Active Directory(AD) is a directory service from Microsoft, which provides different services related to the organized storage for network objects. The structure of AD consists of a domain and an Organizational Unit (OU) where the domain is the core unit in the structure of AD, and OU helps to organize AD. An OU in AD consists of users, groups and computers, which forms the basic structure of AD. A user in AD is an individual person, a group is a group of user accounts, and a computer is a specific workstation. Organizing and creating a user, computer, and group to form an organization is one of the major administrative tasks in Windows server. The administrators of Windows server have been provided with full flexibility to design the OU structure according to the need of their organization.
A directory service is different from directory because a directory service is both the source of the information and the technique that makes the information available to the users, whereas a directory simply stores the required information. In addition, directory service also plays an important role in maintaining an organization’s network infrastructure, performing system administration, and controlling access to the company’s information systems. In other words, a directory service acts as an administrative tool as well as an end-user tool.
An Active Directory (AD) infrastructure consists of both a logical and a physical structure. Domains and forests describe the logical structure of a network. In this structure, domains are organized within domain trees, in which child domains are created under parent domains to form a branching structure. Domains contain users, groups, computers, and OUs, and OUs, in turn, contain users, groups, computers, and other OUs, Forest is a collection of domains trees that have trust relationships with one another.
Active Directory (AD) Infrastructure planning
As we know AD is a directory service from Microsoft, which provides different services to help store, organize and manage objects in a network. An AD infrastructure consists of both logical and a physical structure. Domain and forests describe the logical structure of a network and AD sites and subnets define the physical structure of an AD network.
However, before starting with the Active Directory (AD) infrastructure, we need to plan the AD infrastructure, which consists of the following basic phases:
Designing the domain namespace
Refers to the phase in which you need to decide how many domains you require and how you need to organize them in logical and forests. In this phase you need to decide the following?:
- Creating additional domains
- Selecting the design model
- Deciding and then designing the tree structure
- Specifying the names of the domains
- Creating any additional tree
- Creating any additional forest.
Design the Internal domain structure
Refers to the Phase in which you need to decide how many organizations units you need to create in each domain and also how you want to design internal tree structure. In this phase, you need to decide the following:
#Design a site topology
In this phase, you need to configure links between the multiple locations that you have created ion the site.
#Design group policy strategy
As per this phase, it needs to decide how many group policy objects (GPOs) you should create
In this first phase in planning the Active Directory (AD), infatuate is design the domain namespace. The basic objective while designing the domain space is to create a few domains as possible. This is because each domain is a separate administrative entity and therefore if you create few domains, we will have the less administrative task. In addition to this, each domain with its individual domain controller requires an additional hardware cost with each new domain that we create. Therefore, while creating an additional domain, we should have a valid reason. For example, in the following situations, we should create an additional domain:
Isolated replication: Refers to the situation in which the Wide Acess network (WAN) links are slow because of a single domain. This because, if you use a single domain for multiple sites then the entire database is replicated across WAN links. In this situation, a separate domain fo reach site should be created to reduce the replication traffic.
Unique domain policy – Specifies that settings such as password and account lockout policies are restricted domain level and therefore, you need to modify the Active Directory (AD)scheme directly. In a situation where different values are required for these settings, it is easier to create separate domains.
Domain upgrades- Refers to the situation in which we need to upgrade an existing Windows NT domain structure into an AD domain. In this situation, it is advisable to duplicate the Windows NT domains structure by creating multiple AD domains.
Along with this, the following are the situations in which you should not create an additional domain:
Size: Specifies that we should not create an additional domain because we have too many objects in it.
Administration: We should not create an additional domain for delegating administrative responsibilities which can be easily implemented by using organizational units.