You are previewing Windows Server 2003 Active Directory Design and Implementation: Creating, Migrating, and Merging Networks.
O'Reilly logo
Windows Server 2003 Active Directory Design and Implementation: Creating, Migrating, and Merging Networks

Book Description

A unique, scenario-based approach to selecting and implementing the best Active Directory design for your environment Understand the principles of Active Directory design

  • Create new networks or evolve existing Active Directory installations

  • Create the best Active Directory design for a broad range of business environments

  • Implement your Active Directory designs

  • Migrate and merge Active Directory structures

  • In Detail A well thought-out Active Directory provides a solid foundation for other services which will lower support costs and allow companies to centrally manage their environment. You should look at the Active Directory as your first step in moving to a centrally managed, highly integrated IT environment that supports efficient and effective delivery of business capabilities. Once the appropriate technical infrastructure is in place, it is vital to leverage that infrastructure to create an enterprise-class application infrastructure.

    If you are creating a new Active Directory network, or are migrating or merging existing installations, this is the book for you.

    While the basics of the Active Directory are straightforward, to get the most from it requires careful planning and a thorough understanding of what can be accomplished. For any environment there are a number of core stages in the Active Directory implementation; the 3 Ds: discovery, design, and deployment. In this unique book, we take a broad range of environment types and work through these stages; suggesting an Active Directory design specific to that environment, and how to implement it; at each stage providing clear instructions so the decisions are clearly understood and the best-practice principles will be maintained throughout your system lifetime. There are many books on using, administering, or even deploying Active Directory, but this is the only book that exists to relate the crucial design aspects to your target environment, and show you to implement this design.

    This book covers discovery, design and deployment stages of Active Directory implementation in the following scenarios:
  • A small, single location company with fairly basic needs and a basic Windows NT 4.0 domain

  • A larger company with multiple regional areas which are currently facilitated by multiple NT 4.0 domains

  • A retail-type business with very different drivers and requirements from that of a standard business, based on Windows 2000 Active Directory

  • Merging and restructuring the Active Directory infrastructure of two financial institutions

  • Who this book is written for? This book is for Windows network administrators, analysts, or architects, with a grasp of the basic operations of Active Directory, and are looking for a book that goes beyond rudimentary operations. However, all of the concepts are explained from the ground up, and the book can be read by network design and administration professionals with no prior Active Directory knowledge.

