Active Directory Design Scenario

In: Computers and Technology

Submitted By eddogg23
Words 293
Pages 2
Active Directory Design Scenario

My first question: Is what type of business or industry the company represents? Who will be the executive sponsor, the project architect, project manager? Will this person also be in charge of the Active Directory? What is the budget, time-frame and schedule of this project? Does the other company have an IT Administrator or are they using a consultant? If so, it would be more cost effective to hire an IT Administrator. What are the business needs of the company we are merging with? Who is the WAN person responsible for the network? Have him/her provide a map of your current WAN network. What applications will be integrated in the AD/DS design? Will a variety of technologies, different levels of security and a global presence now or in the future be required? Where will all your data be stored? Will we be having geographically separate data rooms? Who are the Active Directory Service and Data Owners? (Service owners include the forest owner, the AD/DNS owner, and the site topology owner. The Data Owners will include organizational unit Owners. Will the other site have a Service Administrator or a Data Administrator? Because it is cost saving having Data Administrators. The Data Administrators are users within a Domain, who are responsible for both, maintaining data that is stored in the AD/DS i.e. user and group accounts and maintaining computers that are members of their domain. Service Administrators require a much higher skill set because they are responsible for maintaining the directory and the infrastructure that supports it. Dividing work assignments result in cost savings because only a small number of administrators need to be trained to operate and maintain the entire directory and…...

Similar Documents

Active Directory

...HomeWork Page 19 Fill in the Blanks 1. The Active Directory database is stored on each domain controller in a file called . 2. The Active Directory is considered the security boundary for an Active Directory environment. 3. To provide fault tolerance, Active Directory utilizes a(n) . replication model. 4. To create a trust relationship widi an NT4 domain, you will configure a(n) . 5. The naming context is replicated across the domain. 6. The of an Active Directory object identifies its location within the directory structure. 7. A(n) provides a two-way transitive trust relationship between all domains within two forests. 8. Each domain in an Active Directory forest has a(n) trust relationship with every other domain in a forest. 9. allows a user at a remote site to be able to log into Active Directory without needing to contact a global catalog server. 10. Active Directory clients rely on in DNS to locate Active Directory resources such as domain controllers and global catalog servers. Page 57-58 Multiple Choice 1. What mechanism within DNS is used to set up load balancing between multiple servers that are......

Words: 560 - Pages: 3

Unit 3. Assignment 1. Active Directory Design Scenario

...project architect, project manager? Will this person also be in charge of the Active Directory? What is the budget, time-frame and schedule of this project? Does the other company have an IT Administrator or are they using a consultant? If so, it would be more cost effective to hire an IT Administrator. What are the business needs of the company we are merging with? Who is the WAN person responsible for the network? Have him/her provide a map of your current WAN network. What applications will be integrated in the AD/DS design? Will a variety of technologies, different levels of security and a global presence now or in the future be required? Where will all your data be stored? Will we be having geographically separate data rooms? Who are the Active Directory Service and Data Owners? (Service owners include the forest owner, the AD/DNS owner, and the site topology owner. The Data Owners will include organizational unit Owners. Will the other site have a Service Administrator or a Data Administrator? Because it is cost saving having Data Administrators. The Data Administrators are users within a Domain, who are responsible for both, maintaining data that is stored in the AD/DS i.e. user and group accounts and maintaining computers that are members of their domain. Service Administrators require a much higher skill set because they are responsible for maintaining the directory and the infrastructure that supports it. Dividing work assignments......

Words: 289 - Pages: 2

Active Directory

...1. Benefits of directory services (AD DS) Without getting too technical and wordy, but being able to help the client understand more about what active directory does, the following can be explained: - AD shows a better representation of the network by a process known as centralization. Centralization is the process of managing users regardless of the size of the network in one location. - Utilizes organizational units to improve scalability. If an organization is large, OUs can help simplify the task by grouping resources (such as users and computers) that have similar rights. - Replication makes it easier because any changes that are made are replicated to other domain controllers so that the network can run more efficiently. http://www.techrepublic.com/article/the-benefits-of-moving-clients-to-an-active-directory-environment/ Active Directory Domain Services (AD DS) benefits: Redundancy Fault Tolerance Serves as a domain controller that authenticates users when logging on to a network. Participates in storing, modifying, and maintaining the AD database (Textbook) Page 3 for major benefits of AD DS Mark is concerned about ensuring the network so that it has little to no downtime at all. AD DS can help ease this issue because of the system providing fault tolerance. It continues to provide services even if 1 or more servers experience hardware failure or loss of connectivity. How does it do this? It does this through its......

