Directory Services Architecture

Document your existing domain structure as part of your plan to move to Active Directory. Identify your domain architectures, the users and user groups in your organization and their geographical location, and resource and administrative domains. Document the one- and two-way trust relationships that exist between domains. Document whether you have a noncontiguous namespace, possibly created by acquisitions, mergers, or other actions. This information will assist you when you are planning your Windows 2000 domain forest and determining the type of trust relationship you will establish among these domains.

Identify any directory services that are not Windows NT currently running on your network, such as Microsoft® Exchange Server directory service extensions, or UNIX BIND. Identify all of the user accounts that exist for each user. This information will be useful both during the migration to Active Directory and in maintaining correct functionality between Active Directory and other directory services because you will have all account information for each user.

Domain Administration Model

Identify your main administration model (or standards) for domain administration. Do you have a centralized, hierarchical administrative model, or does your organization permit a distributed model of administration? What can local administrators do compared to enterprise-wide administrators? Is there overlap between administrative models in your organization? This information will help to determine whether administrative duties can be restructured under Windows 2000, making domain administration less expensive and more efficient. Windows 2000 offers significant improvements in your ability to administer both the largest and smallest details of your network.

When examining your existing domain structure, document the following information for your network:

Type of domain structure    Most networks have multiple master account domains with many more resource domains. When migrating or upgrading existing domains to Windows 2000, your existing domain structure will influence your Windows 2000 domain structure design. For more information, see "Determining Domain Migration Strategies" in this book.

Existing trust relationships    Note the existing one- and two-way trust relationships in your network. Identify any domains and trust relationships that you do not want to move into your Windows 2000 domain forest structure. Domains that are upgraded to Windows 2000 domains and designated as part of the same forest will connect to other Windows 2000 domains through transitive trust relationships. After you upgrade your domains to Windows 2000, you need to create explicit trust relationships between Windows 2000 domains and any domains that you do not want to move into the new forest.

The number and location of domain controllers on your network    This will allow you to plan the upgrade for each domain . You should have the primary and backup domain controllers identified on your physical and logical network diagrams. Note their physical locations and configuration details. For more information about determining the sequence and timing of domain controller upgrades, see "Determining Domain Migration Strategies" in this book.

The DNS namespaces that exist in your organization    Knowing what namespaces exist in your organization will help you to create a unique namespace for your Windows 2000 forest. Deciding on a DNS namespace as the root of your Active Directory hierarchy is an important part of your planning, because it is not easy to change the root namespace after designing your hierarchy. For more information about planning your domain structure for Active Directory, see "Designing the Active Directory Structure" in this book.