Training
Certifications
Books
Special Offers
Community




 
MCSE Training Kit (Exam 70-219): Designing a Microsoft® Windows® 2000 Directory Services Infrastructure
Author Microsoft Corporation
Pages 512
Disk 2 Companion CD(s)
Level All Levels
Published 01/03/2001
ISBN 9780735611320
Price $59.99
To see this book's discounted price, select a reseller below.
 

More Information

About the Book
Table of Contents
Sample Chapter
Index
Related Series
Related Books
About the Author

Support: Book & CD

Rate this book
Barnes Noble Amazon Quantum Books

 

Index


Page references to figures and tables are indicated in italics.

A
abstract schema class objects  103
access control entries (ACEs),  184
access control lists. See ACLs
account domain  303
Account Lockout Policy  125
Account Policies subdirectory  125
ACEs (access control entries),  184
ACLs (access control lists)
    containing permissions for domain objects  7
    function of  184
    OUs and access control  193
Active Directory  1-36. See also designing Active Directory infrastructure; implementing Active Directory plan
    about directory services  2
    automatic schema modification  109
    components of  5
    connection objects  253, 254
    designing infrastructure for  38
    DNS namespace  26-31, 27, 29, 31
        benefits of DNS service  26
        DNS service essential to function of Active Directory  27
        hierarchical structure of  27-28, 27
        host names  30
        naming conventions  32-34
        RFCs on domain names and DNS  26
        root domains  28
        second-level domains  29-30, 29
        top-level domains  28-29
        zones  30-31, 31
    domains in  121
    group policies  23-25, 24
    lab exercise for migrating from Windows NT 4 to  326-28
    logical structures of  5-10, 6
        domains  6-7
        forests  9-10
        organizational units  7-8, 8
        trees  8-9, 9
    migrating from Windows NT 4 directory services,  planning steps for  294
    name servers  31-32
    objects and attributes for  2-3, 3
    online seminars on designing  272
    overview of  16, 34-35
    physical structure of  10-12
        domain controllers  11-12
        sites  10-11
    reasons to modify schema  108-9
    replication  17-20, 19, 20
        intersite  20, 20
        intrasite  19, 19
        what is replicated  17-18
    review questions  36
    role of global catalog  12-15, 15
    schema  3-5, 4
    selecting new preferred bridgehead server in failover  257
    trust relationships  21-22, 22
    zone replication for  168
Active Directory Connector. See ADC
Active Directory Migration Tool (ADMT),  291-93
Active Directory Schema snap-in  101-2
Active Directory Sizer
    calculating domain controllers needed in sites  247
    placing global catalog servers and operations masters using  268-69, 275-77
ADC (Active Directory Connector)
    configuring Exchange Server and Windows 2000 connection agreements  317-18
    defining connection agreements  317
    installing and setting up synchronization with  311
ADC group policy  315-16
administration
    delegating with OU structures  184-85, 184
        assessing IT administration requirements  194-95
        examples of  198-99, 199
        for full control or control of object classes  194-95, 198-99, 199, 200
        steps for  193-95
    of group policies  188-92, 189, 192
        exceptions to default processing order   190-91, 192
        inheritance  190
        overview  188
        processing order for settings  189, 189
        structuring OUs for  188-92, 189, 192, 197-98, 201, 202
    hierarchy models delegating OU  185-87, 185, 186, 187, 188
    of inheritance  184-85, 184, 190
    meeting requirements for defining domains  125
    need assessment
        for DNS server environment  169
        for domain controllers  245
        for domain hierarchies  145
        for domain names  151
        for domains  123-24
        for forest root domain  136
        for forests  92-93
        for schemas  107
    responsibilities for synchronizing Novell NetWare Bindery and NDS networks  321
    of user accounts  215, 217-18
administrative groups
    administering user accounts  215, 217-18
    Domains Admins group  13, 125, 127
    Schema Admins group  105
ADMT (Active Directory Migration Tool),   291-93
analyzing
    business environment  42, 48-49, 84-87
    business processes  57-63
        for communication flow  59, 59-60
        for decision making  61-62, 62-63
        for information flow  57, 57-59
    business strategy influences  63-64, 64-66
    business structure  52-53, 53-57
    current domain structure and Exchange Server site topology  315
    DNS environment  80-81, 81
    domain architecture of Microsoft Windows NT  82, 82
    hardware and software  74-75, 76-77
    network architecture  72, 72-74
    organization of information technology management  66-67, 68-69
    products and customers  49, 50-52
    technical environment  42, 70-71
    technical standards  77, 77-79
    Windows NT domain architecture  82, 82
architecture. See network architecture
attributes
    Active Directory  2-3, 3
    defined  2-3, 3
    inheritance for user class object  103, 103
    mapping Exchange Server to Active Directory  315-16
automatic schema modification  109
auxiliary schema class objects  103

