Implementing an

Active Directory
Infrastructure

Presented By
Tushar Oza
Overview

Business Scenario
Requirements for the Active Directory Infrastructure
Class Discussion: How to Implement the Active Directory
Infrastructure
Lab A: Implementing the Active Directory Infrastructure

Presented By
Tushar Oza
 Business Scenario

North America
Asia
Toronto
Seattle
Singapore Detroit
Denver
Bangalore

Australia

Sydney

Presented By
Tushar Oza
Requirements for the Active Directory
Infrastructure
Implementation Requirements
A Single Schema
Fault Tolerance in the Forest Root Domain
DNS Infrastructure in Place Before Installing
Active Directory
DNS Solution Must Be Secure
Reduction in Network Traffic and Separate
Security Group Policy
Set Up Printer Locations
Standardization of the Administrative Model of
OUs
Delegation of Administrative Control
Creation of User and Group Types
Presented By
Access to Performance Review Data
Tushar Oza
Group Policy to Manage Users’ Desktops and
• Class Discussion: How to Implement the Active Directory
Infrastructure

Installing and Configuring DNS

Installing Active Directory
Creating Sites and Site Links
Setting Up Printer Locations
Creating the OU Structure and Delegating Administrative
Control
Creating Users and Groups
Implementing Group Policy

Presented By
Tushar Oza
 Installing and Configuring DNS
 Root Domain Is contoso.msft

? 


Minimize DNS Name Resolution Network
Traffic Between Regions
DNS Should Be Secure
 DNS Is Fault Tolerant
How Do You Set Up DNS?

DNS ?
contoso.msft

asia.contoso.msft au.contoso.msft

Presented By
Tushar Oza
 Installing and Configuring DNS (2)
 Install DNS Server Service on All Domains
 Implement Active Directory Integrated Zones
and Secure Dynamic Updates on All DNS
Servers
 Install at Least Two DNS Servers in the Forest
RootActive
Domain Active
Directory Root Directory
Integrated Integrated
Zone DNS Zone
Servers
Secure Dynamic Secure Dynamic
contoso.msft
Update Update

Active Active
Forest
Directory Directory
Integrated Integrated
DNS DNS
Zone Zone
Server Server

Secure Dynamic Secure Dynamic

Presented By
Update asia.contoso.msft au.contoso.msft Update
Tushar Oza
 Installing Active Directory
 Single Schema

? 


Directory Services Are Fault Tolerant
Reduce Network Traffic and Apply Separate
Security Group Policy
 Ensure Operations Masters Are Working
Correctly
How Do You Install Active Directory?

?
contoso.msft

asia.contoso.msft au.contoso.msft

Presented By
Tushar Oza
 Installing Active Directory (2)
 Single Forest with at Least Two Child Domains
 Two Domain Controllers in the Forest Root
Domain
 Separate Domains in Each Region
 Can Transfer Infrastructure Master to a Non-
Global Catalog Server
Root

contoso.msft

Forest

asia.contoso.msft Presented By
au.contoso.msft
Tushar Oza
 Creating Sites and Site Links

North America
Asia
Toronto
Seattle
Singapore Detroit
Denver
Bangalore

?



Optimize Replication
Minimize the Use of the Australia
Network Across WAN
Links Sydney
 Manage Replication
Between Sites
Presented By
How Do You Ensure Tushar Oza
This?
 Creating Sites and Site Links (2)

North America
Asia

Toronto
Seattle
Detroit
Bangalore Denver
Singapore
IP subnet
Site IP subnet
Australia
 Create Sites
 Associate Subnet Sydney
Objects to Sites
 Create and Configure Presented By
Site Links Tushar Oza
 Setting Up Printer Locations
Contoso, Ltd.

North America Asia Australia

Seattle Toronto Detroit Denver Sydney

Building 1 Floor 1 Building 1 Building 1 Building 1

Building 2 Floor 2 Building 2 Building 2 Building 2

Building 3 Floor 3 Building 3 Building 3 Building 3

?
 Ease User Search for
Printers Located Near
Bangalore Singapore

Building 1 Building 1
Them
How Do You Ensure Building 2Presented
Building 2 By
Tushar Oza
This?
 Setting Up Printer Locations (2)
Contoso, Ltd.

