Thông tin tài liệu
Contents
Overview 1
Role of Active Directory in an Enterprise 2
Conducting an Organizational Analysis 3
Architectural Elements of Active Directory 7
Review 15
Module 1: Introduction
to Designing a Directory
Services Infrastructure
Information in this document is subject to change without notice. The names of companies,
products, people, characters, and/or data mentioned herein are fictitious and are in no way intended
to represent any real individual, company, product, or event, unless otherwise noted. Complying
with all applicable copyright laws is the responsibility of the user. No part of this document may
be reproduced or transmitted in any form or by any means, electronic or mechanical, for any
purpose, without the express written permission of Microsoft Corporation. If, however, your only
means of access is electronic, permission to print one copy is hereby granted.
Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual
property rights covering subject matter in this document. Except as expressly provided in any
written license agreement from Microsoft, the furnishing of this document does not give you any
license to these patents, trademarks, copyrights, or other intellectual property.
2000 Microsoft Corporation. All rights reserved.
Microsoft, Windows, Windows NT, Active Directory, BackOffice, PowerPoint, Visual Basic, and
Visual Studio are either registered trademarks or trademarks of Microsoft Corporation in the
U.S.A. and/or other countries.
The names of companies, products, people, characters, and/or data mentioned herein are fictitious
and are in no way intended to represent any real individual, company, product, or event, unless
otherwise noted.
Other product and company names mentioned herein may be the trademarks of their respective
owners.
Project Lead: Andy Sweet (S&T OnSite)
Instructional Designers: Andy Sweet (S&T OnSite), Ravi Acharya (NIIT), Sid Benavente,
Richard Rose, Kathleen Norton
Instructional Design Consultants: Paul Howard, Susan Greenberg
Program Managers: Lorrin Smith-Bates (Volt), Megan Camp (Independent Contractor)
Technical Contributors: Angie Fultz, Lyle Curry, Brian Komar (3947018 Manitoba, Inc.), Jim
Clark (Infotec Commercial Systems), Bill Wade (Excell Data Corporation), David Stern, Steve
Tate, Greg Bulette (Independent Contractor), Kathleen Cole (S&T OnSite)
Graphic Artist: Kirsten Larson (S&T OnSite)
Editing Manager: Lynette Skinner
Editor: Jeffrey Gilbert (Wasser)
Copy Editor: Patti Neff (S&T Consulting)
Online Program Manager: Debbi Conger
Online Publications Manager: Arlo Emerson (Aditi)
Online Support: Eric Brandt (S&T Consulting)
Multimedia Development: Kelly Renner (Entex)
Testing Leads: Sid Benavente, Keith Cotton
Testing Developer: Greg Stemp (S&T OnSite)
Courseware Testing: Testing Testing 123
Production Support: Ed Casper (S&T Consulting)
Manufacturing Manager: Rick Terek (S&T OnSite)
Manufacturing Support: Laura King (S&T OnSite)
Lead Product Manager, Development Services: Bo Galford
Lead Product Managers: Dean Murray, Ken Rosen
Group Product Manager: Robert Stewart
Module 1: Introduction to Designing a Directory Services Infrastructure iii
Instructor Notes
This module provides students with the basic context and terminology for the
course. It starts by discussing how Microsoft
®
Windows
®
2000 Active
Directory
™
directory service works in an enterprise network. A framework is
presented for identifying the business needs that guide the design of the Active
Directory infrastructure. Finally, an overview of the architectural components
of Active Directory is provided.
At the end of this module, students will be able to:
!
Describe Active Directory in Windows 2000.
!
Explain the importance of determining business needs prior to designing an
Active Directory infrastructure.
!
Describe the architectural elements used in the design of the Active
Directory infrastructure.
Materials and Preparation
This section provides you with the required materials and preparation tasks that
are needed to teach this module.
Required Materials
To teach this module, you need the Microsoft PowerPoint
®
file 1561B_01.ppt.