B
bandwidth
    about average available  237
    calculating average available  72
base schema
    defined  101
    viewing  101-2
Bindery. See Novell NetWare Bindery
Block Policy Inheritance group policy setting  25, 191, 192
bridgehead servers
    in Active Directory Sizer  277
    designating  256-57
    in intersite replication  257-58, 258
    specifying preferred  260
business environment analysis  42, 48-49, 84-87
business environment analysis document  49
business processes  57-63
    analyzing information flow  57, 57-59
    communication flow analysis  59, 59-60
    decision making analysis for  61-62, 62-63
business strategy influences worksheet  63-64, 64-66
business structures worksheet, 53-56, 86-87, 92

C
catalog services,  defined  12
CD-ROM. See also worksheets
    "Comparative Active Directory Designs," 272
    "Designing the Active Directory Structure," 272
    "Designing in the Real World" (Trulli),  43
    "Designing in the Real World & Creating a Domain Plan" (Inman),  120
    "Designing in the Real World: Creating an Organization Unit Plan" (Minet),  182
    "How to Migrate Your Windows NT 4.0 Directory Services to Windows 2000 Active Directory," 293
    interview worksheets on  49
    white paper on Microsoft Metadirectory Services  314
    white papers on MSDSS deployment  313
    "Windows 2000: Designing and Deploying Active Directory Service for the Microsoft Internal Corpnet," 47
certificate authority (CA),  259
child domains  8-9, 27-28
child OUs  184, 184
collisions detected by domain controllers  12
command decisions  62
communication flow worksheet  59, 59-60
configuration container
    defined  91-92
    for multiple forests  94
configuration naming context  252
connection agreements for Exchange Server 5.5,  311
connection object  253, 254
consensus decisions  62
consultative decisions  62
containers. See also OUs
    configuration  91-92, 94
    defined  3, 3
    mapping Exchange Server containers to Active Directory domains and OUs  315
contiguous namespace  28
cross-link trusts  144-45, 144, 147

