This lab prepares you to develop an Active Directory design to meet security requirements by meeting the following objectives:
This lab will help you test your ability to design an Active Directory for an organization named Contoso Ltd. The lab is based on the material learned in this chapter.
Make sure that you've completed reading the chapter material before starting the lab. Pay close attention to the sections where the design decisions were applied throughout the chapter for information on building your administrative structure.
Contoso Ltd. is an international magazine sales company with major offices in Great Britain, the United States, and Peru. The corporate office is located in London, with the North American central office in Seattle and the South American office in Lima.
Contoso is migrating to a Windows 2000 network and you're acting as a consultant assisting them with their Windows 2000 network design. Contoso currently has no organization-wide network and wants to establish one that will increase security and lower total cost of ownership.
The Contoso network is laid out as shown in Figure 2.17.
Figure 2.17 The Contoso Wide Area Network
The WAN link between London and Seattle is a dedicated T1 link, and the link between London and Lima is a 56 K link. The link between London and Lima is currently 90 percent utilized. There is concern about minimizing the replication traffic between Lima and London without increasing the bandwidth of the network link.
There are currently 20,000 users at the London office, 5000 users at the Seattle office, and 500 users at the Lima office.
In order to save costs associated with DCs, Contoso would like to create a Windows 2000 network that minimizes the number of required forests and domains. In addition, the network design must meet the following business requirements:
You use Group Policy to deploy consistent security configuration to all Windows 2000 desktop computers. The following categories of computer have been defined for the organization:
Each category has its own unique security template that will be deployed using Group Policy in Active Directory.
Contoso wishes to delegate some of the administrative functions within a domain to various teams within its organization. This includes the following delegation requirements:
This lab exercise will have you determine the number of forests that Contoso needs for their Windows 2000 network. You must base your decision on technical reasons for creating a separate forest. The answers to these questions can be found in the appendix.
Answers
This lab exercise will have you determine the number of domains required for the Contoso Windows 2000 network based on the provided business requirements. The answers to these questions can be found in the appendix.
Answers
This exercise will have you design an OU structure for delegation of administration. Your design must be based on the information presented in the scenario at the beginning of the lab. The answers to these questions can be found in the appendix.
Domain/OU | Administrators | Permissions |
---|---|---|
|
The following exercise requires you to design an OU structure that will ensure that the security templates described at the beginning of the lab are deployed to the correct computers in the London domain. For this exercise, assume that you can move Windows 2000 computer accounts from their default location in Active Directory if this will facilitate your OU structure design. The answers to these questions can be found in the appendix.
OU | Apply the Security Template |
---|---|
Desktops | |
Portables | |
File Servers | |
Domain Controllers | |
Web Servers |
Answers