Words: 625 - Pages: 3

Active Directory Design Scenario

...Apply Activity 1: Active Directory Design Scenario When integrating AD DS with an existing DNS namespace, we recommend that you do the following: Install the DNS Server service on every domain controller in the forest. This provides fault tolerance if one of the DNS servers is unavailable. In this way, domain controllers do not need to rely on other DNS servers for name resolution. This also simplifies the management environment because all domain controllers have a uniform configuration. Configure the Active Directory forest root domain controller to host the DNS zone for the Active Directory forest. Configure the domain controllers for each regional domain to host the DNS zones that correspond to their Active Directory domains. Configure the zone containing the Active Directory forest-wide locator records to replicate to every DNS server in the forest by using the forest-wide DNS application directory partition. A computer might have a different existing DNS name if the organization previously, statically registered the computer in DNS or if the organization previously deployed an integrated Dynamic Host Configuration Protocol (DHCP) solution. If your client computers already have a registered DNS name, when the domain to which they are joined is upgraded to Windows Server 2008 AD DS, they will have two different names: The existing DNS name. The new fully qualified domain name (FQDN) Clients can still be located by either name. Any existing DNS, DHCP, or integrated......

Words: 305 - Pages: 2

Week 4 – Active Directory Design Scenario

...Week 4 – Active Directory Design Scenario Since the two new braches office will be directly connected to main office you can configure hub and spoke topology. I would also recommend in hub site to have minimum two DC for redundancy. In the event of failure if second DC does not exist irrespective of OS version AD replication will be down totally. At least in the hub site you should have additional DC if not present. Branch 1 – For this site I would recommend setting up another line to the main hub to remove single point of failure. Also setting a backup for branch 1 located at main site and if possible at branch 2. A two way trust will need to be set up to support backup at main site/branch 2 if servers fail at branch 1. To support AD replication I would use two way trust network. Branch 2 – With branch 2 being located at a remote site I would recommend setting a VSAT system to remove the single point of failure. With the slow speed at this branch it would not make for a very good backup site. I would use two way trusts for replication of services. *Recommendations for Optimum Performance For Active Directory replication, a rule of thumb is that a given domain controller that acts as a bridgehead server should not have more than 50 active simultaneous replication connections at any given time in a replication window. (This was determined on a reference server that had four Pentium III Xeon processors with 2 gigabytes (GB) of RAM and 2 megabytes (MB) of L2 cache.)......

Words: 683 - Pages: 3

Active Directory Design Scenario

...Active Directory Design Scenario When implementing a new AD DS infrastructure there are many business-related questions that need answered in order to accurately design a domain hierarchy. Below is what we need to know to effectively accomplish this, including the number of DCs, geographical placement, number of domains/forests etc. Ideally, all servers should run the latest version of windows and take advantage of all the advanced features available with the newest software. DC deployment configuration Decisions to make- Deploy a separate forest without any trusts? Deploy a new forest with federation? Deploy a new forest with Windows Server Active Directory forest trust for Kerberos? Extend Corp forest by deploying a replica DC? Extend Corp forest by deploying a new child domain or domain tree? Factors to consider- Security- what is your security plan? Compliance- is there any compliance codes or concerns? Cost- what is the budget? Resiliency and fault-tolerance- is there any implemented? Application compatibility- software and hardware compatibility Geographical Placement There can be a central location where all servers are located and use WAN links for sites to query DCs and DNS servers for network resources. Also, you may place DCs at sites if bandwidth utilization is at a premium. Needed to determine the number of DCs Collect the network info Plan domain controller placement Create a site design Create a site link design Create a site link......

Words: 265 - Pages: 2

Active Directory

...To back up Active Directory, you must install the Windows Server Backup feature from the Server Manager console. To perform backups from the command line, you will also need to install Windows PowerShell. Windows Server Backup supports the use of the disk drives as backup destinations. Windows Server 2008 supports two types of backup: • Manual backup: This type of backup can be initiated by using Server Backup or the Wbadmin.exe command-line tool when a backup is needed. You must be a member of the Administrators group or the Backup Operators group to launch a manual backup. • Scheduled backup: Members of the local Administrators group can schedule backups using the Windows Server Backup utility or the Wbadmin.exe command-line tool. Scheduled backups will reformat the desired drive that hosts the backup files, and can only be performed on a local physical drive that does not have any critical volumes. With all this taken into consideration I would perform a manual backup every time a major change is taking place and then use a scheduled backup every month to make sure every small change is saved and is not over looked. When a domain has multiple domain controllers, the Active Directory database is replicated within each domain controller. Windows Server 2008 allows several different restoration methods, depending on the goals for your restore. Wbadmin, is the command-line component of the Windows Server Backup snap-in, which restores a single Active Directory domain......