Preparation Tasks
To prepare for this module, you should:
• Read all of the materials for this module.
Presentation:
30 Minutes
Lab:
00 Minutes
iv Module 1: Introduction to Designing a Directory Services Infrastructure
Module Strategy
Use the following strategy to present this module:
!
Role of Active Directory in an Enterprise
Explain that Active Directory is a directory service. Define the features of a
typical directory service. Then, describe the added functionality that Active
Directory provides.
!
Conducting an Organizational Analysis
Explain that prior to creating the design of the Active Directory
infrastructure, an architect must have a thorough understanding of the
organization and its needs. Emphasize that the business needs rather than
the technology of the organization must guide the design.
!
Architectural Elements of Active Directory
Describe the different elements of Active Directory and how each element
functions within Active Directory. Emphasize that a module will be devoted
to each element.
Customization Information
This section identifies the lab setup requirements for a module and the
configuration changes that occur on student computers during the labs. This
information is provided to assist you in replicating or customizing Microsoft
Official Curriculum (MOC) courseware.
There are no labs in this module, and as a result, there are no lab setup
requirements or configuration changes that affect replication or customization.
Module 1: Introduction to Designing a Directory Services Infrastructure 1
Overview
!
Role of Active Directory in an Enterprise
!
Conducting an Organizational Analysis
!
Architectural Elements of Active Directory
This module provides the basic context and terminology for the course. It starts
by describing how Microsoft
®
Windows
®
2000 Active Directory
™
directory
service works in an enterprise network environment. Prior to designing the
Active Directory structure, the architect must first identify the administrative
and business goals of an organization. General guidelines for identifying
business needs are provided, and a framework for making good design choices
is discussed. Finally, an overview of the architectural elements of Active
Directory is presented.
At the end of this module, you will be able to:
!
Describe Active Directory in Windows 2000.
!
Explain the importance of determining business needs prior to designing an
Active Directory infrastructure.
!
Describe the architectural elements used in the design of the Active
Directory infrastructure.
Slide Objective
To provide an overview of
the module topics and
objectives.
Lead-in
In this module, you will
understand the function and
components of Active
Directory.
2 Module 1: Introduction to Designing a Directory Services Infrastructure
Role of Active Directory in an Enterprise
!
Domains and OUs Form
Hierarchical Structures
!
Multiple Domains Can Form
#
Trees
#
Forests
DomainDomain
Domain
Tree
Tree
Forest
Objects
OU
OU
OU
OU
OU
OU
Domain
Domain
Domain
Domain
Domain
Domain
Active Directory in Windows 2000 is a network directory service.
Administrators use Active Directory to define, arrange, and manage objects,
such as user data, printers, and servers, so that they are available to users and
applications throughout the organization. Objects in Active Directory are
logically organized into a hierarchical structure. The objects that create the
overall structural hierarchy in Active Directory are:
!
Domains. This is the core unit of Active Directory. A domain is a container
of objects that share security requirements, replication processes, and
administration. Active Directory uses a multi-master replication model in
which all domain controllers are equal.
!
Organizational units (OUs). An OU is a container object that is used to
organize objects within a domain into logical administrative groups. Within
a domain, OUs form a hierarchical structure based on the organization’s
administrative model.
Multiple domains within a single Active Directory can create additional
structure in the form of:
!
Trees. A tree is a hierarchical arrangement of one or more domains with a
single root name. Domains within a tree share a common root domain name
and share information through automatic trust relationships.
!
Forests. A forest is a collection of one or more trees. Multiple trees within a
forest do not share a common root domain name, but share information
through automatic trust relationships. Multiple forests can share information
only through explicit trusts.
Slide Objective
To describe the logical
structure of Active Directory.
Lead-in
Active Directory has a
hierarchical structure that
you create with domains
and organizational units.
Module 1: Introduction to Designing a Directory Services Infrastructure 3
$
$$
$
Conducting an Organizational Analysis
!
Identifying Organizational Needs
!