North America Asia Australia

Seattle Toronto Detroit Denver Sydney

Building 1 Floor 1 Building 1 Building 1 Building 1

10.15.1.0 10.20.1.0 10.30.1.0 10.10.1.0 10.60.1.0
Building 2 Floor 2 Building 2 Building 2 Building 2
10.15.2.0 10.20.2.0 10.30.2.0 10.10.2.0 10.60.2.0
Building 3 Floor 3 Building 3 Building 3 Building 3
10.15.3.0 10.20.3.0 10.30.3.0 10.10.3.0 10.60.3.0

Bangalore Singapore
 Implement Printer Building 1 Building 1
Locations 10.40.1.0 10.50.1.0
 Use Subnet Mask of Building 2 Presented
Building 2 By
10.40.2.0 10.50.2.0
255.255.255.0 Tushar Oza
 Creating the OU Structure and Delegating
Administrative Control

?
 Standardized Administrative Model
 Delegate Administrative Control
What Is the OU Structure for Each
Domain and How Will You Delegate
Administrative Control for Each
Domain?

? ? Presented By
Tushar Oza
 Creating Organizational Units (2)
 Create a Common OU Structure in Each Domain
 Delegate Administrative Control of the Three
Department OUs to a Different Administrator

Information Human
Accounting
Services Resources

Help Customer Accts Accts

Benefits
Payroll
Training
Recruiting
Desk Support PayableReceivable

Apps OSMessaging

Presented By
Tushar Oza
 Creating Users and Groups

?
 Create Multiple Users
 Managers Need Read Access to the
Performance Review Data for the Entire
Organization
 Managers Need Full Control to the
Performance Review Data of Employees in
Their Departments
How Do You Set Up Groups?

Performa
nce contoso.msft
Review

asia.contoso.msft Presented By
au.contoso.msft
Tushar Oza
 Creating Users and Groups (2)

4 contoso.msft
5
1.Add Manager
Accounts into a
Department DLG
Global Group in 5 Performa

Each Domain
2 nce
Review

2.Add Department 3
Global Groups
into a Domain
Managers Global
Group 1
3.Add Domain
Managers Global 4 5
Group into a
Universal Group
4.Add Universal DLG
Group into
Domain Local
Groups for Each 1 5 1 DLG
Domain 4
5.Assign Read asia.contoso.msft Presented By
au.contoso.msft
Permissions for Tushar Oza
 Creating Users and
Groups (3)
1.Add Manager
Accounts into a
Department
Global Group 3
contoso.msft 3
2.Add 3
Department
DLG
Global Groups Performa

into 3 Domain 2 nce

Review
Local Groups
3.Assign Full 1
Control
Permission for
Performance 3 3
Review to the
Domain Local
Group for Each DLG DLG
Department 2 2

1 1
asia.contoso.msft Presented By
au.contoso.msft
Tushar Oza
 Implementing Group Policy

?  Deploy Cosmo 2
Application to All Users
Except Those in Human
Domain
Information Services
Help Desk
Resources OU.
Applications
 Deploy Windows 2000
Messaging
Support Tools to All
Users in the Operating Systems
Information Services
Customer Support
OU Except Those in the
Contractors Group. Human Resources
 Implement the Benefits
Organization-Wide
Payroll
Group Policy Settings
by Using Training
Administrative Recruiting
What Is the
Templates.
Proposed Group Accounting
Secure the Network
Policy
Resources by Accounts Payable
Implementation Presented By
Implementing for Accounts Receivable
All Domains?
Organization-Wide Tushar Oza
 Implementing Group Policy (2)

Domain
Information Services
Help Desk
Applications
GPOs
Messaging
Operating Systems

Customer Support
No GPO
Human Resources
Settings Apply
Benefits
Payroll
 Enable the Block
Policy Inheritance Training
for the GPO Linked Recruiting
to the Human Accounting
Resources OU
Accounts Payable
Presented By
Accounts Receivable
Tushar Oza
 Implementing Group Policy (3)

Domain

 Create and Link a Information Services

GPO to the Help Desk
Information Services
Applications
OU
 Deny the Apply Group Messaging
Policy Permission to Operating Systems
the User Accounts of
the Contractors Customer Support
Group in the
Messaging OU

Presented By
Tushar Oza
Lab A: Implementing the
Active Directory Infrastructure

Presented By
Tushar Oza