D
decision making worksheets  61-62, 62-63
decision matrix  61, 61
dedicated domain as forest root domain  137-38
Default-First-Site-Name object  243
delegated decisions  62
delegated subdomains  171
design. See also designing Active Directory infrastructure; design teams
    assembling teams for infrastructure  39-42, 42
    of forest model  96-99, 97, 113-14
    further readings on
        "Comparative Active Directory Designs," 272
        "Designing the Active Directory Structure," 272
        "Designing in the Real World" (Trulli),  43
        "Designing in the Real World & Creating a Domain Plan" (Inman),  120
        "Designing in the Real World: Creating an Organization Unit Plan" (Minet),  182
        "Windows 2000: Designing and Deploying Active Directory Service for the Microsoft Internal Corpnet," 47
    plan for OUs  45-46
    principles for infrastructure  46-47
    of pristine forest  300
    of schema modification plan  100-112
    for site topology  46
    stages of Active Directory  43-46
designing Active Directory infrastructure  37-88
    about Active Directory infrastructure design  38
    analyzing
        business environment  42, 48-49, 84-87
        business processes  57-63
        business strategy influences  63-64, 64-66
        business structure  52-53, 53-57
        DNS environment  80-81, 81
        hardware and software  74-75, 76-77
        information technology management organization  66-67, 68-69
        network architecture  72, 72-74
        products and customers  49, 50-52
        technical environment  42, 70-71
        technical standards  77, 77-79, 92
        Windows NT domain architecture  82, 82
    assembling design teams  39-42, 42
    establishing test environment for infrastructure  43
    guiding principles for  46-47
    lab exercise for analyzing business environment  84-85, 86-87
    review questions  88
    stages of  43-46
        creating domain plan  45
        creating forest plan  45
        creating organizational unit plan  45-46
        creating site topology plan  46
        overview  43, 44, 45
"Designing the Active Directory Structure," 272
"Designing in the Real World & Creating a Domain Plan" (Inman),  120
"Designing in the Real World: Creating an Organization Unit Plan" (Minet),  182
design teams  39-42, 42
    infrastructure designers on  39-40
    management representatives on  41
    sample multilevel  41-42, 42
    staff representatives on  40-41
directory-enabled application  109
directory information tree (DIT),  101
directory partition  17
Directory Service Remote Procedure Call (DS-RPC),  254, 259
directory services. See also Active Directory; designing Active Directory infrastructure; implementing Active Directory plan
    defined  2
    domains for Windows 2000,  28
    migrating from Windows NT to Active Directory  285-308
        about migration to Active Directory  285-86, 286, 308
        Active Directory Migration Tool  291-93
        assessing migration goals  294
        consolidating resource domains into OUs  301-2
        determining migration method  295
        domain restructuring  288-89, 288, 299-301
        domain upgrades  286-87, 287, 296-99
        lab exercise  326-28
        migrating resource domains  289-90
        minimizing production environment problems  290
        mixed and native domain modes for Windows 2000,  290-91
        with multimaster domain model  306-7, 307
        with multiple trust domain model  307-8, 307
        planning steps for  294
        with single domain model  302-3, 303
        with single master domain model  303-5, 304, 305
    synchronizing with Active Directory  309-25
        about  309-10, 325
        choosing one- or two-way synchronization  320
        with Exchange Server 5.5, 310-11, 314-18, 322-24, 324
        with LDAP-compliant directory services  313-14
        with Novell NetWare Bindery or NDS,   311-13, 319-22, 324-25
directory synchronization  310
disabling site link transitivity  255, 260
distinguished names (DNs), 32, 32
DIT (directory information tree),  101
DNS (Domain Name System). See also DNS servers; namespace
    analyzing current DNS environment  80-81, 81
    benefits of  26
    as essential to Active Directory  27
    RFCs on domain names and  26
    valid site names  238
DNS BIND  170, 173
DNS environment analysis worksheet  80-81, 81
DNS name servers. See DNS servers
DNS Notify process  166, 167
DNS servers  161-73. See also domains
    about  161-62, 162-63, 164, 172-73
    assessing environment of  169
    placing  170-71
        determining existing services  170-71
        planning additional zones for  170
        planning deployment of  171, 172, 172
    zone replication  165-68, 166, 167
        choosing method of  171
        requirements for Active Directory  168-69
    zones, zone database files, and resource records  163, 164
documents