Words: 423 - Pages: 2

Active Directory

...Chapter 1: 1. Which of the following items is a valid leaf object in Active Directory? a. Domain b. User c. Application partition d. OU 2. Which of the following domain controllers can be joined to a forest that is currently set at the Windows Server 2008 forest functional level? a. Windows 2000 b. Windows Server 2003 c. Windows Server 2008 d. Windows NT 4.0 3. You are planning an Active Directory implementation for a company that currently has sales, accounting, and marketing departments. All department heads want to manage their own users and resources in Active Directory. What feature will permit you to set up Active Directory to allow each manager to manage his or her own container but not any other containers? a. Delegation of control b. Read-only domain controller c. Multimaster replication d. SRV records 4. The process of keeping each domain controller in synch with changes that have been made elsewhere on the network is called __________. a. Copying b. Osmosis c. Transferring d. Replication 5. The __________ Domain Controller contains a copy of the ntds.dit file that cannot be modified and does not replicate its changes to other domain controllers within Active Directory. a. Secondary b. Primary c. Read-Only d. Mandatory 6. What type of trust is new to Windows Server 2008 and is only available when the forest functionality is set to Windows Server 2008? a. Parent-child trust b.......

Words: 591 - Pages: 3

Active Directory

...following Windows Server 2008 services: i. Active Directory Federation Services ii. Active Directory Lightweight Directory Services iii. Active Directory Certificate Services iv. Active Directory Rights Management Services i. Active Directory Federation Services is a standards-based service that allows the secure sharing of identity information between business partners (know as federations) across the extranet. When a user needs to access a Web application from one of its federation partners, the users own organization is responsible for authenticating the user and providing identity information in the form of "claims" to the partner that hosts the Web application. The hosting partner uses its trust policy to map the incoming claims to claims that are understood by its Web application, which uses the claims to make authorization decisions. ii. Active Directory Lightweight Directory Services is a Lightweight Directory Access Protocol (LDAP) directory service designed for use with directory-enabled applications. A directory-enabled application is one that uses a directory, as opposed to a database or flat file, for its data store. iii. Active Directory Certificate Services is an Identity and Access Control security technology that provides customizable services for creating and managing public key certificates used in software security systems that employ public key technologies. iv. Active Directory Rights Management Services is an......

Words: 563 - Pages: 3

Active Directory

...Travis Miller There are two different way of backing up the computer that use the Active Directory on their computer systems. The first way that they would backup there computer that use the Active Directory is by using a Manual backup. The way that they would go by doing that would be going into the computer and open up the Administrators group or the Backup Operators group to launch a manual backup on their computers in the office. The other that they would backup there computer is by doing a schedule backup. They would have to go through the Administrators group on the computer then they would have to schedule a backup by picking when they would want the backup to start and what date they would like it on. They would also have to pick what files they would want to be saving and what drive they would like to be backup. The way to have a recovery plan for the Active Directory they would have to do a restore on the Active Directory because that is the only way to bring it back. That mean that they would have to go in the computer and they would have reinstall the Active Directory on the computer system that they are using at the time that it happen on the computer. To do a monitoring scheme on Active Directory they will have to go through the Administrative Tool folder on the computer. Then they would have to pick the one that say performance monitor. Then from there they could do whatever they want on the computer....

Words: 267 - Pages: 2

Active Directory

...1. The Active Directory database is stored on each domain controller in a file called ntds.dit. 2. The Active Directory forest is considered the security boundary for an Active Directory environment. 3. To provide fault tolerance, Active Directory utilizes a multimaster replication model. 4. To create a trust relationship with an NT4 domain, you will configure a(n) external trust. 5. The Domain naming context is replicated across the domain. 6. The of an Active Directory object identifies its location within the directory structure 7. A(n) cross-forest trust provides a two-way transitive trust relationship between all domains within two forests. 8. Each domain in an Active Directory forest has a(n) two-way transitive trust relationship with every other domain in a forest. 9. Universal group caching allows a user at a remote site to be able to log into Active Directory without needing to contact a global catalog server. 10. Active Directory clients rely on SRV records in DNS to locate Active Directory resources such as domain controllers and global catalog servers. 1. Which of the following items is a valid leaf object in Active Directory? B. User 2. Which of the following domain controllers can be joined to a forest that is currently set at the Windows Server 2008 forest functional level? C. Windows Server 2008 3. What feature will permit you to set up Active Directory to allow each......

