence your design if the technology can provide a more efficient means of doing business. As your design progresses, maintain a clear vision of your overall structure. Carefully consider tradeoff decisions when faced with design options. The best strategy is to create the simplest design possible. Finally, ensure that the design is adequately tested before releasing the design to the team responsible for implementing Active Directory. Slide Objective To describe best practices for planning Active Directory. Lead-in Ensure that the design of the Active Directory structure meets the business needs of the organization. [...]... understand the capabilities of each component and the design elements within Active Directory that each component influences 7 8 Module 1: Introduction to Designing a Directory Services Infrastructure Designing a Naming Strategy Slide Objective To introduce the naming standard used by Active Directory Lead-in Active Directory uses the DNS naming convention to name domains ! Active Directory Uses DNS as Naming... root domain Module 1: Introduction to Designing a Directory Services Infrastructure Designing for Delegation of Administrative Authority Slide Objective To describe how administrative authority may be delegated in Active Directory Lead-in You can create an Active Directory structure for delegating administrative authority ! Relieves Burden of Centralized Management ! Separates Administrative Authority... nwtraders.msft Domain asia.nwtraders.msft Mfg Mfg HR HR na.nwtraders.msft recruiting recruiting training research training research Delegating administrative authority in Active Directory allows network administrators to grant administrative control of objects in Active Directory to trusted users Delegating authority reduces the workload of a centralized administrator, and also separates the delegated... can access information in Active Directory and the level of permissions that they can have This precise specification allows network administrators to delegate specific authority over portions of Active Directory to groups of users, without making its information vulnerable to unauthorized access 9 10 Module 1: Introduction to Designing a Directory Services Infrastructure Designing Schema Modifications... carefully designing the Active Directory infrastructure, you can apply GPOs to intended users and computers in upperlevel domains or OUs so that the GPOs will be inherited to lower-level domains and OUs 12 Module 1: Introduction to Designing a Directory Services Infrastructure Designing an Active Directory Domain Slide Objective To describe the structure of an Active Directory domain Lead-in A domain... Conducting an Organizational Analysis ! Architectural Elements of Active Directory 1 How are the logical structure elements of Active Directory organized and what relationships do they form in Active Directory? Elements are organized into OUs within a domain Domains link together to form trees Trees join together to create a forest 2 What among an organization’s needs should have the greatest influence... Objective To describe the function and scope of the Active Directory schema ! Schema Defines Objects and Attributes in Active Directory ! Changing the Schema Can Affect the Entire Network ! Create a Schema Modification Policy to Manage Changes Lead-in The Active Directory schema is the underlying foundation of Active Directory, and contains definitions for all objects and classes within Active Directory. .. Changing the schema has implications that can affect the entire network Schema modifications are rare, but an organization may have business needs that can only be met by schema modification You will need to create a schema modification policy to manage the modification process Module 1: Introduction to Designing a Directory Services Infrastructure 11 Designing for Group Policy Slide Objective To describe... Presence a Determining Factor in Selecting Domain Names Domain Name System Domain Name System (DNS) (DNS) nwtraders.msft nwtraders.msft Active Directory follows the Domain Name System (DNS) standard as a basis for naming domains Active Directory also uses DNS as the domain locator service You can use DNS for name resolution of the organization’s internal resources, such as its intranet, and external resources,.. .Module 1: Introduction to Designing a Directory Services Infrastructure $ Architectural Elements of Active Directory Slide Objective To identify the elements of Active Directory and strategies for designing these elements Lead-in There are several architectural elements of the Active Directory structure that need to be included in the design ! Designing a Naming Strategy ! Designing for Delegation . Active Directory. 12 Module 1: Introduction to Designing a Directory Services Infrastructure Designing an Active Directory Domain ! Create OUs to. Active Directory domain. Lead-in A domain is the basic administrative object within Active Directory. Module 1: Introduction to Designing a Directory Services