Contents Overview 1 Conducting an Organizational Analysis 2 Designing an Active Directory Structure 11 Creating a Functional Specification 20 Lab A: Designing an Active Directory Infrastructure 21 Review 31 Module 9: Designing an Active Directory Infrastructure Information in this document is subject to change without notice. The names of companies, products, people, characters, and/or data mentioned herein are fictitious and are in no way intended to represent any real individual, company, product, or event, unless otherwise noted. Complying with all applicable copyright laws is the responsibility of the user. No part of this document may be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without the express written permission of Microsoft Corporation. If, however, your only means of access is electronic, permission to print one copy is hereby granted. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.  2000 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows NT, Active Directory, BackOffice, PowerPoint, Visual Basic, and Visual Studio are either registered trademarks or trademarks of Microsoft Corporation in the U.S.A. and/or other countries. The names of companies, products, people, characters, and/or data mentioned herein are fictitious and are in no way intended to represent any real individual, company, product, or event, unless otherwise noted. Other product and company names mentioned herein may be the trademarks of their respective owners. Project Lead: Andy Sweet (S&T OnSite) Instructional Designers: Andy Sweet (S&T OnSite), Ravi Acharya (NIIT), Sid Benavente, Richard Rose, Kathleen Norton Instructional Design Consultants: Paul Howard, Susan Greenberg Program Managers: Lorrin Smith-Bates (Volt), Megan Camp (Independent Contractor) Technical Contributors: Angie Fultz, Lyle Curry, Brian Komar (3947018 Manitoba, Inc.), Jim Clark (Infotec Commercial Systems), Bill Wade (Excell Data Corporation), David Stern, Steve Tate, Greg Bulette (Independent Contractor), Kathleen Cole (S&T OnSite) Graphic Artist: Kirsten Larson (S&T OnSite) Editing Manager: Lynette Skinner Editor: Jeffrey Gilbert (Wasser) Copy Editor: Patti Neff (S&T Consulting) Online Program Manager: Debbi Conger Online Publications Manager: Arlo Emerson (Aditi) Online Support: Eric Brandt (S&T Consulting) Multimedia Development: Kelly Renner (Entex) Testing Leads: Sid Benavente, Keith Cotton Testing Developer: Greg Stemp (S&T OnSite) Compact Disc and Lab Testing: Testing Testing 123 Production Support: Ed Casper (S&T Consulting) Manufacturing Manager: Rick Terek (S&T OnSite) Manufacturing Support: Laura King (S&T OnSite) Lead Product Manager, Development Services: Bo Galford Lead Product Managers: Dean Murray, Ken Rosen Group Product Manager: Robert Stewart Module 9: Designing an Active Directory Infrastructure i Instructor Notes This module summarizes the topics covered in the previous modules and presents a framework for creating an Active Directory ™ infrastructure. The module offers strategies for forming a design team and analyzing the business and administrative model of an organization. The module also presents guidelines for making design choices that satisfy the business requirements of an organization. The elements of designing an Active Directory structure are reviewed. The module finishes with a discussion of completion of the design process through documentation, examination of design costs and benefits, risk analysis, and validation through testing. At the end of this module, students will be able to: ! Conduct an analysis of an organization to determine business and administrative needs that impact the design of an Active Directory structure. ! Create an Active Directory design that satisfies the business and administrative needs of an organization. ! Complete the design process through documentation, examination of design trade-offs, risk analysis, and validation through testing. Lab A, Designing an Active Directory Infrastructure, is a scenario-based planning lab, during which the students will design an entire Active Directory structure based on the business needs of a large organization. Following the design team guidelines presented in the module, the students will form a design team. Each member of the team will be provided with the business requirements they should communicate to the team, and will continue in that role for the duration of the lab. The group will complete a vision/scope document, a risk analysis document, and a functional specification. The group will then complete the design of an Active Directory structure that includes administrative requirements, Group Policy requirements, a schema modification policy, a domain and organizational unit (OU) structure, and a site topology. Materials and Preparation This section provides you with the required materials and preparation tasks that are needed to teach this module. Required Materials To teach this module, you need the following materials: ! Microsoft ® PowerPoint ® file 1561b_09.ppt ! Visio 2000 Presentation: 30 Minutes Lab: 