    business environment analysis  49
    technical environment analysis  70-71
domain controllers. See also global catalog servers; operations master roles
    assigning infrastructure master role to  270
    choosing upgrade strategy for  298
    deciding number and location of global catalog servers and  275-77
    effect of multiple domains on  127
    functions of  11-12
    as global catalog servers  15, 268
    placing in sites  243-50
        about  243-44, 248
        assessing needs  245
        deciding number needed  247
        determining location  245-46
        example of  247, 248
        naming domain controllers and computers  244, 244
        scenario for  249-50, 250
    planning operations master roles by domain  269-70
    replication  18
        actions triggering  252
        pre-Windows 2000,  20
    running mixed and native domain modes,   290-91
domain GPOs  23
domain hierarchies  141-49
    about  141, 149
    arranging subdomain hierarchy  147
    assessing needs for  145
    cross-link trusts and  144-45, 144, 147
    defining  148, 149, 155-60, 156, 157, 159, 160
    designating tree root domains  146, 147
    determining number of domain trees  146
    effect of multiple trees in  146
    parent-child trusts  141-43, 142, 143
    structure of  27-28, 27
domain local groups  208, 209, 213-14
domain names  150-60, 156, 157, 159, 160. See also domains
    about  150, 154, 159
    assessing needs for  151
    of child domains  8-9, 27-28
    choosing  151-53
    defining  155-60, 156, 157, 159, 160
    example of  153, 154
    fully qualified  30
    registering  152-53
    RFCs on DNS and  26
Domain Name System. See DNS
domain naming context  252
domain naming master  265, 270
domain restructure  288-89, 288, 299-301
    about  288-89, 288
    designing pristine forest  300
    establishing timeline for  300
    identifying trust relationships for resource domains  301
    mapping groups and users to be migrated  301
domains  119-79. See also domain restructure; domain upgrades
    about  121
    analyzing
        Exchange Server domain structure and site topology  315
        Windows NT domain architecture  82, 82
    assigning PDC emulator roles to  270
    as boundary for security  7
    characteristics of  6-7
    as component of Active Directory  5, 6
    creating plan for  45, 174-78, 176, 177
    defining  128-30, 128, 130
        activity for  155-60, 156, 157, 159, 160
        assessing domain needs  123-24
        based on geographical structure  122
        deciding number per forest  124
        meeting administrative requirements for  125
        minimum number of  122-23
        multiple  124-25, 127
        to optimize replication traffic  126
        scenarios for  131-34, 132, 134
        security requirements and policies for  125
    domain hierarchies  141-49
        about  141, 149
        arranging subdomain hierarchy  147
        assessing needs for  145
        cross-link trusts  144-45, 144, 147
        defining  148, 149
        designating tree root domains  146, 147
        determining number of domain trees  146
        implications of multiple trees in  146
        parent-child trusts  141-43, 142, 143
    forest root  135-40
        about  135, 140
        assessing needs for  136
        choosing  136-38
        defining  138, 139, 139, 140
    illustrated, 6
    mapping Exchange Server sites and containers to Active Directory  315
    migrating resource  289-90
    moving within multiple forests  94
    naming  150-60
        about domain names  154, 159
        activity for  155-60, 156, 157, 159, 160
        assessing needs for domain names  151
        choosing domain names  151-53
        example of  153, 154
        registering domain names  152-53
    operations master roles for  266-67, 267
    placing domain controllers in  245-47
    planning DNS server deployment  161-73
        about DNS servers  161-62, 162-63, 164, 172-73
        assessing DNS server environment  169
        DNS server requirements for Active Directory zone replication  168-69
        placing DNS servers  170-71
        zone replication  165-68, 166, 167
    planning operations master role assignments by  269-70
    relationship of sites and, 238
    retaining Windows NT  126-27
    review questions  179
    root  28
    second-level  29-30, 29
    top-level  28-29
    trust relationships  21-22, 22
    Windows 2000 vs. DNS  28
Domain Admins group
    implications of multiple domains on  127
    logging on to network when global catalog not available  13
    setting special requirements for  125
domain trees. See forests; trees
domain upgrades  296-99
    about  286-87, 287
    determining order for upgrading domains,   297-98
    making recovery plan  297
    strategy for upgrading domain controllers  298
    switching to native mode  298-99
DS-RPC (Directory Service Remote Procedure Call),  254, 259

