Microsoft Windows Server 2003 Unleashed (R2 Edition)
Proper design of a Windows Server 2003 Active Directory structure is a critical component in the successful deployment of the technology. Mistakes made in the design portion of Active Directory can prove to be costly and difficult to correct. Many assumptions about basic Active Directory domain and functional structure have been made, and many of them have been incorrect or based on erroneous information. Solid understanding of these components is vital, however, and anyone looking at Windows Server 2003 should keep this point in mind. Active Directory was specifically designed to be scalable. This means that theoretically organizations of every shape and size should be able to implement the technology. For obvious reasons, this means that the structure of the Active Directory forest will vary from organization to organization. In Windows Server 2003's Active Directory implementation, cross-forest trust capability has been added. This allows for the design of so-called federated forests, a new concept in Windows Server 2003. Federated forests are basically multiple forests with separate schemas and separate administrative teams joined via cross-forest transitive trusts. This allows for greater scalability and enables administrators to completely separate security boundaries within an organization. In addition, several design decisions that were previously irreversible in Windows 2000, such as forest name and relative domain structure, have been updated to allow changes to take place. Now, an Active Directory domain structure can be renamed in the event of a merger or acquisition. The psychological factor alone of having to make a decision and not being able to change it has kept some organizations away from deploying Active Directory in the past. Now that those barriers have been removed, more organizations will be able to deploy Active Directory without fear of being painted into a corner later, so to speak. This chapter focuses on best practices for Active Directory design, including a discussion of the specific elements that comprise Active Directory. Various domain design models for Active Directory are presented and identified with specific real-world scenarios. The domain rename procedure is outlined as well, to provide for an understanding of how the concept affects domain design decisions. In addition, step-by-step instructions are presented for several aspects of Windows Server 2003 domain design that have significantly changed since Windows 2000. |
Категории