90 Minutes ii Module 9: Designing an Active Directory Infrastructure Preparation Tasks To prepare for this module, you should: ! Read all of the materials for this module. ! Complete the lab. ! Read the following technical white paper located on the Trainer Materials compact disc: • Enterprise Architecture Essentials: Achieving Business Value with IT Instructor Setup for a Lab This section provides setup instructions that are required to prepare the instructor computer or classroom configuration for a lab. Lab A: Designing an Active Directory Infrastructure Ensure that Visio 2000 Enterprise Edition is installed on the instructor computer and all student computers, and that the Active Directory template is operational. Ensure that the \\London\Solutions\Lab9 and \\London\Labs directories are shared and accessible from the student computers. In this planning lab students are given a scenario and criteria. The instructor assigns roles to be played by each of the students. Divide the class into groups of three to six students and assign roles to each student as follows: Group Size Student 1 Student 2 Student 3 Student 4 Student 5 Student 6 6 Program Manager Product Manager Develop- ment Logistics User Education Testing 5 Program Manager Product Manager Develop- ment Logistics User Education and Testing 4 Program Manager and Logistics Product Manager Develop- ment User Education and Testing 3 Program Manager and Logistics Develop- ment Product Manager, User Education and Testing If there are only two students in class, the instructor should take the role(s) of one of the students and join in the group with the students taking the other roles. These roles are stored on the student and instructor compact discs as Microsoft Word documents. They are also installed to the \\london\labs\lab9 share on the instructor computer during classroom setup. You can print the roles and distribute them at the time of the lab, or you can instruct the students to access the files on the \\london\labs\lab9 share. Encourage the students to look only at their own assigned role(s). Module 9: Designing an Active Directory Infrastructure iii All of the scenario and criteria information needed to complete the lab is written in the role documents. It is the job of the students to share the information that they have with their group. The students will work together in their groups to define the vision/scope of the project, assess the risks of the project, and create the specifications and design of the Active Directory structure that will meet the needs of the organization described in the scenario. When students are finished with the lab, discuss the scope and risks sections as a group. Then have one of the groups present their solution. Show the solution on the instructor computer. Show the finished drawing stored in the \\London\solutions directory as Lab9.vsd. Module Strategy Use the following strategy to present this module: ! Conducting an Organizational Analysis Explain the importance of performing a careful analysis of an organization prior to designing an Active Directory structure. Explain the various roles that comprise a successful project team, and tell students that they will be assuming these roles in the lab. Define vision, scope, and risk, and relate how these concepts will help in guiding the preliminary design process. ! Designing an Active Directory Structure Review the architectural elements of an Active Directory structure, including delegation, Group Policy, domain structures, schema, site topology and naming strategies. ! Creating a Functional Specification Explain the features of a functional specification, and emphasize the importance of a written plan for the project. Customization Information This section identifies the lab setup requirements for a module and the configuration changes that occur on student computers during the labs. This information is provided to assist you in replicating or customizing Microsoft Official Curriculum (MOC) courseware. The lab in this module requires students to use Visio 2000 to document their designs. Visio 2000 is demonstrated in course 1561B, module 3, Designing Active Directory to Delegate Administrative Authority. If Visio has not been previously demonstrated to students, refer to module 3 for instructions on demonstrating Visio 2000. Module 9: Designing an Active Directory Infrastructure 1 Overview ! Conducting an Organizational Analysis ! Designing an Active Directory Structure ! Creating a Functional Specification Designing a Microsoft ® Windows ® 2000 Active Directory ™ directory service infrastructure involves planning the logical and physical aspects of the environment. You will start by gathering information about the current structure within the organization. Your design should incorporate the architectural elements of Active Directory to best address the business and administrative needs of the organization. Then, you will complete the design and ensure that it is inclusive and flexible enough to support your organization’s needs. Slide Objective To provide an overview of the module topics and objectives. Lead-in In this module, you will learn about designing a comprehensive Active Directory structure based on the needs of an organization. 