E
Exchange 2000 Server  310
Exchange Server 5.5. See Microsoft Exchange Server 5.5
explicit one-way nontransitive trust  21-22, 22, 94, 95

F
fault tolerance
    ensuring with site link configuration  254
    role of domain controllers in  12
File Migration Utility  312-13
files
    NTDS.DIT  100
    root domains for zone  30-31
    zone database  163, 164
firewalls  255
forest model  96-99, 97, 113-14
forest root domain
    about  135, 140
    assessing needs for  136
    choosing  136-38
        defining  138
        designating dedicated domain as  137-38
        existing domain as  137
    defining  138, 139, 139, 140
    reasons for designating existing domain as  137
    tree root domain as  146, 147
forests. See also operations master roles; schema
    about  91-92
    characteristics of  9-10
    as component of Active Directory  5, 6
    deciding number of domains for each  124
    designing schema modification plan  100-112
        assessing schema needs  107
        automatic schema modification  109
        creating schema modification policy  105-7, 106-7
        example of  111-12
        implications of modifying schema  110
        reasons to modify schema  108-9
        steps in  110
        types of schema modifications  108
        understanding schema  100-105
    determining number of domain trees  146
    illustrated, 6
    operations master roles  265-66
        assigning schema master and domain naming master roles  270
        planning for forest growth  271
    planning  45, 89-117
        assessing organization's forest needs  92-93
        designing forest model  96-99, 97, 113-14
        determining number of  93-96, 95
        exercise designing schema modification plan  114-15
        overview  97
    pristine  288, 300
    review questions  116-17
FQDN (fully qualified domain name)
    defined  30
    for domain controllers and computers  244, 244
full control for OU  194-95, 198, 199
full zone transfer  166-67, 167

G
geographical structure of domains  122
global catalog  12-15, 15. See also global catalog servers
    about  12-13, 92
    query process for  14-15, 15
    replication of  18
    role of  12-15, 15
    schema extensions in  18
global catalog servers  264-74. See also site topology plan
    about  264-65, 273-74
    defined  13
    placing
        example of  271-72, 273
        locating domain controllers and designating as server  268
        steps in  269
    using Active Directory Sizer  268-69, 275-77
global groups  207, 209, 213-14
globally unique identifier (GUID),  33-34
GPOs (group policy objects)
    applying policy to  23-25, 24
    linking to OUs  188
group policies  23-25, 24
    about  23, 188
    administering  188-92, 189, 192
        exceptions to default processing order, 190-91, 192
        inheritance  190
        overview  188
        processing order for settings  189, 189
    applying settings for  23-25, 24
    Block Policy Inheritance  25, 191, 192
    implications of multiple domains on access control and  127
    Loopback  25, 191
    No Override  24, 190-91, 192
    structuring OUs to administer  188-92, 189, 192, 197-98, 201, 202
group policy objects. See GPOs
groups  205-27. See also group policies
    about users and  205-9, 209
    activity defining structure and  228-32
    administering policies for  188-92, 189, 192
    defined  206
    exercise defining  230, 231-32
    group scopes  207-8
        membership rules for  209
    guidelines for defining OU structures  192-93
    mapping those to be migrated in domain restructure  301
    naming and defining  212-15
        assessing naming conventions and OU structure  212
        defining global and domain local groups  213-14
        determining group naming convention  212, 213
        examples of  219, 220, 221, 221
        steps for  215
        universal groups  214
    nesting  208
    scenario for planning  227
    structure diagram of sample  217, 217
    structuring OUs to administer policies  188-92, 189, 192, 197-98, 201, 202
    types of  207
    universal security  208, 209
group scopes  207-8, 209
GUID (globally unique identifier),  33-34
guidelines for defining OU structures  192-93

