Using the Active Directory Blueprint

Like the Enterprise Network Architecture Blueprint presented in Chapter 1 (refer back to Figure 1-5), the Active Directory Design Blueprint emerges from the structure of the Microsoft Certification Exam number 70-219, "Designing a Microsoft Windows 2000 Directory Services Infrastructure." It also includes the same prerequisites: business and technical requirements analyses. The advantage of using the same blueprint structure for both operations is that you should already have most of this information in hand. If not, now's the time to complete it. Without this information, you can go no further. You simply cannot achieve a sound Active Directory design without fully understanding your organization, its purpose, its objectives, its market, its growth potential, its upcoming challenges, and without involving the right stakeholders.

Your Active Directory design must be flexible and adaptive. It must be ready to respond to organizational situations that you haven't even anticipated yet. Remember, Active Directory creates a "virtual space" where you will perform and manage networked operations. Being virtual, it is always adaptable at a later date, but if adaptability is what you're looking for, you need to take it into account at the very beginning of the design.

Once you have the information you need, you can proceed to the actual design. This will focus on three phases: partitioning, service positioning, and the implementation plan.

io neip simplify the AD Design Process for you, sample working tools are available at http:// The first is a glossary of Active Directory terms. You can use it along with Figure 3-1 to ensure that everyone has a common understanding of each feature. There is also an AD Design Blueprint Support Checklist that follows the steps outlined in Figure 3-3. It is a working process control form that lets you follow the AD Design Process stage by stage and check off completed tasks. In addition, there is an OU documentation table that will support your OU creation process. These tools will help you design the AD that best suits your organization's requirements.

Partitioning is the art of determining the number of Active Directory databases you want to manage and segregating objects within each one. This means you will need to determine the number of forests your organization will create, remembering that each is a separate database that will require maintenance and management resources. Within each forest, you will need to identify the number of trees, the number of domains in each tree, and the organizational unit structure in each domain. Overall, you'll need to identify if your Active Directory database will share its information with other, non-AD databases. This will be done either through integration of the two database structures (if the other database is compatible to the Active Directory format) or information exchange. In this case, you will need to identify the information exchange strategy.

To control data replication, you will identify and structure sites, design replication rules, and identify replication methodology. This is Site Topology Design. Microsoft provides an excellent tool to support you in this process, the Active Directory Sizer. It is found at windows2000/downloads/tools/sizer/.

Since you intend to fully exploit the AD database (after all, why go through all this trouble if you're not going to use it?), you'll have to put in place a Schema Modification Strategy. Since every schema modification is replicated to every domain controller in the forest, you'll want to ensure you maintain a tight control over these. You might even decide to separate application from network-based schema modifications. Of course, all schema modifications will go through lab testing before making it to the production network.

Site Topology Design is closely related to Service Positioning. Each Active Directory domain controller performs important operations that support the proper functioning of the database. In fact, the object of Site Topology Design is to determine how each of these database containers will be linked to the others. Since AD is a distributed database, domain controllers should be positioned as close as possible to the user. These points of service should be convenient without becoming overabundant.

Operation Masters are special domain controllers that manage global forest or global domain operations. Global Catalog (GC) servers are domain controllers that maintain copies of information that is published throughout the forest. But since WS03 domain controllers can cache frequently requested

Was this article helpful?

0 0


  • Jennifer
    What is blue print of active directory?
    9 months ago

Post a comment