Overview of Planning an Active Directory Deployment Project

  • Article

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Active Directory in the Microsoft® Windows® Server 2003, Standard Edition; Windows® Server 2003, Enterprise Edition; and Windows® Server 2003, Datacenter Edition operating systems allows organizations to simplify user and resource management while creating a scalable, secure, and manageable infrastructure. You can use Active Directory to manage your network infrastructure, including branch office, Microsoft® Exchange Server, and multiple forest environments.

Although the guidelines presented in this book are appropriate for almost all network operating system (NOS) management deployments, the guidelines have been tested and validated specifically for environments that contain fewer than 100,000 users and fewer than 1,000 sites, with network connections of a minimum of 28.8 kilobits per second (Kbps). If your environment does not meet these criteria, consider using a consulting firm that has experience deploying Active Directory in more complex environments.

Deploying Active Directory provides the following benefits to your organization:

  • Simplified administration and resource management. You can delegate administration to all levels of an organization, and you can use Group Policy to centralize administration.

  • Increased network security and single sign-on for users. Active Directory supports multiple authentication protocols and X.509 certificates, and provides support for smart cards.

  • Interoperability with other directory services. Active Directory provides standards-based, open interfaces that interoperate with other directory services and applications, such as e-mail applications.

  • Features that reduce administration costs, increase security, and provide additional functionality. Application directory partitions allow you to configure application-specific data replication settings on domain controllers. When you raise domain or forest functional levels to Windows Server 2003, you can do the following:

    • Rename domains and domain controllers

    • Establish two-way forest trusts

    • Restructure forests

    • Improve replication

    • Remove some limitations in environments with a large number of sites

Although the Windows Server 2003 Active Directory design and deployment strategies that are presented in this book are based on extensive lab and pilot-program testing and successful implementation in customer environments, you might have to customize your Active Directory design and deployment to better suit specific, complex environments. For more information about deploying Active Directory in a branch office environment, see the Active Directory Branch Office Planning Guide. For more information about deploying Active Directory in an Exchange environment, see Best Practice Active Directory Design for Exchange 2000. For more information about deploying Active Directory in a multiple forest environment, see Multiple Forest Considerations. To download these guides, see the Active Directory link on the Web Resources page at https://www.microsoft.com/windows/reskits/webresources, and then click "Planning & Deployment Guides."

This book also provides flowcharts, job aids, and deployment examples to help you optimize your Active Directory design and deployment process.