Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

active directory design

0 views
Skip to first unread message

John Dalton

unread,
Nov 4, 2009, 2:49:40 PM11/4/09
to
how to design active directory tree structure


Meinolf Weber [MVP-DS]

unread,
Nov 5, 2009, 2:32:19 AM11/5/09
to
Hello John,

Create an OU for your business needs for branches and inside with computers
and users OU. So you can apply GPOs for users and computers separate.

But it sounds for me that you are not familiar with AD, so i strongly recommend
to build a lab environment where you can try and learn from before implementing
it into a productive environment.

Additional AD requires knowledge about DNS, Group policies and some more
topics. So please give some more info about your environment.
http://technet.microsoft.com/en-us/library/bb727085.aspx


Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

John Dalton

unread,
Nov 5, 2009, 10:08:48 AM11/5/09
to
Meinolf

Thank you for pointing me in right direction. I am looking for a best
design where one can manage profiles such as Developer, Testers,Temp Users,
Admins, Remote Admins(With two factor authentication), Enterprise Domain
Admins, Wired Devices, Wireless Devices, Mobile Devices, Networking Devices
and Application/Database/File/Certificate Servers. There can be different
forests and domains as below:
ForestCountryATest
DomainA
DomainB
DomainC
ForestCountryAProd
DomainA
DomainB
DomainC
ForestCountryAOPER
DomainA
DomainB
DomainC
ForestCountryBTest
DomainA
DomainB
DomainC
ForestCountryBProd
DomainA
DomainB
DomainC
ForestCountryBOper
DomainA
DomainB
DomainC

In fact the environment is going to be very complex. So what design would
be a good one to manage this really huge infrastructure. If one were to
build a scaled down version in lab environment using virtualisation, what
kind of Hardware Configuration and servers are recommended.

Thanks
John


"Meinolf Weber [MVP-DS]" <meiweb@(nospam)gmx.de> wrote in message
news:6cb2911d91428...@msnews.microsoft.com...

Florian Frommherz [MVP]

unread,
Nov 6, 2009, 5:02:34 AM11/6/09
to
Howdie!

John Dalton wrote:
> In fact the environment is going to be very complex. So what design would
> be a good one to manage this really huge infrastructure. If one were to
> build a scaled down version in lab environment using virtualisation, what
> kind of Hardware Configuration and servers are recommended.

So I would suggest the following procedure (others may disagree) here:
(1) Check and read up on features things that can only be configured
forest-wide and domain-wide. Decide whether you have several departments
that need those features configured differently. Those are indicators
for different domain/forests.

(2) Start your new forest diagram with one forest, one domain. Try to
arrange departments, people and computers in a way that helps you (a)
Manage them easily (the OU structure isn't too complex to understand)
(b) can apply Group Policy easily on them and (c) delegate control
easily. Try to keep it as centralized as possible (1 forest, 1 domain)
and only create a new domain/new forest if reasons in (1) force you to
do so.

Cheers,
Florian

meinolfweber

unread,
Nov 6, 2009, 5:17:32 AM11/6/09
to
Hello John,

You can simplify the shown diagramm when you built it into single forest
single domain environment. All separations you can achive with OUs where
you use delegated control and GPOs for the different needs. This will leave
you alone from managing also the complete trust environment, if you need
connectivity between all forests.

Different forests are normally only used if you need a real security boundary
which shouldn't be the case here.

The maybe only one for a separation should be a test domain which has the
exact setup of the production one, so you can do testing before implementing
changes in the production one. This of course requires that you make allways
all changes from the production in the test domain also, to have them redundant.

Florian Frommherz [MVP]

unread,
Nov 6, 2009, 5:34:12 AM11/6/09
to
Howdie!

John Dalton wrote:
> In fact the environment is going to be very complex. So what design would
> be a good one to manage this really huge infrastructure. If one were to
> build a scaled down version in lab environment using virtualisation, what
> kind of Hardware Configuration and servers are recommended.

Brian Desmond has a good slide deck on designing AD. The held the
session for the UK Active Directory User Group:
http://adug.co.uk/media/p/298.aspx

Cheers,
Florian

0 new messages