H
hardware and software worksheet  74-75, 76-77
hiding objects with OU structures  188, 195-96, 200, 201
hierarchy models delegating OU administration  185-87, 185, 186, 187, 188
host names  30
"How to Migrate Your Windows NT 4.0 Directory Services to Windows 2000 Active Directory," 293

I
implementing Active Directory plan  283-329
    migrating from Windows NT to Active Directory  285-308
        about migration to Active Directory  285-86, 286, 308
        Active Directory Migration Tool  291-93
        assessing migration goals  294
        consolidating resource domains into OUs  301-2
        determining migration method  295
        domain restructuring  288-89, 288, 299-301
        domain upgrades  286-87, 287, 296-99
        lab exercise  326-28
        migrating resource domains  289-90
        minimizing production environment problems  290
        mixed and native domain modes for Windows 2000,  290-91
        with multimaster domain model  306-7, 307
        with multiple trust domain model  307-8, 307
        planning steps for  294
        with single domain model  302-3, 303
        with single master domain model  303-5, 304, 305
    review questions  329
    synchronizing directory services with Active Directory  309-25
        about directory service synchronization,   309-10, 325
        with Exchange Server 5.5, 310-11, 314-18, 322-24, 324
        with LDAP-compliant directory services  313-14
        with Novell NetWare Bindery or NDS,   311-13, 319-22, 324-25
implicit two-way transitive trust  21, 22, 142
incremental zone transfer  166-67
information flow worksheet  57, 57-59
information technology management organization worksheet  66-67, 68-69, 92
infrastructure. See designing Active Directory infrastructure; implementing Active Directory plan
infrastructure designers  39-40
infrastructure master role
    about  266
    assigning to domain controller  270
inheritance
    administering  190
    blocking  25, 191, 192
    defining OUs to administer  184-85, 184
    for user class object attributes  103, 103
Inman,  Darron  120
in-place upgrades  126-27
Internet standard characters  151-52
Inter-Site Messaging-Simple Mail Transport Protocol (ISM-SMTP),  254
intersite replication
    about  20, 20
    intrasite vs., 252-54, 253
    process of  257-58, 258
interviewing skills  40
intrasite replication
    about  19, 19
    intersite vs., 252-54, 253
invalid characters
    for groups  213
    for user accounts  210
IP address resolution  161
ISM-SMTP (Inter-Site Messaging-Simple Mail Transport Protocol),  254
ISO (International Standards Organization) country codes  153
IT management organization Worksheet  66-67, 68-69, 92

K
KCC (Knowledge Consistency Checker),  19
    creating connection objects between domain controllers  253
    designating bridgehead servers  256-57
    designating domain controllers for configured site links  256
    determining replication paths between sites  254
Kerberos policy  125
Knowledge Consistency Checker. See KCC

L
lab exercise
    for analyzing business environment  84-85, 86-87
    to create forest model  113-14
    creating site topology plan  278-80
    defining groups  230, 231-32
    for defining OU structures  228-30
    designing schema modification plan  114-15
    for migrating from Windows NT 4 to Active Directory  326-28
    for modifying schema  114-15
LANs,  defining sites for  239, 240
LDAP-compliant directory services  313-14. See also synchronizing directory services with Active Directory
local GPOs  23
locations
    choosing
        for domain controllers  245-46
        for Exchange Server ADC  316
        for global catalog servers and domains  275-77
        for operations master roles  269-71
    defining sites reachable with SMTP protocol  239, 242
    optimizing performance with domain controller  245-46
    OU structure based on  185, 185, 187, 188
logging on
    across forests with smart cards  95
    logon names  210, 210-11
    outside user's own forest  96
    with user principal name  92
    when global catalog not available  13
logical structures of Active Directory  5-10, 6
    domains  6-7
    forests  9-10
    organizational units  7-8, 8
    trees  8-9, 9
Loopback group policy setting  25, 191


Next




Top of Page


Last Updated: Friday, July 6, 2001