Windows Server® 2008

Active Directory® Guide
Infrastructure Planning and Design Series
 What is IPD?
Guidance that aims to clarify and streamline the planning and
design process for Microsoft® infrastructure technologies

IPD:

Defines decision flow

Describes decisions to be made

Relates decisions and options for the business

Frames additional questions for business understanding

Page 2 |
 Getting Started

PLANNING FOR
ACTIVE DIRECTORY

Page 3 |
 Purpose and Overview
Purpose:
To provide design guidance for Microsoft Windows
Server 2008 Active Directory
Agenda
Determine process for Active Directory design
Assist designers in the decision-making process
Provide design assistance based on best-practice and
real-world experience

Page 4 |
 Active Directory in Microsoft Infrastructure
Optimization

Basic Standardized Rationalized Dynamic

Identity and
Access Management

Desktop, Device, and Windows Server 2008

Server Management Active Directory Domain Services

Security and
Networking

Data Protection and

Recovery

Page 5 |
 Decision Flow Diagram
S te p 1: S te p 2: S te p 4: A & B, in
S te p 3:
De te rmin e the De te r m ine th e Se le c t th e e ith e r o r d e r
S ta r t

As s ig n Do ma in
Nu m b e r o f Num b e r o f Fo re s t Roo t o r in
Na m e s
Fo r e s ts Dom a in s Doma in p a ra lle l

C & D, in
S te p A1:
Ar e A & B Ye s e ith e r o r d e r
A De s ig n the OU
Co m p le te ? o r in
S tr uc tu r e
p a ra lle l

No
S te p B1: S te p B2: S te p B4 :
S te p B3:
De te r m ine De te r min e De te r m ine
De te r min e Co mp le te
B Do ma in Nu mb e r o f Op e r a tio n s
Glo b a l Ca ta lo g A or B
Co n tr olle r Dom a in Ma s te r Ro le
P la c e m e n t
P la c e m e n t Con tr o lle r s P la c e m e n t

S te p C3:

Fin is h e d
S te p C1: S te p C2:
Cr e a te th e Site Ar e C & D
C Cr e a te th e S ite Cr e a te th e S ite Ye s
Lin k Brid g e Co m p le te ?
De s ig n Lin k De s ig n
De s ig n

No
S te p D1:
De te r m ine
Com p le te
D Do ma in
C or D
Co n tr olle r
Con fig ur a tio n

Page 6 |
 Tips for the Planning Process
Considerations at each design phase
Complexity
Cost
Fault Tolerance
Performance
Scalability
Security

Page 7 |
 Decision Flow Start Path:
Determine Domain and Forest Components

S te p 1 : S te p 2 : S te p 4: A & B, in
S te p 3:
De te r m in e th e De te r m in e th e S e le c t th e e ithe r o r d e r
S ta r t

As s ig n Dom a in
Num b e r o f Num b e r o f Fo r e s t Ro ot or in
Na m e s
Fo r e s ts Do m a in s Do m a in p a r a lle l

Page 8 |
 Determine the Number of Forests
How Many Forests?
Option 1: Single Forest

Option 2: Multiple Forests

Multiple Forest Drivers

Multiple Schemas

Resource Forests

Forest Administrator Distrust

Legal Regulations for Application or Data Access

Page 9 |
 Determine the Number of Domains
How Many Domains?
Option 1: Single Domain

Option 2: Multiple Domains

Multiple Domain Drivers

Large Number of Frequently Changing Attributes

Reduce Replication Traffic

Control Replication Traffic Over Slow Links

Preserve Legacy Active Directory

Page 10 |
 Assign Domain Names
Tasks:
Task 1: Assign the NetBIOS Name
• Maximum effective length of 15 characters

• Use a NetBIOS name that is unique across corporations

Task 2: Assign DNS Name

• DNS name consists of host name and network name

• Ensure uniqueness by not duplicating existing registered Internet

domain names

• Register all top-level domain names with Internic

• Name should not represent business unit or division

Page 11 |
 Select the Forest Root Domain
Establish Forest Root Domain Structure:
Option 1: Use a Planned Domain

Option 2: Dedicated Forest Root Domain

Additional Considerations:
Determine Time Synch Strategy

Consider Cost of Final Structure

Consider Complexity of Final Structure

Page 12 |
 Decision Flow Path A:
Determine OU Structure

Page 13 |
 Design the OU Structure
Choose an OU Design:
Task 1: Design OU Configuration for Delegation of
Administration

Task 2: Design OU Configuration for Group Policy Application

Page 14 |
 Decision Flow Path B:
Determine Domain Controller Placement and
Operations Master Role Placement

S te p B1: S te p B2: S te p B4 :
S te p B3:
De te r m ine De te r m ine De te r m in e
De te r m ine
B Dom a in Num b e r of Op e r a tio ns
Glob a l Ca ta log
Co ntr o lle r Dom a in Ma s te r Role
P la c e m e nt
P la c e m e nt Con tr olle r s P la c e m e nt

Page 15 |
 Determine Domain Controller
Placement
Placement of the Domain Controllers:
Task 1: Hub Locations

Task 2: Satellite Locations

Page 16 |
 Determine the Number of Domain
Controllers
Number of Domain Controllers Needed and Their Type:
Task 1: Determine Number of Domain Controllers

Task 2: Determine Type of Domain Controllers Placed in

Location

Page 17 |
 Determine Global Catalog Placement
Global Catalog Locations and Number Needed:
Ap p lic a tio n
Ye s
Re q uir e m e n t?