    Table of Contents

    1. Copyright
    2. Credits
    3. About the Author
    4. Introduction
      1. What This Book Covers
      2. What You Need for Using This Book
      3. Conventions
      4. Reader Feedback
      5. Customer Support
        1. Downloading the Example Code for the Book
        2. Errata
        3. Questions
    5. 1. The Importance of a Domain
      1. In the Beginning
        1. Who's SAM?
        2. Domain Controllers
        3. Joining a Domain
        4. What do I Need the Active Directory For?
        5. Trust Relationships
        6. Domain Models
          1. Single Domain Model
          2. Single Master Domain Model
          3. Multiple Master Domain Model
          4. Complete Trust Model
      2. The Main Event—Active Directory
        1. The Directory Service Implementation
        2. The Blueprint of the Active Directory
        3. Creating a Domain Controller
        4. Domain Controller Farm
        5. Kerberos
        6. Domains
        7. Trees
        8. Forests
        9. Organizational Units
        10. Sites
        11. FSMO Roles
        12. PDC Emulator FSMO Role
        13. RID Master FSMO Role
        14. Infrastructure FSMO Role
        15. Schema Master FSMO Role
        16. Domain Naming Master FSMO Role
        17. Global Catalog
        18. Domain and Forest Modes
        19. Domain Modes
          1. Mixed Mode
          2. Windows 2000 Native Mode
          3. Windows Server 2003 Interim Mode
          4. Windows Server 2003 Mode
        20. Forest Modes
          1. Windows 2000
          2. Windows Server 2003 Interim Mode
          3. Windows Server 2003 Mode
        21. Group Policy
      3. Summary
    6. 2. The Small Accountancy Firm
      1. What Have We Here?
        1. Domains and Their Controllers
        2. Other Services
        3. Sites
        4. Policy Requirements
        5. Administration
      2. The Big Design
        1. Migrate or In-Place?
        2. What's in a Name?
        3. Domain Requirements
        4. Forest and Tree Requirements
        5. Number of Domain Controllers, FSMO Role Placement, and Global Catalog Placement
        6. Organizational Unit Requirements
          1. Geography as a Basis
          2. Business Area as a Basis
          3. Object Type as a Basis
          4. The Real World
      3. The Other Services
        1. DNS
        2. WINS
        3. DHCP
        4. The Domain/Forest Mode
      4. The Final Server Picture
        1. The Clients
        2. Do as I Say, Not as I Do (Policies)
        3. Other Services
      5. Summary
    7. 3. Step-By-Step Migration
      1. Preparing for the Upgrade
      2. Performing the Upgrade
        1. Ensure the Current PDC Is Patched
        2. Installing Your New PDC
          1. Text Mode Portion of Setup
          2. Graphical Portion of Setup
          3. Patching the New Server
          4. Patching Existing Domain Controllers
          5. Replicating the netlogon Content
          6. Other Service Considerations
          7. Taking the PDC Role
          8. Pre-Windows 2003 Upgrade Steps
          9. Creating a New Disk Partition for SYSVOL
          10. Pretending to be an NT 4.0 Domain Controller
          11. Maintaining LAN Manager Replication
          12. Preparing the Media
          13. DNS
          14. Freeze
        3. Upgrading the PDC
        4. Let's Make an AD
        5. Post-Upgrade Steps
        6. Client Authentication
        7. NT 4.0 BDC Operation Confirmation
        8. Windows 2003 Domain Controller Validation
          1. TCP/IP Properties
          2. Event Log
          3. Accounts
          4. DNS Configuration
          5. Shared System Volume Verification
          6. Your New Best Friend, the Support Tools
          7. Patch the Domain Controller
          8. Setting Time Synchronization for the Forest Root PDC FSMO
          9. Sites and Subnets
          10. Replicating File System Between Windows 2003 and NT 4 Domain Controllers
          11. A Backup
        9. The Next DC
          1. Operating System Content
          2. Neutralize the Emulation
          3. DCPROMO on the Future DC
          4. Verifying the New Domain Controller Creation Process
          5. Enabling DNS on the New DC
          6. Moving Ttwo FSMO Roles
          7. Making the New DC a Global Catalog
          8. Another backup
          9. Turning off the NT4 Emulation
          10. Migrating DHCP and WINS
          11. Compatibility with NT 4 and Windows 95 clients
          12. LDAP Signing
        10. Retiring the NT 4.0 BDCs
        11. Enabling Full Active Directory Functionality and Completing the Upgrade Process at Domain and Forest Levels
      3. Summary
    8. 4. The Regional Legal Firm
      1. What Have We Here?
        1. The Main Objects
        2. The Physical Structure
        3. Other Services
          1. DNS
          2. WINS
          3. DHCP
      2. The New Infrastructure Design
        1. New Domain Structure
        2. The Name
        3. Sites
        4. Within a Site
        5. Between Sites
          1. Sites Connected via a Site Link
          2. Cost of the Site Link
          3. Protocol of the Site Link
          4. Availability of the Link
          5. Frequency of Replication
        6. Bridge Me
        7. Preferred Bridgehead
        8. Site Design
        9. Domain Controller Placement
        10. Service Placement
        11. OU Design
        12. The Upgrade Path
      3. Performing the Upgrade
        1. Preparing the New Domain
        2. Raise Domain and Forest Level
        3. Create Subnets and Sites
          1. Create OU Structure
        4. Add Additional Domain Controllers in Sites as Required
        5. Move FSMO Roles and GC Assignment
        6. Ensure Policies (Group Policy) Configured
        7. Migrate the Resources
          1. Prepare for ADMT
          2. Configure the Trusts
          3. Windows 2003 Domain Changes
          4. NT 4 Source Domain Changes
          5. Configuring the Domains for Password Migration
          6. Migrate the Objects
            1. Migrating the Global Groups
            2. Migrating the User Accounts
            3. Migrating the Computer Accounts
            4. Migrate the Rest
      4. Post Migration Tasks
        1. Remove NT 4 (Hurrah!)
        2. Strengthen the Domain
        3. Cleaning Up the sIDHistory
        4. Delegating Authority
        5. Anything Else
    9. 5. The Retail-Based Company
      1. Discovery
        1. Domain, Forest, and Trust Discovery
          1. Types of Trusts
            1. Parent-Child Trust
            2. Tree-Root Trust
            3. Shortcut Trust
            4. External Trust
            5. Realm Trust
            6. Forest Trust
        2. Sites, Subnets, and Site Links
        3. Domain Controller Placement, FSMO, and GC Structure
          1. Identify FSMO Role Holders
          2. Identify Global Catalogs in the Forest
          3. Final Current View
          4. DNS Infrastructure
          5. Active Directory Usage and Enhancements
          6. Objects in Domains
          7. Discovery Management
      2. Design
        1. Site Links
        2. Exchange 2000 Schema "Feature"
        3. The London and Stores Requirements
        4. Domain Controller Placement
        5. DNS
      3. Upgrade
        1. Practice Makes Perfect
        2. Performing the Upgrade
          1. Backup
          2. Preparing the Forest
          3. Preparing the Domain
          4. Upgrading the Domain Controllers
      4. Post-Upgrade Tasks
        1. DNS _msdcs Move
        2. London Migration
        3. Stores Domain
      5. Summary
    10. 6. The International Financial Company
      1. Discovery
      2. Task 1: Enable Authentication Between the Two Companies
        1. Trust Options
        2. DNS Configuration
        3. Creating the Forest Root Trust
        4. UPN
      3. Task 2: Rename and Move the Domestic Domain
        1. Step 1: Create the Shortcut Trust
        2. Configure DNS
        3. Prepare the Domain Controllers
        4. The Control Station
        5. Step 2: Create the Current Forest XML Layout
        6. Step 3: Modify the Forest Layout
        7. Step 4: Implement the Change
        8. Step 5: Rename the Domain Controllers in Renamed Domains
        9. Step 6: Fix the Group Policy
        10. Step 7: Reboot all Member Machines
        11. Step 8: Remove the Leftover Metadata from the Restructure
        12. Step 9: Exchange and Others
        13. Step 10: A Cold Brewski
      4. Task 3: Improve Branch Office Resource Access
        1. The Domain
        2. The Sites
        3. Placing the Domain Controllers
        4. Redundant Replication Connection Objects and Load Balancing
        5. DNS
      5. Additional Information
        1. Additional Account Information
        2. The Group Policy Management Console
        3. Modifying the Default Container for Users and Computers
        4. Moving Objects Between Domains in a Forest
        5. Performing an Offline Defragmentation of the Active Directory Database
          1. Core NTDS Database File
          2. Transaction Log Files
          3. NTDS Working Files
        6. Importance of Backing Up the Active Directory
      6. Conclusion