There is a basic tenet to consider when designing the Active Directory domain structure. Start simple, and then expand only if expansion is necessary to address a specific need. This concept is, by and large, the most important concept to remember when you're designing Active Directory components. In regard to domain design, this means you should always start the design process with a single domain and then add on to your design if your organizational concerns dictate that you do so. Following this basic philosophy during the design process will reduce headaches down the road. When you're designing the Active Directory, you must contemplate a common framework for diagrams. In Active Directory, for example, domains are often pictorially represented by triangles, as shown in Figure 5.2. So, when beginning your design, start with a single triangle. Figure 5.2. Domain diagram representation as a triangle.
In this example, the fictional company named CompanyABC has begun the process of domain design. Depending on its unique needs, CompanyABC may decide to expand upon that model or keep it simplistic. These decisions should be made with a detailed knowledge of the different domain design models and the environments in which they work best. Active Directory was designed to be a flexible, forgiving directory services implementation. This is even more true with Windows Server 2003's Active Directory implementation. Consequently, there are multiple design models available to choose from, depending on the individual needs of organizations. The major design models are as follows:
In reality, not all AD structures fall underneath these categories because the possibilities exist for numerous variations and mutations of AD structure. However, most domain structures either fall into these categories or are a hybrid model, possessing traits of two different models. Out of all these models, however, the single domain model is the most common design model and also happens to be the easiest to deploy. |