Chapter Assumptions and Sample Configuration
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
A sample configuration has been devised to illustrate the various steps in creating a simple managed environment. This sample consists of a fictional organizational unit (OU) structure. You might want to go through each step using the sample data before implementing your own design; or, you might prefer to work through this guide, replacing the samples with your actual OUs and user accounts.
Organizational Units in the Sample Configuration
The chapter steps you through the creation of the OU structure and the users described in Table 9.1.
Table 9.1 Example of an OU Structure for a Simple Managed Environment
| User Name | User Requirements | Security Group | Organizational Unit | Computer Type |
|---|---|---|---|---|
Florian Voss |
Domain Administrator; roaming profile; offline files; redirected folders |
Administrators RUPUsers |
IT |
Mobile |
Hung-Fu Ting Christie Moon |
No roaming profile; offline files; redirected folders; needs access to the Microsoft® Office productivity suite only. |
|
Bookkeeping |
Desktop |
Nicole Holliday Tzipi Butnaru |
Roaming profiles; offline files; redirected folders; needs access to Microsoft Office only. |
RUPUsers |
Sales |
Mobile |
The following common characteristics and groupings are important to remember when applying policies (discussed in "Setting Policies to Manage User Data and Settings" later in this chapter):
All users have redirected folders and offline files, and need access to Microsoft® Office applications.
All users except the members of the Bookkeeping OU have roaming user profiles (RUP).
The users in the IT and Sales OUs have mobile computing needs, but they almost always connect to the local area network (LAN) over a fast link.
The users in the IT OU need access to the Windows Server 2003 Administrative Tools Pack.
This fictitious OU exists in a fictitious company named A. Datum Corporation with the domain name of adatum.com.
Hardware Configuration and Assumptions
Certain hardware and network assumptions are made in this chapter, which might not be true of your own environment. Read this chapter with the understanding that you need to reject assumptions if they do not apply to your organization.
The hardware configuration outlined here is intended to supply the basic needed components for a simple environment. The infrastructure includes one mobile client computer and one desktop client computer to demonstrate management techniques for these two common types of client computers. One server is deployed, which takes on several roles: Active Directory domain controller, Domain Name System (DNS) server, secure software distribution point using Distributed File System (DFS), and Software Update Services (SUS) distribution server. This computer also contains all of the application software, user state, and user data files for the organization.
Organizations frequently deploy a second server to host applications, SUS, and user data and settings. With this configuration, the DC can maintain the highest possible performance in its primary role. However, for a small organization, one server usually can fulfill all of these roles.
It is highly recommended that, if possible, you deploy a second DC to provide backup and redundancy. With two domain controllers, if one DC becomes unavailable, users still can log on and access their data using the second domain controller. By default, if no DC is available, only users with cached credentials can log on to the network.
Having a second DC already in place provides a much faster method of restoring service to users than having to create a new DC and populate its information from an external backup source. The second DC contains a complete and up-to-date replica of the entire Active Directory database; if the hard disk or data is corrupted on one DC, the second DC ensures that you will not have to rebuild your OU structure or repopulate your Active Directory database. The addition of a second DC should be a primary upgrade consideration for scaling your initial network and keeping it highly available.
If you choose to add a second DC to your network, consider the following:
Replication affects network traffic. Place both DCs on the same network segment for best replication performance.
A client computer can retrieve Group Policy objects (GPOs) from a DC to which a recent change has not yet been replicated.
In a simple environment, it is recommended that you leave the operations master roles on one DC.
Note
- For complete information about deploying multiple domain controllers in an Active Directory environment, see "Designing the Active Directory Logical Structure" in Designing and Deploying Directory and Security Services of this kit.
Because this chapter’s goal is to explain how to use change and configuration management techniques to manage a simple environment, the configuration that is presented does not include a second domain controller. The following assumptions and configuration are used in this chapter:
Your network infrastructure does not include a secondary server or DC.
The DC has one physical drive with two partitions. The first partition is logical drive C, and it will contain the Windows Server 2003 operating system. The second partition is logical drive D, and it will contain all software and user data that is not part of the operating system.
The CD-ROM for the DC is logical drive E.
Minimum Hardware and Software Configurations for a Simple Managed Environment
To begin building your simple managed environment, use the minimum hardware and software configurations listed in Table 9.2. Your hardware list will expand to fit your organization’s computing needs.
Table 9.2 Minimum Hardware and Software Configuration for a Simple Managed Environment
| Device | Requirements |
|---|---|
Domain controller running Windows Server 2003 |
See the Windows Server 2003 System Requirements link on the Web Resources page at https://www.microsoft.com/windows/reskits/webresources. |
One desktop client computer running the Microsoft® Windows® XP Professional operating system |
See the Windows XP Professional System Requirements link on the Web Resources page at https://www.microsoft.com/windows/reskits/webresources. |
One mobile client computer running Windows XP Professional |
See the Windows XP Professional System Requirements link on the Web Resources page at https://www.microsoft.com/windows/reskits/webresources. |
Network Address Translator (NAT)-enabled router |
Standard 5-port router recommended. |
Broadband (cable or DSL) modem |
No requirements. |