As you've probably already noticed, assessing the needs of the business is crucial in all aspects of designing an Active Directory infrastructure. The needs of the business should also be the first thing considered when designing a domain. The domain design created by the design team should reflect the current structure of the business. When assessing the business, you need to detail the administrative requirements as well as the security requirements because both of these requirements will have a major impact on the domain and OU structure planned for the business. Administrative and Security RequirementsWhen designing a domain, the first thing that should be documented (or reviewed if it has already been determined) is the administrative strategy the business has implemented. The type of administrative structure a business has in place determines the creation and organization of domains in the Active Directory. You must determine whether the business has implemented a centralized or decentralized strategy for administration. Knowing how the administrative tasks are distributed throughout the business helps you determine the model for administration that will best meet the needs of the business. The administration model implemented should allow the business to distribute administrative tasks in a way that meets its administrative requirements. The administration model also determines the organization of domains and OUs in the Active Directory hierarchy. If you recall from Chapter 5, "Designing Active Directory for Delegation," the four models for administration that can be implemented are geographical (location), organizational (business unit), functional (role), and hybrid models. Table 7.1 summarizes the characteristics of each model (refer to Chapter 5 for a more in-depth review). Table 7.1. Characteristics of Administration Models
After you've determined the administrative requirements of the business, the security requirements must be assessed (security in a business is usually crucial, so be sure the assessment is thorough). When assessing the security requirements, determine who is responsible for administration in the business (delegation of authority). Documenting this information ensures that the proper individuals are assigned the proper permissions. Use the following questions as a guide when performing the assessment:
After the administrative and security requirements of the business have been determined, you should have a good understanding of the domain structure that will best meet the business's needs. Your next step is to plan the creation of the first domain in the Active Directory structure. |