2 Module 9: Designing an Active Directory Infrastructure # ## # Conducting an Organizational Analysis ! Assembling the Central Planning Team ! Identifying the Vision and Scope of the Project ! Performing Risk Management ! Documenting the Current Physical Network ! Analyzing Current Business Practices ! Projecting Growth and Reorganization To create an Active Directory directory service for an enterprise, you should first assemble a central planning team. The central planning team will gather data about the organization’s structure and business locations. This data will provide key information about how the organization manages people, information, and resources. At the same time, the central planning team must also examine the enterprise’s business practices to determine how best to meet the business needs of an organization. Slide Objective To introduce the information gathering phase of an Active Directory design. Lead-in Before you design Active Directory, you need to gather information about the company’s organizational and technological structure. Module 9: Designing an Active Directory Infrastructure 3 Assembling the Central Planning Team ! The Central Planning Team Will $ Obtain approval from upper management $ Identify and consult with all systems and operations administrators $ Gather information about current network Program Management Program Management Development Development Testing Testing Logistics Management Logistics Management User Education User Education Product Management Product Management Communication The central planning team is responsible for gathering necessary information about an enterprise, and organizing the information so it can guide the Active Directory design from conception to implementation. The planning team should work closely with all aspects of the organization to ensure that the organization’s needs are being met effectively and efficiently. The planning team members must also communicate openly with each other to ensure that all aspects of the organization’s needs are being addressed in the design of Active Directory. The central planning team is responsible for the following activities: ! Obtaining approval from upper management and the authority to represent the needs of the entire organization. ! Identifying all systems and operations administrators for the entire organization so that you can gather information from the people who will be using the final network. Administrators can provide details about the network that may be missed in a high-level overview of the network. ! Gathering information about the organization’s current internal administrative structures, locations, resources, users, and security policies. Slide Objective To describe the purpose of a central planning team. Lead-in The central planning team will develop the plan to implement Active Directory in your organization. Delivery Tip Ask a volunteer to describe, by role, the members of their own organization that would be best fit to serve on the central planning team. 4 Module 9: Designing an Active Directory Infrastructure Team Roles There are six general roles on a complete planning team. These roles may be performed by one or more persons, depending on the size of the organization, and include: ! Program Manager. The program manager provides technical support for the project and secures resources the team needs to complete the project. ! Product Manager. Product Management articulates a vision for the design. The product manager identifies requirements of the organization, develops and maintains the business reasons for initiating the project, and manages expectations of the organization. Product Management owns the vision statement. ! Development Manager. Development builds or implements the design. The development manager is typically an experienced implementation architect or developer who is able to understand and appreciate the key issues in all technical areas of the project. An important aspect of this role is active participation in creating the functional specification. ! Testing. Testing ensures all issues are known before the release of the design. Testing prepares the test plan, test specifications, and test cases. ! User Education. User Education strives to make the final design as beneficial and easy to use as possible. User Education develops training systems, and is also responsible for reducing support costs by making the product easier to understand and use. User Education participates in the design as a user advocate. ! Logistics Management. The Logistics team ensures a smooth distribution, installation and migration of the product to the operations and support groups. The logistics manager works with the development manager to ensure that the necessary data is packaged to facilitate installation and administration. Scaling the Team Depending on the project size, each role may be assigned to a single individual or to a team of people with a team lead. Alternatively, one person may take responsibility for more than one role. Because some roles can be combined, use the following table to determine how roles may be combined, with P for possible, U for unlikely, and N for no. Title PRM PM DEV TES UE LM Product Manager (PRM) N N P P U Program Manager (PM) N N U U P Development (DEV) N N N N N Testing (TES) P U N P P User Education (UE) P U N P U Logistics (LM) U P N P U For more information about team roles, see course 1515, Principles of Enterprise Architecture, at www.microsoft.com/msf. Note [...]