Introduction
This blueprint focuses on designing a solution for an enterprise-class organization using the Microsoft Active Directory directory service. The sections in this blueprint deal with an entire organization's directory service requirements in order to address the most far-reaching planning issues encountered by service designers. The guidance in this blueprint was used to create the design for our scenarios, which are outlined in the Introduction to Windows Server System Reference Architecture document. A further level of detail is provided in the Introduction to Architecture Blueprints document. On This Page
Who Should Read This BlueprintThis blueprint is written to address the needs of information technology (IT) professionals who are responsible for designing and deploying security and network infrastructure in the enterprise, corporate, or branch office environment. The reader of this blueprint is expected to have an understanding of its technical content; however, service-level expertise is not needed to follow the enterprise-level discussions and understand the decisions that are made. Knowledge PrerequisitesThis blueprint assumes a knowledge level equivalent to an IT professional with at least two years of experience as a Microsoft Certified Systems Engineer (MCSE). Readers who do not meet this prerequisite may also benefit from this guidance, although additional reading might be required to ensure that the relevant terms and processes are understood. For additional information that will help in understanding this guidance, refer to the following resources:
Business NeedOrganizations both large and small face a common issue: how to manage the different kinds of information that they create and use everyday. Of particular importance is the information relating to the organization itself, such as employee names and numbers and how computing resources are allocated and used. In many cases, interrelated information elements are managed and distributed independently. It is not uncommon to find printed telephone directories issued to all staff, security credentials of computer users stored in one location, and the organizational roles of employees stored and managed in another location. As organizations expand, the task of managing such information in a coherent fashion while supporting its distribution and quick retrieval becomes increasingly important and more complex. Because such information is used to support the management of employees and computing resources, the efficiency with which it is managed has a direct impact on the organization’s cost base. For example, as computer systems with their own user directories, authentication, and access control mechanisms are added to a network, the cost of managing the environment increases significantly. Additional IT staff is needed to handle the additional authentication services and there is a greater chance of failure because of interoperability issues. In addition, security is invariably weakened due to the likelihood of users writing down the numerous account and password combinations they require to perform their jobs. It becomes imperative to manage the information relating to employees and their use of computing resources with a single, coherent mechanism, one that possesses the characteristics required for the most efficient management of this information. First, it should be organized and presented as a directory. Second, a common method of querying should be supported, regardless of the type of data being requested. Finally, information with similar characteristics should be managed in a similar manner. The ways in which information is grouped and managed should be determined by the organization concerned, in ways that complement the organization's structures. Implementation of a directory-based mechanism helps reduce the costs of maintaining a computing environment, both by increasing the efficiency of operational management procedures and by reducing the risks that arise from the lack of proper mechanisms. ReferencesFurther information about design and deployment of Active Directory services may be found at the following URLs:
|
Download
Solution Accelerator Notifications Feedback
|