Making Design Choices
!
Planning Guidelines
Enterprise architects must design the Active Directory directory service to meet
the business needs of the customer. The first step in meeting this goal is
performing an organizational analysis to determine the business as well as the
information technology (IT) needs of the customer.
Slide Objective
To identify steps for
obtaining information about
an organization.
Lead-in
Before designing the Active
Directory structure, you
must identify the
organization’s administrative
needs that will influence the
design of the Active
Directory structure.
4 Module 1: Introduction to Designing a Directory Services Infrastructure
Identifying Organizational Needs
!
Determine the Goals of the Organization
!
Analyze the Administrative Model
!
Anticipate Growth and Reorganization
!
Document the Gathered Information
Identifying organizational needs consists of the following steps:
!
Determine Goals of the Organization. As an architect, you must identify and
then prioritize the business needs of an organization. Once you have
identified the goals, you must translate them into a design for the Active
Directory structure that meets those goals. In the design, you must ensure
that Active Directory meets the business needs of the organization, instead
of basing the goals of the organization on the Active Directory structure.
!
Analyze the Administrative Model. The Active Directory directory service is
designed to support the storage and easy retrieval of information. The
design must support the administrative model. The administrators of an
organization support the enterprise. Therefore, you need to design Active
Directory to support administrator needs. These needs may be different from
the business practices of the organization. Identify and analyze the current
administrative model, and determine if any improvements can be made.
!
Anticipate Growth and Reorganization. An Active Directory structure has
an anticipated life span of three to five years. When designing the Active
Directory structure, you must anticipate future growth and reorganization,
and then design Active Directory so it can easily accommodate growth.
!
Document the Gathered Information. After your initial organizational
analysis, document your findings. Documentation will guide you through
the design process and clarify any conflicts that may occur as you design
Active Directory.
Slide Objective
To identify the steps for
identifying organizational
needs.
Lead-in
Identifying the needs of a
business or organization
begins by determining the
goals of the organization.
Module 1: Introduction to Designing a Directory Services Infrastructure 5
Making Design Choices
!
Decision Points
!
Implications
!
Risks and Costs
!
Tradeoffs
When making design choices, identify the following factors that will influence
design:
!
Decision Points. You should filter information you received from your
organizational analysis. Organizations can often provide too little or too
much information about their business needs. Careful examination of your
information will help you incorporate only the most pertinent information
into the design of the Active Directory structure.
!
Implications. Be aware of the implications of making a particular design
decision, and possible alternatives to the decision. There are often several
ways to achieve an intended outcome in the design of the Active Directory
structure. Knowing the implications of each possible option will help guide
your design choices.
!
Risks and Costs. Identifying risks before beginning the design process gives
you an opportunity to mitigate or decrease possible problems. For example,
if there are limited resources for testing, then implementation of a design
can be scheduled for off-peak hours to mitigate any unforeseen results of the
implementation.
!
Tradeoffs. Every organization will have individuals or departments with
different goals for the project. Not all goals may be achievable due to
schedule and resource constraints. By prioritizing goals and identifying
positive and negative characteristics of each goal, you can make effective
tradeoff decisions.
Slide Objective
To describe design choices
that must be identified when
designing Active Directory.
Lead-in
You must evaluate the
information you receive from
your organizational analysis,
as some information may
not be pertinent to the
design of the Active
Directory structure.
6 Module 1: Introduction to Designing a Directory Services Infrastructure
Planning Guidelines
!
Remember Business Needs
!
Maintain a Clear Vision
!
Make Solid Tradeoff Decisions
!
Create a Simple Design
!
Test the Design
When designing an Active Directory structure, ensure that the business needs,
rather than the technology, determine the design. Only allow technology to
influence your design if the technology can provide a more efficient means of
doing business.
As your design progresses, maintain a clear vision of your overall structure.
Carefully consider tradeoff decisions when faced with design options. The best
strategy is to create the simplest design possible. Finally, ensure that the design
is adequately tested before releasing the design to the team responsible for
implementing Active Directory.
