In this Chapter
Implementing Active Directory is a fairly straightforward task. Just install Windows 2003, tell the Configure Your Computer Wizard that you want to be a domain controller and v ²ila! You have Active Directory. Although technically this is true, if administrators were to do this, they'd quickly find themselves unhappy with the environment they created. There is no single best way to implement Active Directory. A properly designed Active Directory takes into account the business requirements, the technical requirements, and the political requirements of a company and designs a structure that will support the current environment and allow for flexibility of growth. A design should never be complex simply for the sake of being complex. A wise administrator realizes that there is beauty in simplicity and that unneeded complexity only adds more work down the road. This chapter examines some of the typical and atypical needs of companies and will show how Active Directory can be tailored to support those needs. The goal is to start simple and add complexity if and only if the situation requires it. Topics such as forest design, domain design, LDAP integration, site design, and domain controller placement will be discussed showing the pros and cons of various decisions to give administrators greater insight into planning their own Active Directory environments. The safest rule for Active Directory design is to first gather all the major players in the company and get them to agree to a list of goals for the implementation. After you have reached a consensus from everyone on the core goals they can serve as a focal point for decisions. When there is dissention among the ranks on a decision, you can always go back to the core goals for the project and see which decision supports those goals. |