Developing a Model for Administration


After you've characterized the type of IT organization a business has in place, the next step is to develop a model for administration. The model for administration that is chosen determines the organization of the Active Directory structure. The type of model that is developed should be based on the structure of the IT organization (centralized versus decentralized). The four models for administration are as follows :

  • Geographical (location)

  • Organizational (business unit or department)

  • Functional (role)

  • Hybrids (combinations of the preceding types)

graphics/caution_icon.gif

The administrational model chosen directly affects the Active Directory design, specifically the creation of top-level domains or OUs.


Geographical (Location)

If you choose to implement a model for administration that is based on geographical location, the Active Directory structure will be organized around the different locations in the business. This type of model is well suited for a business that maintains a central IT organization while decentralizing management by assigning the responsibility of performing day-to-day administrative tasks to the various IT groups within the business units (see Figure 5.3).

Figure 5.3. The model for administration is based on the geographical locations within the business. Two domains are created ”one for Europe and one for the United States. OUs within each domain can be created for the specific offices.

graphics/05fig03.gif

For example, the XYZ Corporation maintains offices in Europe and the United States. Therefore, the design team could decide to create two domains ”one for each country ”and then create OUs within each domain for the specific offices.

graphics/tip_icon.gif

Before implementing this type of model, be sure there is an individual or group of individuals at the different locations capable of performing these day-to-day tasks.


One of the positive features of an administrative model based on location is that it is fairly immune to reorganization and expansion. Usually when a company changes its structure, it reorganizes departments but not the geographical locations of the business. Accommodating expansion can be as simple as having to create a new domain or OU for the new location.

Organizational (Business Unit or Department)

If a business has implemented a decentralized IT organizational model and allowed the different departments to maintain localized control, a model for administration that is organizational (based on business units or departments) might be the best option. The organization of the Active Directory structure would be based on the various business units or departments within the company.

Using the XYZ Corporation as an example, let's take a look at the structure of this model, shown in Figure 5.4. The XYZ Corporation has two distinct divisions: training and external IT consulting services. If the design team opted to use a model based on organization, two separate domains could be created ”one for each of the business units in the company.

Figure 5.4. With this type of model, the Active Directory structure is organized around the departments or business units. The XYZ Corporation consists of two divisions, training and external consulting, so two domains are created based on these divisions.

graphics/05fig04.gif

One of the advantages of this model is that it enables a business to maintain its departmental divisions. Each business unit is still capable of maintaining control over itself. However, in a model based on departments, if the departments are reorganized, a reorganization of the Active Directory structure might be necessary.

Functional (Role)

This type of model is based on the different job roles in a business, without considering the different geographical locations and departments. For some businesses that implement a decentralized IT organization and have job roles that span multiple divisions, a functional model can be more suitable to their administrative needs than an organizational model. The model based on organization might not work for the XYZ Corporation because it might have job roles (such as marketing) that span both of the divisions. In this case, implementing a model based on function might be more appropriate (see Figure 5.5).

Figure 5.5. A model for administration based on function would create domains or OUs based on the various roles in the business.

graphics/05fig05.gif

graphics/tip_icon.gif

This model is more manageable within a smaller business because users are more easily grouped into general functions. The larger the business, the more variance in job roles, and the harder it is to group users. However, large organizations with many mobile users might find this model very attractive.


Because this model is based on the different roles within the business, it is basically immune to reorganization. Reorganizations within a business most often affect departments, whereas job roles are not usually impacted.

So far we've covered three models for administration that a business could implement. The fourth model is basically a combination of the three models just discussed.

Hybrids

Sometimes, to design an Active Directory structure that meets the administrative needs of the IT organization, you might need to combine several models. These types of models are known as hybrids . Two of the common hybrid designs are geographical, then organizational and organizational, then geographical .

Geographical, Then Organizational

With this type of model, the upper layers in the Active Directory structure are based on location, whereas the lower layers are organized around business units. This type of model is well suited for a business spanning geographical locations. Because the lower levels of the structure are based on business units, it also enables a business to maintain departmental independence. If the XYZ Corporation were to implement this type of model, the upper layers of the Active Directory structure would be based on the different geographical locations within the business. Two domains could be created ”one for the United States and one for Europe (refer to Figure 5.3). The lower layers would be organized around the departments in the corporation. Within the locations, OUs could be created for the two departments: training and external IT consulting services (see Figure 5.6).

Figure 5.6. This hierarchy is based on location, then organization. The upper layers of the Active Directory structure are organized by geographical location ( us.xyz.corp ), and the lower levels are organized by department (training and consulting).

graphics/05fig06.gif

The geographical organization of the upper layers of the Active Directory structure makes it immune to company reorganizations. However, a re organization of the company can result in some restructuring of the lower layers because they are based on departments. Restructuring of OUs is simpler than the restructuring of domains.

Organizational, Then Geographical

The second type of hybrid model is the opposite of the one just discussed. The upper levels of the hierarchy are based on the business units or departments within the company, whereas the lower levels are based on the geographical locations. This model is ideal for businesses that need to maintain independence between the various departments for security purposes. Basing the lower levels on the physical structure (geography) also enables the business to distribute administration among the IT groups in the different locations.

Figure 5.7 shows the structure of this model as it might apply to the XYZ Corporation. The upper layers in the Active Directory structure would be based on the departments ”in this case, training and external IT consulting services. The lower layers would be based on the geographical locations within the corporation.

Figure 5.7. The upper layer in the Active Directory structure is based on department (training). The OUs in the training domain are based on the different geographical locations within the business.

graphics/05fig07.gif

graphics/tip_icon.gif

You might recall the discussion on models for administration based on departments and how they are affected by reorganization. This model is affected by any reorganization that occurs in the business and can result in an entire restructuring of the Active Directory.


graphics/tip_icon.gif

Designing the Active Directory structure around the locations instead of the departments makes good use of the physical connections between the locations. Using the model shown in Figure 5.7 would result in the possibility of domains spanning large geographical locations.


After the model for administration has been designed, the next step is to develop a strategy for delegation.



MCSE Active Directory Services Design. Exam Cram 2 (Exam Cram 70-219)
MCSE Windows 2000 Active Directory Services Design Exam Cram 2 (Exam Cram 70-219)
ISBN: 0789728648
EAN: 2147483647
Year: 2003
Pages: 148

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net