Slide Objective
To describe best practices
for planning Active
Directory.
Lead-in
Ensure that the design of
the Active Directory
structure meets the
business needs of the
organization.
[...]... understand the capabilities of each component and the design elements within Active Directory that each component influences 7 8 Module 1: Introduction to Designing a Directory Services Infrastructure Designing a Naming Strategy Slide Objective To introduce the naming standard used by Active Directory Lead-in Active Directory uses the DNS naming convention to name domains ! Active Directory Uses DNS as Naming... root domain Module 1: Introduction to Designing a Directory Services Infrastructure Designing for Delegation of Administrative Authority Slide Objective To describe how administrative authority may be delegated in Active Directory Lead-in You can create an Active Directory structure for delegating administrative authority ! Relieves Burden of Centralized Management ! Separates Administrative Authority... nwtraders.msft Domain asia.nwtraders.msft Mfg Mfg HR HR na.nwtraders.msft recruiting recruiting training research training research Delegating administrative authority in Active Directory allows network administrators to grant administrative control of objects in Active Directory to trusted users Delegating authority reduces the workload of a centralized administrator, and also separates the delegated... can access information in Active Directory and the level of permissions that they can have This precise specification allows network administrators to delegate specific authority over portions of Active Directory to groups of users, without making its information vulnerable to unauthorized access 9 10 Module 1: Introduction to Designing a Directory Services Infrastructure Designing Schema Modifications... carefully designing the Active Directory infrastructure, you can apply GPOs to intended users and computers in upperlevel domains or OUs so that the GPOs will be inherited to lower-level domains and OUs 12 Module 1: Introduction to Designing a Directory Services Infrastructure Designing an Active Directory Domain Slide Objective To describe the structure of an Active Directory domain Lead-in A domain... Conducting an Organizational Analysis ! Architectural Elements of Active Directory 1 How are the logical structure elements of Active Directory organized and what relationships do they form in Active Directory? Elements are organized into OUs within a domain Domains link together to form trees Trees join together to create a forest 2 What among an organization’s needs should have the greatest influence... Objective To describe the function and scope of the Active Directory schema ! Schema Defines Objects and Attributes in Active Directory ! Changing the Schema Can Affect the Entire Network ! Create a Schema Modification Policy to Manage Changes Lead-in The Active Directory schema is the underlying foundation of Active Directory, and contains definitions for all objects and classes within Active Directory. .. Changing the schema has implications that can affect the entire network Schema modifications are rare, but an organization may have business needs that can only be met by schema modification You will need to create a schema modification policy to manage the modification process Module 1: Introduction to Designing a Directory Services Infrastructure 11 Designing for Group Policy Slide Objective To describe... Presence a Determining Factor in Selecting Domain Names Domain Name System Domain Name System (DNS) (DNS) nwtraders.msft nwtraders.msft Active Directory follows the Domain Name System (DNS) standard as a basis for naming domains Active Directory also uses DNS as the domain locator service You can use DNS for name resolution of the organization’s internal resources, such as its intranet, and external resources,.. .Module 1: Introduction to Designing a Directory Services Infrastructure $ Architectural Elements of Active Directory Slide Objective To identify the elements of Active Directory and strategies for designing these elements Lead-in There are several architectural elements of the Active Directory structure that need to be included in the design ! Designing a Naming Strategy ! Designing for Delegation .
Active Directory.
12 Module 1: Introduction to Designing a Directory Services Infrastructure
Designing an Active Directory Domain
!
Create OUs to. Active Directory domain.
Lead-in
A domain is the basic
administrative object within
Active Directory.
Module 1: Introduction to Designing a Directory Services
Ngày đăng: 24/01/2014, 10:20
Xem thêm: Tài liệu Module 1: Introduction to Designing a Directory Services Infrastructure doc, Tài liệu Module 1: Introduction to Designing a Directory Services Infrastructure doc