Exam Essentials | MCSE: Windows Server 2003 Active Directory and Network Infrastructure Design Study Guide (70-297)

Know the current network design. If you do not understand the current network design, you will not have a foundation on which to base the new design. The current design will be the starting point for understanding where the LAN and WAN links are and where sites may need to be created.

Understand how authentication traffic is controlled within a site. When a user authenticates, the authentication traffic is sent to a domain controller within the same site as the computer to which the user is attempting to log on, or a domain controller in a site that has been identified as the preferred site.

Understand site links. Site links are created between sites to control the replication traffic between domain controllers in the sites. Site links have schedules as to when replication can occur, intervals during the schedule that specify how often replication can occur, sites that are connected through the site link, and costs that control which site links the replication traffic will use.

Understand site link bridging. Site link bridging allows replication traffic to pass across two or more site links in order to reach domain controllers in sites that are either not physically connected or that have no domain controllers for the domain in the sites within the site link path .

Identify the domain controller specifications. The number of users that are members of the domain will dictate how much drive space is required for the directory database on a domain controller. On average, every 1,000 users consume .4GB of drive space. Memory and processor speed are also factors in determining how many logon requests can be supported by the domain controller.

Understand domain controller placement options. Domain controllers should be placed close to the users who need to authenticate. Other factors may dictate where the domain controllers are placed. If there is enough bandwidth on the WAN link to support all of the users, a domain controller in another site could be used. If the WAN link is not reliable or is over consumed, or if there are too many users in the site, you will probably want to place a domain controller in the same site as the user accounts.

Understand Global Catalog placement options. Global Catalog servers are used when users authenticate and when users or applications query for Active Directory. If applications that use Global Catalog severs reside in the site, place a Global Catalog server there. If not many users are in the site and not many roaming users authenticate in the site, you could place the Global Catalog server on the other side of the WAN link. If there are several users, many roaming users, or the WAN link is not reliable or is over consumed, plan on placing a Global Catalog in the local site.

Understand master operations role placement options. The infrastructure master should not be placed on a Global Catalog server if more than one domain is within the forest. The PDC emulator should be placed in a site that has the most users and has high-speed reliable connections to the other sites. The schema master and domain naming master roles should be placed close to the users that will be responsible for administering them. The RID master should be placed on the same domain controller as the PDC emulator if your domain is in mixed mode. Otherwise the RID master should be located within the site where the most account creation goes on.

Know the options available when creating domain controllers. Domain controllers can be built using answer files to automate the promotion, or you can use the advanced mode, dcpromo /adv, to copy the directory database from backup media. The latter is preferred if the domain controller is being built in a remote site and you do not want to cause full replication across the WAN link.