Case Study 4


Digital Information Services

Digital Information Services is an international computer consultancy with offices throughout the world. Headquartered in New Orleans, Digital is divided regionally into North America, South America, Europe/Middle East, Africa, Asia, and South Pacific. Each region is given total autonomy and is run almost as a separate business. Digital employs about 120,000 people, with 5,000 in the smallest region (Africa) and 40,000 in the largest (North America).

Although each region enjoys autonomy, the branch offices are generally tightly controlled from the regional office, with little local authority.

Current LAN/Network Structure

Each region is running Windows NT servers of varying vintages. The Asia region, for example, is still running NT 3.51 on the majority of its servers, whereas Europe and Africa are entirely on NT 4.0 with the latest service packs applied.

Digital has six master accounts domains, one for each region. Each branch office within a region has a BDC from the appropriate accounts domain and houses a resource domain of its own.

Proposed LAN/Network Structure

Digital is in the process of upgrading to Windows 2000 throughout the organization. The root domain has already been created in the New Orleans home office.

Current WAN Connectivity

The regional offices are connected to headquarters by full 1.5Mbps T1 circuits, but the T1 circuits are not generally heavily used.

Branch offices are connected to the regional offices using a variety of methods , primarily ISDN or fractional T1.

Proposed WAN Connectivity

No changes are anticipated for the T1 connections between the regional offices and headquarters.

Digital wants Windows 2000 to reduce communications costs for the branch offices. By replacing ISDN and T1 circuits with DSL and using VPN technology, management believes it can cut telco expenses by 50%. By using IPSec or PPTP over the VPN connections, security can be improved because the sensitive company information will be safeguarded.

Directory Design Commentary

CEO : We might have decentralized our operations a bit too much. There is no central control over our computing environment at all, and it is costing us when we move personnel from one office to another.

General Manager, Asia region : We need better control over the branch offices. Support is difficult because each office is configured differently.

Help Desk Manager, South Pacific region : The telephones ring nonstop. We cover eight different time zones, and someone is always calling and asking us to set up a new user , change a password, or something. There has to be a better way.

Current Internet Positioning

Digital has a registered Internet name of digital-is.com . Its extensive Web site contains numerous white papers and success stories, along with special areas for each region. All Digital consultants have an email account, hosted on one of six Exchange servers, and there is an extensive intranet for consultants to use as well.

Future Internet Positioning

No changes in Internet strategy are forecasted.

Question 4.1

Would a single Active Directory domain be appropriate based on Digital's business model? [Select the best answer.]

  • a. Yes. Because Active Directory supports millions of objects in a single domain, there is no reason to use more than one domain.

  • b. No, the decentralized management style of Digital and the strong regional autonomy suggest multiple domains.

  • c. No, SYSVOL replication cannot take place over a 1.5Mbps T1 connection.

  • d. Yes, but only if OU depth does not exceed three levels.

Question 4.2

Digital's Asia region consists of a headquarters office in Hong Kong and branch offices in Tokyo, Beijing, Singapore, Seoul, and Bangkok. The Asian branches are tightly controlled by Hong Kong. The WAN links are currently 128Kbps ISDN circuits. Currently, each branch office is a Windows NT resource domain. How should the Asia region approach migration to Windows 2000?

  • a. Create an asia.digital-is.com domain as a child of the root digital-is.com domain. Turn the current branch office resource domains into OUs within the Asia domain.

  • b. Create an asia.digital-is.com domain as a child of the root digital-is.com domain. Turn the current branch office resource domains into child domains off the Asia domain (for example, tokyo.asia.digital-is.com ).

  • c. Create an asia.digital-is.com domain as a child of the root digital-is.com domain. Turn the current branch office resource domains into child domains off the root domain (for example, tokyo.digital-is.com ).

  • d. Create an asia.digital-is.com domain as a child of the root digital-is.com domain. Create a child branches.asia.digital-is.com domain and convert the current branch office resource domains into OUs within the branches.asia.digital-is.com domain.

  • e. Create an OU structure in the digital-is.com domain for the Asia region and branches. Convert all Asia domains to OUs within the root domain.

Question 4.3

The OU structure for the North America domain was designed for delegation of administration. A top-level OU has been created for each branch, and second-level OUs exist for the three major organizational departments: consulting, sales, and administration. However, this structure is not granular enough for managing the desktop and software distribution through Group Policy.

For example, managers in the administration area require certain applications and desktop features, but clerks should not have either.

Which technique can Digital employ to solve this problem?

  • a. Use filtering by security group to control the application of Group Policy.

  • b. Domains must be created for each branch to provide this level of granularity.

  • c. Change the OU structure to segregate users by title rather than department.

  • d. Place all the clerks in the Users container.

Question 4.4

The Panama City, Florida, branch office reports to the North America regional office. However, the WAN links travel from the Miami branch, through Bogota, Columbia, to Panama City, so site links have been created to mirror the physical network. What options does the network services staff have to ensure that domain controllers in the Panama City office are updated?

  • a. Place a domain controller for North America in the Bogota office. Replication cannot cross a site in which no domain controller exists for the domain.

  • b. Create a site link bridge for the Miami-Bogota-Panama City links.

  • c. Configure offline replication and email the adupdat.csv file to the branch. Use this file as input to the LDIF utility to update one of the Panama City domain controllers.

  • d. The network services staff does not need to do anything.

Question 4.5

Can trust relationships be established between the Windows NT 3.51 servers in Asia and Windows 2000 servers in other domains?

  • a. Yes

  • b. No

Question 4.6

A portion of the North America Active Directory structure is shown in Figure 10.5. Based on this diagram, arrange the list of AD objects in the order in which Group Policy will be applied.

Figure 10.5. The New York branch portion of the Digital North America domain.

graphics/10fig05.gif

AD objects:

New York branch OU

New York site

HR OU

North America domain

Admin OU

Question 4.7

Using Figure 10.5 again, the Director of Consulting Services has been given the ability to change passwords and update user information in the Consulting OU. Assuming default inheritance rules have not been modified, in which OUs can he change passwords?

  • a. Consulting

  • b. Consulting, Sales, and Admin

  • c. Consulting, Principals, and Staff

  • d. Consulting and NYC Branch

Question 4.8

Place the server roles shown in the second list under the appropriate sites from the first list. You can use a role more than once.

Sites:

New Orleans (world headquarters)

New York (branch)

Buenos Aires (regional headquarters)

Casablanca (branch)

Server roles:

Schema Master

DNS server

Domain controller

Global Catalog Server

RID Master

PDC Emulator

Domain Naming Master



MCSE Active Directory Services Design. Exam Cram 2 (Exam Cram 70-219)
MCSE Windows 2000 Active Directory Services Design Exam Cram 2 (Exam Cram 70-219)
ISBN: 0789728648
EAN: 2147483647
Year: 2003
Pages: 148

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net