Words: 387 - Pages: 2

Active Directory

...Active Directory Scenario: The small business that you created new domain controllers for now wants you to develop a backup and recovery plan for Active Directory. You also need to develop a monitoring scheme to ensure the new Active Directory environment remains available. Explain this backup and recovery plan along with the tools needed to monitor the active directory environment. Submission Requirements: Submit your response in a 1-2 page Microsoft Word document through the Questa Learning Plan. Evaluation Criteria: Your instructor will use the following points for evaluating your performance in this assessment: * Did you discuss a backup strategy or Active Directory? * Did you discuss a recovery plan for Active Directory? * Did you discuss a monitoring scheme for Active Directory? Windows Server Backup provides several Group Policy settings that give you some limited control over how backups work on your servers. With these backup policies, you can mitigate some of the risks associated with people performing unauthorized backups to obtain access to unauthorized data. The options include: Allow Only System Backup If this is set, Windows Server Backup can only back up critical system volumes. It cannot perform volume backups. Disallow Locally Attached Storage as Backup Target When enabled, this setting does not allow backups to locally attached drives. You can only back up to a network share. Disallow Network as Backup Target This setting does......

Words: 297 - Pages: 2

Active Directory

...Project- Windows 2012 Management 12/5/14 Active Directory is a directory service that Microsoft developed for Windows domain networks and is included in most Windows Server operating systems as a set of processes and services. An Active Directory domain controller authenticates and allows all users and computers in a Windows domain type network- assigning and enforcing security policies for all computers and installing or updating software. When a user logs into a computer that is part of a Windows domain, Active Directory checks the submitted password and determines whether the user is a system administrator or normal user. Active Directory makes use of Lightweight Directory Access Protocol (LDAP) versions 2 and 3, Microsoft's version of Kerberos, and DNS. Active Directory, like many information-technology efforts, originated out of a democratization of design using Request for Comments or RFCs. The Internet Engineering Task Force (IETF), which oversees the RFC process, has accepted numerous RFCs initiated by widespread participants. Active Directory incorporates decades of communication technologies into the overarching Active Directory concept then makes improvements upon them. Microsoft previewed Active Directory in 1999, it was first released with Windows 2000 Server edition, and revised it to extend functionality and improve administration in Windows Server 2003. Additional improvements came with Windows Server 2003 R2, Windows Server 2008, and......

Words: 627 - Pages: 3

Active Directory

...Windows Server 2003 Active Directory Judith Che Strayer University of Maryland Author Note Judith Che, Strayer University of Maryland. Any questions regarding this article should be address to Judith Che. Strayer University Maryland, White Marsh, MD 21085. Company’s today relay on good networking in order for their business to grow and succeed. A system engineer requires the ability, knowledge, and skill to plan and manage today’s networking which faces an ever-increasing variety of applications. We need to be skilled and informed to manage a network running Windows Server 2003 Active Directory. Present day networking administrators have difficulties ensuring that network resources are available to users when access is needed and securing the network in such a way that available resources are accessible to the proper user with the proper permission. We will have to solve networking problems including troubleshooting, configuration, installation, administration, and managing element. Starting from choosing the best Windows Server 2003 Edition that will meet the company’s needs in terms of price, performance and features; work group woes, name resolution nightmares and DNS name conflicts to server security. These problems can be solved with proper planning, managing, and designing a day-to-day administration of an Active Directory domain within their Windows Server 2003 network environment. We predict that implementing a Windows Server 2003 Active Directory will......

Words: 5782 - Pages: 24

Active Directory Users Group Design

...Jr. Admin, In order to facilitate the needs of Marketing dept. having the capability to print the newsletter to all departments, you can simply go into Group Policies of Active Directory. From there, set each electronic device (in this case the printers) you desire to have shared across the company’s network. Each department will be grouped within Active Directory under Organization Units that could be linked to the particular printers in order for each group with in the OU to print the desired material. I advise labeling each printer, then set it as a default to the groups that are linked to it through own OU and AD. In doing so you, whomever is printing the newsletter should have the ability of selecting the correct printer group resources and distributing them to each department. Please be sure Marketing is placed in a OU that has all other department printers installed within. As to your second request, you can simply take all users that are within the forest in question and add them to a global group, form there the universal group. At this point you will need to add the universal group and add it to the domain local group that is within their domain. Said users will at this point have access to everything in that universal group. Be sure and assign the printer as well in order for them to print off the vacation requests to the Human Resources dept. For the question on your R&D, I would advise setting up a limited domain administrator. ......

Words: 350 - Pages: 2