1 / 37

Active Directory Boundaries - Purpose

Active Directory Boundaries - Purpose. Replication Boundaries Security Boundaries. Active Directory Boundaries - Types. Geographic vs Organizational Contiguous vs Discontigous namespace i.e. oldcompany1.newcompany.com and oldcompany2.newcompany.com are 2 contiguous namespaces. Prestaging.

lorin
Download Presentation

Active Directory Boundaries - Purpose

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Active Directory Boundaries - Purpose • Replication Boundaries • Security Boundaries

  2. Active Directory Boundaries - Types • Geographic vs Organizational • Contiguous vs Discontigous namespace • i.e. oldcompany1.newcompany.com and oldcompany2.newcompany.com are 2 contiguous namespaces

  3. Prestaging • forestprep and domainprep • Removal

  4. Removing Domains or Trees • ADMT pruning/grafting • ADMTv3.1

  5. Functional Levels • Viewing • Raising • Interoperability • UPN – User Principal Name

  6. Simplifying Logon • Each user • Has a unique down-level logon name • Can have multiple friendly UPN's

  7. Trust Basics • Trusts allow communication between the boundaries of domains and forests • 1 way Trust • 2 way Trust

  8. Transitive Trusts • Extend permissions across multiple domains • Automatically created as new domain joins a tree or new child is created

  9. Forest Trusts • Forest wide • Selective authentication

  10. External Trusts • Non-Transitive • NT4.0 or Kerebos compatible

  11. Shortcut Trust • Transitive • Speeds up authentication and authorization

  12. Identity • Security Identification (SID) filtering

  13. Create Sites • Balance service delivered to all locations. • Inventory the number of users at each site • Inventory the types of WAN links

  14. Create AD Subnets • Associate subnets with the site location that has the closest DC

  15. Configure Site Links • Site Links = WAN links • Star vs Mesh

  16. Associating Link Costs • Cost = Speed/Availability of WAN

  17. Configure Infrastructure • Manually link Operational Masters with their backup servers

  18. Global Catalog Servers • Deploy Global Catalog servers at each site when possible

  19. Replication • Each domain can have its own replication topology and schedule • Different events have different priorities to trigger replication

  20. DFS • DFS – Distributed File System • Method for synchronizing shared folders

  21. DFS • DFS – Distributed File System • Method for synchronizing shared folders • Conflict and Deleted folder • Good for application distribution or other read-only data

  22. Replication - Automatic • Knowledge Consistency Checker (KCC) • Bridgehead Server • Intersite Topology Generator

  23. Replication - Automatic • Knowledge Consistency Checker (KCC) • Bridgehead Server • Intersite Topology Generator • Scheduling • IP and SMTP protocols

  24. Replication - Manual • Designate a specific bridgehead server • Make a one way replication partnership • Manually force replication after making changes to AD

  25. Global Catalog Server • DC that contains information about other Domains

  26. Promotion • Use the AD snap-in Sites and Services • Partial Attribute Set

  27. Alternate Methods • UGMC – Universal Group Membership Caching

  28. Domain Operations Masters • PDC emulator • Relative ID (RID) • Infrastructure

  29. Forest Operations Masters • Schema Master • Domain Naming

  30. Operations Master • Seize vs Transfer • Backup • Placement

  31. Schema Master • Schema can be extended with various tools • Placement should be on a Global Catalog • Time Service is important for successful upgrades

More Related