... schema policy to govern any proposed changes to the Active Directory schema You will need to plan the physical aspect of Active Directory and design an efficient site topology for your network Finally, the name you choose for the Active Directory structure should accommodate the organization’s current and future Internet plans 12 Module 9: Designing an Active Directory Infrastructure Designing for Delegation... cause changes in network communications? Module 9: Designing an Active Directory Infrastructure 11 # Designing an Active Directory Structure Slide Objective To describe the components of an Active Directory structure ! Designing for Delegation of Administrative Authority Lead-in ! Designing for Group Policy ! Designing a Domain Structure ! Designing a Schema Policy ! Designing Site Topology ! Designing. .. www.microsoft.com/msf Module 9: Designing an Active Directory Infrastructure 21 Lab A: Designing an Active Directory Infrastructure Slide Objective To introduce the lab Lead-in In this lab, you will work as a team to design an Active Directory structure Explain the lab objectives Objectives After completing this lab, you will be able to: ! Conduct an analysis of an organization to determine business and administrative... model and enterprise network change, they impact Active Directory design, domain and organizational unit (OU) structure, schema, and site topology A well planned design should accommodate changes that might occur within a three to five year time span To identify growth and reorganization factors that may influence your Active Directory plan, you should consider: ! The growth projections for the organization... your Active Directory structure must allow for growth and reorganization without having to restructure Active Directory Reorganization Potential ! Lead-in Growth Potential New Technology Demands Changes that affect a company’s administrative model and enterprise network include growth, reorganization, downsizing, mergers, acquisitions, competitive markets, and new technology demands When an organization’s... for designing Group Policy ! Designing Active Directory for Inheritance Lead-in ! Creating OUs for Group Policy ! Designing Group Policy Objects Inheritance is a simple way to take advantage of GPOs in Active Directory When you design for Group Policy, you design the Group Policy objects (GPOs) themselves, including their placement, function, and administration Also, you design the Active Directory infrastructure. .. Enterprise Architecture, at www.microsoft.com/msf Module 9: Designing an Active Directory Infrastructure Performing Risk Management Slide Objective To describe the purpose of risk management and the contents of a risk management document ! Proactive Risk Management $ $ Lead-in Assessing the risk of a project before you begin will help you avoid risk and also deal with risk effectively should it occur... this lab: 90 minutes Module 9: Designing an Active Directory Infrastructure 23 Exercise 1 Creating the Vision/Scope Document You will have 10 minutes to complete this exercise Assume your team role and work with your team members to create a vision/scope document for the project of designing an Active Directory infrastructure for Northwind Traders Use the following questions to organize the information... will be placed on the design of the Active Directory structure 24 Module 9: Designing an Active Directory Infrastructure Exercise 2 Creating the Risk Management Document You will have 20 minutes to complete this exercise Assume your team role and work with your team members to assess the risks involved in designing an Active Directory infrastructure for Northwind Traders 1 Use the following table to... business vision change 6 Module 9: Designing an Active Directory Infrastructure Vision/Scope Document The vision/scope document broadly describes the project to the organization The document clearly defines the business problem or opportunity, the solution, and the organization or group that benefits from the solution Once the vision/scope document is developed, the organization and the members of . on the needs of an organization. 2 Module 9: Designing an Active Directory Infrastructure # ## # Conducting an Organizational Analysis ! Assembling. volunteer’s projections. Module 9: Designing an Active Directory Infrastructure 11 # ## # Designing an Active Directory Structure ! Designing for Delegation