Task 1: Determine Global Catalog Locations and Counts

No

Num b e r
Ye s
of us e r s > 100?

No

Do no t p la c e a
WAN link
g lob a l c a ta lo g
100% Ye s
s e r ve r a t the
Ava ila b le ?
loc a tio n

No

P la c e a g lob a l
Ma n y ro a m ing Ye s c a ta lo g s e r ve r a t
us e rs a t
the loc a tio n
lo c a tio n ?

No

Pla c e a d om a in
c o ntr olle r a t the
loc a tion a nd e na b le
u nive r s a l g ro up
m e m b e r s h ip
c a c h ing

Page 18 |
 Determine Global Catalog Placement
Considerations:
Locate Near Applications That Rely on Global Catalog

Number of Users at the Location Greater Than 100

WAN Link Availability

Roaming Users at Location

Use of Universal Group Caching

How Many Global Catalog Servers?

Page 19 |
 Determine Operations Master Role
Placement
Domain Roles
Primary domain controller (PDC) emulator operations master

Relative ID (RID) operations master

Infrastructure operations master

Forest Roles
Schema operations master

Domain naming operations master

Page 20 |
 Determine Operations Master Role
Placement
Operations Master Role Placement:
Task 1: FSMO Placement

Page 21 |
 Decision Flow Path C:
Determine Site Design and Structure

S te p C3 :
S te p C1: S te p C2 :
Cr e a te the S ite
C Cr e a te th e S ite Cr e a te the S ite
Lin k Br id g e
De s ig n Lin k De s ig n
De s ig n

Page 22 |
 Create the Site Design
Creating the Site Design:
Task 1: Create a Site for the Location

Task 2: Associate Location to Nearest Defined Site

Page 23 |
 Create a Site Link Design
Creating the Site Link Design:
Task 1: Determine the Site Link Design

Page 24 |
 Create the Site Link Bridge Design
Creating the Site Link Bridge Design:
Option 1: Default Behavior

Option 2: Custom Site Link Bridge

Page 25 |
 Decision Flow Path D:
Determine Domain Controller Configuration

S te p D1 :
De te r m ine
D Dom a in
Co ntr o lle r
Co nfig ur a tio n

Page 26 |
 Determine Domain Controller
Configuration
Plan Domain Controller Configuration:
Task 1: Identify Minimum Disk Space Requirements for Each
Domain Controller

Task 2: Identify Memory Requirements for Each Domain

Controller

Task 3: Determine CPU Requirements

Task 4: Identify Network Requirements for Each Domain

Controller

Page 27 |
 Active Directory Dependencies
Direct Dependencies
Domain Name Service (DNS)

Lightweight Directory Access Protocol (LDAP)

Indirect dependencies
Windows Internet Naming Services (WINS)

Page 28 |
 What’s Next? – Discuss, Rinse, Repeat
Implement your design

Test and refine design along the way

Provide feedback on the doc to satfdk@microsoft.com

Page 29 |
 Summary and Conclusion
Organizations should base the design of their Active Directory
infrastructure on business and technical requirements

Considerations should include:

• The scope of the network and environment

• Technical requirements and considerations

• Additional business requirements

• Designing an Active Directory infrastructure to meet these

requirements

• Validating the overall approach

Page 30 |
 Find More Information
The Microsoft Solution Accelerators Web Site
microsoft.com/technet/SolutionAccelerators
satfdbk@microsoft.com

Download the full document

http://go.microsoft.com/fwlink/?LinkId=100915

Online Resources
Creating a Forest Design: provides information on the details and needs for a forest design
Creating a Domain Design: provides information on the details and needs for a domain design
Namespace planning for DNS: provides information on the best practices and techniques for
DNS names
Configuration of the time service within AD will help with syntax and design requirement for
setting up the time for the AD enterprise
Best Practice Active Directory Design for Managing Windows Networks
Windows Server 2003 Deployment Guide: provides invaluable information for deploying and
configuration servers for AD
FSMO placement and optimization on Active Directory domain controllers
Best Practices for Active Directory Design and Deployment
Designing and Deploying Directory and Security Services

Page 31 |