Determining Business Needs | MCSE Windows 2000 Active Directory Services Design Exam Cram 2 (Exam Cram 70-219)

Several elements make up an Active Directory infrastructure. When you're planning for each element, different aspects of the business must be assessed to ensure that each element is implemented in a way that meets these business requirements. When you're designing a domain tree, one of the first things you must do is an assessment of the business. When designing a domain structure, keep in mind that a single model is simpler to implement and easier to administer than a multiple-domain model. There will definitely be times when a single model is not suitable for a business, but only a thorough assessment of the business will determine whether a multiple-domain model is necessary.

Requirements for Multiple Domains

Use the points discussed in the following sections as a guideline when performing an assessment. For a business that requires one or more of the following, a multiple-domain structure might be necessary.

Decentralized Administration

You must determine whether the business wants to maintain decentralized administration among its business units or geographical locations. You also should assess whether the business requires each division or geographical location to be responsible for its own administration. If so, you might need to create multiple domains.

Distinct Administrative Boundaries

If a distinct administrative boundary needs to be maintained between different areas in the business, multiple domains should be considered . If you recall from Chapter 2, "Overview of Active Directory Design Elements," domains determine both the security and administrative boundaries in an Active Directory hierarchy. When multiple domains are created in a forest, the Domain Admins group in each domain has privileges only in its own domain (unless permissions to another domain are explicitly granted).

Separate Security Policies

You must also determine whether the business requires multiple security policies. Remember that in an Active Directory hierarchy, the domain is the security boundary. In some cases, a single security policy can meet the security needs of an entire business. In cases in which a business needs to create multiple security policies for different areas in the business, however, a multiple-domain structure is necessary.

Business Partnerships

Whether the business has subsidiaries that need to maintain separate and distinct namespaces is another point to consider. For those businesses that have established partnerships and need to be included in the Active Directory structure, a multiple-domain structure is necessary, especially if a separate namespace is required. For example, if the XYZ Corporation has established a partnership with the ABC Corporation, for the two businesses to maintain their own administration and independent namespaces, two separate domains would need to be created, as shown in Figure 8.1.

Figure 8.1. If a business has established partnerships, you might need to create a multiple-domain structure for the businesses to maintain their independence.

graphics/08fig01.gif

Slow Links

Whether the physical structure of the current network presents a need for multiple domains is another important consideration. Replication in a domain occurs between all domain controllers. Therefore, if some locations in a business are connected by physical links that are slow or unreliable, multiple domains can be created to optimize replication.

Be sure you understand when to create multiple domains. You are likely to encounter exam questions that ask you to decide whether to implement a single domain or multiple domains based on a specific scenario.