Hanson Brothers is a hockey equipment manufacturing company with a head office in Warroad, Minnesota. Hanson Brothers uses Microsoft Windows 2000 as its network operating system and currently uses a centralized administration model for user accounts. With its upcoming expansion to Boise, Idaho, and Calgary, Alberta, the company plans to decentralize the administration of user accounts.
To assist in the decentralization of management tasks in the network, you've been hired to assist the Hanson Brothers' Information Technology (IT) staff in designing their Active Directory directory service to support the required delegation of administration. You must also ensure that administration of the network doesn't weaken network security.
All of Hanson Brothers' network operations are currently managed out of the head office in Warroad, but with the expansion to Boise and Calgary, the company plans to delegate account administration to these offices.
Figure 4.1 shows the network links that exist among Hanson Brothers' three offices.
Figure 4.1 The Hanson Brothers Wide Area Network
Both the Calgary and the Boise offices are connected to the Warroad office with T1 connections. The connections are currently experiencing 5 percent utilization of available network bandwidth.
Hanson Brothers initially implemented Active Directory using a single domain (hansonbrothers.tld). The IT department wants to maintain a single domain for the entire organization in order to reduce the management requirements that would be involved if the organization implemented multiple domains.
All user accounts, computer accounts, and domain controllers (DCs) are currently stored in the default locations in Active Directory. Hanson Brothers realizes that to properly implement its planned single-domain model to allow for delegation of administration, they must create an organizational unit (OU) structure that will facilitate such delegation.
In your meetings with the IT staff, you've determined the following requirements for administration of the network:
A central IT team at the Warroad office designed Hanson Brothers' corporate network. The group split network administration tasks among themselves and defined the following roles and tasks, shown in Table 4.1.
Table 4.1 Administrative Roles for Hanson Brothers Central IT Team
IT Team Member | Roles |
---|---|
Stephanie Conroy | Backups and Group Policy management |
Derek Graham | Domain Name System (DNS) and Dynamic Host Configuration Protocol (DHCP) management |
Steve Masters | Management of all user accounts except administrative accounts |
Kim Hightower | Restoration of network backups |
Yvonne Schleger | Schema design |
Eric Miller | Backup and restore management, share management, manage services |
It's believed that some network administrators are using their administrative accounts for day-to-day activities on the network. A few months ago, an account's password was changed from an administrator's console when the administrator forgot to lock the computer during the lunch hour. Due to the security issues, you must include the following items in your administrative security design: