This lesson introduces you to the Active Directory infrastructure design. It also explains the tools you need to create an infrastructure design and provides an overview of the design process.
After this lesson, you will be able to
Estimated lesson time: 10 minutes
Before you implement Active Directory in your organization, you need to devise some type of plan. An Active Directory infrastructure design is a plan you create that represents your organization's network infrastructure. You use this plan to determine how you will configure Active Directory to store information about objects on your network and make the information available to users and network administrators. This self-paced training kit provides a framework for developing your Active Directory infrastructure design.
Because your Active Directory infrastructure design is key to the success of your Windows 2000 deployment, you must thoroughly gather information for, develop, and test your design before deployment. A significant amount of rethinking, redevelopment, and retesting may also be necessary at various points during the design process to ensure that your design meets the needs of your organization. An effective infrastructure design helps you provide a cost-effective deployment, eliminating the need to spend time and money reworking your infrastructure.
To develop an effective Active Directory infrastructure design, you must assemble the following tools:
Before you begin designing your Active Directory infrastructure, you must identify the people in your organization who should be involved in the design process and assemble them into a design team. The obvious candidates for the design team are the system and network administrators. However, because your infrastructure design must encompass enterprise-wide business requirements, the team must also include input from staff and management who represent a cross section of your organization. To ensure that all aspects of your organization are addressed in your Active Directory implementation, you may want to employ a multilevel team design consisting of three panels:
The infrastructure designers panel consists of the key personnel involved in designing your Active Directory infrastructure. To avoid slowdowns that naturally occur when a number of people are involved in making decisions, the infrastructure designers have authority and are the driving force behind the infrastructure design process. Although the number of members may vary depending on the size of the organization, the infrastructure designers panel should contain system administrators, network administrators, and members of the information technology management organization. During the design process, infrastructure designers function as consultants, performing the following tasks:
The skills set for infrastructure designers must include both Windows 2000 technical skills and soft skills. Soft skills are the abilities to "read" people and to communicate and collaborate with them in a diplomatic fashion. Though it's imperative for members of this panel to maintain a high level of Windows 2000 and Active Directory knowledge, it is also extremely important for the members to be proficient in interviewing people, understanding business needs, and facilitating a collaborative environment between people and business units in an organization. Almost three-fourths of the time spent developing an infrastructure design may be spent working with people to determine organizational needs. Infrastructure designers who lack soft skills may require additional training to ensure the success of their Active Directory infrastructure design.
NOTE
This self-paced training kit assumes that you are an infrastructure designer or one of the key personnel involved in designing the Active Directory infrastructure for your organization.
The staff representatives panel consists of personnel throughout the organization who are responsible for carrying out daily operations. The panel should contain an exemplary staff member from each business unit or department within the organization. During the design process, staff representatives function as advisors, performing the following tasks:
The skills set for staff representatives must include the ability to understand and openly communicate business needs for the business unit they represent and an interest in taking part in infrastructure design. It is not necessary for staff representatives to maintain high levels of Windows 2000 technical knowledge.
The management representatives panel consists of management level personnel who are responsible for approving business decisions within the organization. The panel should contain a selected group of upper-level business unit managers. Management representatives must have the authority and ability to approve and support design decisions made by infrastructure designers at each stage of the design development process. Requiring management approval at each stage of development invites scrutiny throughout the design process and encourages managerial support for the finished design. During the design process, management representatives function as advisors and gatekeepers, performing the following tasks:
The skills set for management representatives must include the ability to understand and openly communicate business needs within the business unit they represent and an interest in taking part in infrastructure design. It is not necessary for management representatives to maintain high levels of Windows 2000 technical knowledge.
Figure 2.1 shows the design team assembled by Hiabuv Toys, a fictitious toy company. Note that communication and information flows between the staff and management representatives while it ultimately flows up to the infrastructure designers.
Figure 2.1 Multilevel team design for Hiabuv Toys
The design team members selected for each panel must be willing and be permitted to commit their time and talents throughout the design process to ensure that the infrastructure design effectively meets the requirements of their organization.
After you've assembled a design team, the next design tools you need to assemble are analyses of your organization's business and technical environments. Most often, your organization will have a business infrastructure or network already in place; it's up to you as an infrastructure designer to call on members of the design team to help you assemble documentation about these environments. You will learn how to analyze your business and technical environments in Lessons 2 and 3.
REAL WORLD
Read the "Designing in the Real World: Pre-Design Processes" interview with Dave Trulli, Program Manager, Microsoft Corporation, for a real-world perspective on some pre-design processes, including assembling a design team, gathering information for business and technical environment analyses, and distributing information to members of the design team. You can find the interview on the Supplemental Course Materials CD-ROM (\chapt02\Interview).
After you complete your infrastructure design, you should be prepared to test it in a test environment. A test environment is a simulation of your production environment that allows you to test parts of your Windows 2000 deployment, such as your Active Directory infrastructure design, without risk to your organization's network. To ensure the success of your organization's Windows 2000 deployment, your organization should establish a test environment.
IMPORTANT
Building a Windows 2000 test lab and the planning and conducting of tests in the lab are beyond the scope of this course. For more information on the lab development and testing processes, refer to the Microsoft Windows 2000 Server Deployment Planning Guide volume of the Microsoft Windows 2000 Server Resource Kit.
By setting up your infrastructure design in a test environment, you will be able to see how the design actually works and determine whether any changes are necessary for improvement. Setting up your design in a test environment is an invaluable tool in the development of an effective design.
After you've assembled your design team, gathered business and network analyses, and established a test environment, you're ready to begin planning your infrastructure design. As illustrated in Figure 2.2, the Active Directory infrastructure design process consists of four stages:
Figure 2.2 Stages of the Active Directory infrastructure design process
You should be aware that designing your Active Directory infrastructure is an iterative process—you will be revisiting each stage of the process several times before your design is ready for implementation.
During this stage, you consult your business and technical analysis documents and assess the forest structure your organization requires. You also assess any changes currently planned to address growth and flexibility needs and changes that would help meet the ideal design specifications of the organization. From these assessments you design a forest model.
In this stage you also create a schema modification policy, a plan that outlines who has control of the schema and how modifications that affect the entire forest are administered. You assess an organization's schema needs and, adhering to the schema modification policy, you determine whether to modify the schema. If it is necessary to modify the schema you design a schema modification plan.
When you create a domain plan, you consult your business and technical analysis documents and assess the domain structure your organization requires. You also assess any changes currently planned to address growth and flexibility needs and changes that would help meet the ideal design specifications of the organization. From these assessments, you define domains, define the forest root domain, and define a domain hierarchy. Then you assess domain naming needs and choose names for each domain in the organization. Finally, you plan DNS server deployment by assessing the organization's current DNS server environment and determining the placement of DNS servers. To determine the placement of DNS servers, you plan additional zones, determine the existing DNS services employed on DNS servers, and determine the zone replication method to use. The end result of a domain plan is a domain hierarchy diagram that includes domain names and planned zones.
During this stage, you consult your business and technical analysis documents and assess the organizational unit (OU), user, and group structure your organization requires. You also assess any changes currently planned to address growth and flexibility needs and changes that would help meet the ideal design specifications of the organization. From these assessments you define an OU structure and then plan user accounts and groups. The end result of an OU plan is a diagram of OU structures for each domain, a list of users in each OU, and a list of groups in each domain.
During the final phase of the design process, you consult your business and technical analysis documents and assess the site topology your organization requires. You also assess any changes currently planned to address growth and flexibility needs and changes that would help meet the ideal design specifications of the organization. From these assessments, you design a logical representation of an organization's physical network. Creating a site topology plan includes defining sites, placing domain controllers, defining a replication strategy, and placing global catalog servers and operations masters within a forest. The end result of a site topology plan is a site diagram that includes domain controllers, operations masters roles, site links, and a site link table that provides details about site link configurations. Depending on the needs of the organization, a site topology plan may also include a site link bridge table and a preferred bridgehead server table.
As you design your Active Directory infrastructure, you should keep the following design guiding principles in mind:
MORE INFO
Read the white paper "Windows 2000: Designing and Deploying Active Directory Service for the Microsoft Internal Corpnet," for a discussion of the internal design and deployment activities associated with the successful upgrade of the Microsoft enterprise network to Windows 2000. You can find the white paper on the Supplemental Course Materials CD-ROM (\chapt02\Corpnet). You may want to refer to this document as you study each stage of the Active Directory infrastructure design process.
In this lesson you learned that an Active Directory infrastructure design is a plan that represents your organization's network infrastructure. This plan is used to determine how you will configure Active Directory. You learned that the purpose of creating an Active Directory infrastructure design before actually implementing Active Directory is to test and refine your infrastructure in an off-network environment, eliminating the need to spend time and money reworking your actual network infrastructure.
You also learned that to develop an effective Active Directory infrastructure design, you must assemble a design team, business and technical environment analyses, and a test environment. You walked through the four stages of the design process: creating a forest plan, creating a domain plan, creating an organizational unit plan, and creating a site topology plan. Finally, you were introduced to the design guiding principles.