Active Directory Design Decision Process

Published: February 25, 2008

 

This guide focuses on addressing the critical design decisions faced by most organizations when implementing Active Directory in Windows Server 2008.

This guide’s goal is to address the most common scenarios, decisions, activities, options, tasks, and outcomes that most organizations will encountered. It does not attempt to address every possible scenario or permutation of a scenario. Readers who think their situation is unique should consider hiring a design consultant to address their needs.

Decisions

This guide addresses the following decisions and/or activities that need to occur in preparing for Active Directory planning. The following 13 steps represent the most critical design elements in a well-planned Active Directory implementation:

  1. Determine the number of forests (step 1).
  2. Determine the number of domains required for each forest (step 2).
  3. Assign Domain Name Service (DNS) and NetBIOS names for each domain (step 3).
  4. Select the forest root domain for each forest (step 4).
  5. Design the organizational unit (OU) structure for each domain (step A1).
  6. Determine the domain controller placement for each domain (step B1).
  7. Determine the number of domain controllers for each location (step B2).
  8. Plan global catalog server placement for each forest (step B3).
  9. Plan the Flexible Single Master Operations (FSMO) role placement for each forest and domain (step B4).
  10. Create a site design (step C1).
  11. Create a site link design (step C2).
  12. Determine the site link bridge design (step C3).
  13. Determine domain controller hardware and installation configuration (step D1).

Some of these items represent decisions that must be made. Where this is the case, a corresponding list of common response options will be presented.

Other items in this list represent tasks that must be carried out. These types of items are addressed because their presence is significant in order to complete the infrastructure design.

Decision Flow

In many cases, the sequence in which the decisions are made or the tasks are accomplished is significant to the design process. The critical path of the design process is the path that orders decisions in series, as one task must be completed before another task starts.

The critical path for Active Directory design is illustrated in the flow chart in Figure 2. For the purposes of this document, the steps will be performed in a sequential path, moving from top to bottom of the diagram. Some process flows in this path can be performed either in parallel or sequentially in any order. For example, both A and B must be completed; however, they can be performed at the same time, A can be performed before B, or vice versa.

Figure 2. Critical path and process flow for Active Directory design

Information Collection

Various types of information will be needed during the planning process. The following information is required for designing the Active Directory infrastructure.

  • Needed for designing the OU structure of each domain (A1)
    • The current administrative model used in the organization. This lists who is responsible for managing the resources of the environment. Another way of looking at it would be to ask “Who does what to whom?”
    • Group Policy deployment requirements and strategies
  • Needed for domain controller placement (B1)
    • The number of users per physical location (for example., corporate office, branch office, satellite office)
    • The number of computers per physical location
  • Needed for creating a site design (C1)
    • Physical location map
    • Network link speeds and available bandwidth between locations
    • TCP/IP subnets used in each physical location
    • Domains represented in each physical location
    • Domain controllers (per domain) in each physical location
  • Needed for creating a site link design (C2): Replication convergence goals for the following:
    • Configuration and Schema
    • Domain
    • Global Catalog
    • Application Partitions

Applicable Scenarios

This guide addresses considerations that are related to planning and designing the necessary components for a successful Active Directory infrastructure:

  • Production corporate intranets
  • Centralized facilities (hub locations)
  • Branch offices (satellite locations)
  • National networks
  • Global networks

Out of Scope

This document is designed to guide the architect through the process of designing the core implementation for Active Directory. Its scope has therefore been limited so that it does not cover the following areas:

  • Active Directory/Application Mode (AD/AM), which is a lightweight implementation of Active Directory, sometimes set up for use by individual applications.
  • Migration from, co-existence with, or interoperation with non-Microsoft directory services.
  • Migration from implementations earlier than Windows Server 2008. There are, however, some design considerations involving Windows 2000 server components.
  • Federated implementations in which multiple corporations are joined together.
  • Multi-tenant considerations in which multiple companies are hosted within a forest.

The remainder of this document addresses the decisions and activities previously defined.

This accelerator is part of a larger series of tools and guidance from Solution Accelerators.

Download

Get the IPD Active Directory Domain Services

Solution Accelerators Notifications

Sign up to learn about updates and new releases

Feedback

Send us your comments or suggestions