Introduction to Active Directory Design and Administration
by Jason Zandri
We’re proud to debut our new Learn Active Directory in 15 Minutes a Week series by feature writer Jason Zandri. The series will cover the skills needed to successfully design and implement Active Directory and will also focus on helping you prepare for the Microsoft 70-219 and 70-217 exams.
Welcome to the first installment of Learn Active Directory Design and Administration in 15 Minutes a Week, a weekly series aimed at current IT professionals preparing to write the new Windows Active Directory Design and Administration exams (70-219 and 70-217 respectively), as well as newcomers to the field who are trying to get a solid grasp on this new and emerging directory service from Microsoft.
The idea behind this series is to give an overview (and sometimes detailed view) of the different topics and to assist in learning the material associated with the Microsoft Certified Professional exams 70-217 (Implementing and Administering a Microsoft Windows 2000 Directory Services Infrastructure) and 70-219, (Designing a Microsoft Windows 2000 Directory Services Infrastructure)
I am both a Microsoft Certified Trainer (part-time) and a Web Hosting Systems Administrator (full-time), so I know just how difficult it is to stay on the edge of emerging technology and get some sleep from time to time as well. I am hoping this series of articles will help you to have a healthy balance of both work and play, regardless of the fact that you may well need 36 hours in a day to do so.
When you pass the Implementing and Administering a Microsoft Windows 2000 Directory Services Infrastructure exam, (70-217) you achieve Microsoft Certified Professional status. You also earn credit toward the following certifications:
Core credit toward Microsoft Certified Systems Engineer on Microsoft Windows 2000 certification
When you pass the Designing a Microsoft Windows 2000 Directory Services Infrastructure exam, (70-219) you achieve Microsoft Certified Professional status. You also earn credit toward the following certifications:
Core or elective credit toward Microsoft Certified Systems Engineer on Microsoft Windows 2000 certification
These two exams measure your ability to implement, administer, design and troubleshoot information systems and the infrastructure that incorporates Microsoft Windows Active Directory. This series of articles will touch upon most of the required subject areas of Active Directory itself, as well as its administration, overall design and implementation. In addition to your hands-on experience working with the product, you should consider reviewing other sources of information on Active Directory, such as books from Microsoft Press as well as practice tests offered by Practice Test Providers like Boson Software in order to receive feedback on your level of knowledge and exam-readiness prior to taking the actual certification exams.
Scores on a practice test do not necessarily indicate what your score will be on a certification exam, nor do they show that you will pass your exam at an official test center, but a practice test will give you the opportunity to answer questions that are similar to those on the certification exam and can help you identify your areas of greatest strength and weakness.
While I am not 100% sure of my entire weekly format, I will be trying to put out the articles with some degree of similarity to the skills that are required knowledge for the exam, which are as follows;
Installing and Configuring Active Directory
- Install forests, trees, and domains
- Automate domain controller installation
- Create sites, subnets, site links, and connection objects
- Configure server objects Considerations include site membership and global catalog designation
- Transfer operations master roles
- Verify and troubleshoot Active Directory installation
- Implement an organizational unit (OU) structure
Installing, Configuring, Managing, Monitoring, and Troubleshooting DNS for Active Directory
- Install and configure DNS for Active Directory
- Integrate Active Directory DNS zones with existing DNS infrastructure
- Configure zones for dynamic updates and secure dynamic updates
- Create and configure DNS records
- Manage, monitor, and troubleshoot DNS
Configuring, Managing, Monitoring, Optimizing, and Troubleshooting Change and Configuration Management
- Implement and troubleshoot Group Policy
- Create and modify a Group Policy object (GPO)
- Link to an existing GPO
- Delegate administrative control of Group Policy
- Configure Group Policy options
- Filter Group Policy settings by using security groups
- Modify Group Policy prioritization
- Manage and troubleshoot user environments by using Group Policy
- Install, configure, manage, and troubleshoot software by using Group Policy
- Manage network configuration by using Group Policy
- Configure Active Directory to support Remote Installation Services (RIS)
- Configure RIS options to support remote installations
- Configure RIS security
Managing, Monitoring, and Optimizing the Components of Active Directory
- Manage Active Directory objects
- Move Active Directory objects
- Publish resources in Active Directory
- Locate objects in Active Directory
- Create and manage objects manually or by using scripting
- Control access to Active Directory objects
- Delegate administrative control of objects in Active Directory
- Monitor, optimize, and troubleshoot Active Directory performance and replication
- Back up and restore Active Directory
- Perform an authoritative and a nonauthoritative restore of Active Directory
- Recover from a system failure
- Seize operations master roles
Configuring, Managing, Monitoring, and Troubleshooting Security in a Directory Services Infrastructure
- Apply security policies by using Group Policy
- Create, analyze, and modify security configurations by using the Security Configuration and Analysis snap-in and the Security Templates snap-in
- Implement an audit policy
- Monitor and analyze security events
Analyzing Business Requirements
- Analyze the existing and planned business models
- Analyze the company model and the geographical scope Models include international, national, regional, branch, and subsidiary offices
- Analyze company processes Processes include information flow, communication flow, service and product life cycles, and decision-making
- Analyze the existing and planned organizational structures Considerations include the management model; company organization; vendor, partner, and customer relationships; and acquisition plans
- Analyze factors that influence company strategies
- Identify company priorities
- Identify the projected growth and growth strategy
- Identify relevant laws and regulations
- Identify the company’s tolerance for risk
- Identify the total cost of operations
- Analyze the structure of IT management Considerations include the type of administration, such as centralized or decentralized; funding model; outsourcing; decision-making process; and change-management process
Analyzing Technical Requirements
- Evaluate the company’s existing and planned technical environment
- Analyze company size and the distribution of users and resources
- Assess the available connectivity between the geographic locations of work sites and remote sites
- Assess the net available bandwidth
- Analyze performance requirements
- Analyze data and system access patterns
- Analyze network roles and responsibilities
- Analyze security considerations
- Analyze the impact of Active Directory on the existing and planned technical environment Considerations include Microsoft Exchange 2000
- Assess existing systems and applications
- Identify existing and planned upgrades and rollouts
- Analyze the technical support structure
- Analyze existing and planned network and systems management
- Analyze the business requirements for client computer desktop management
- Analyze end-user work needs
- Identify technical support needs for end users
- Establish the required client computer environment
Designing a Directory Service Architecture
- Define the scope of the Active Directory design
- Design an Active Directory forest and domain structure
- Design a forest and schema structure
- Design a domain structure
- Analyze and optimize trust relationship requirements
- Design an Active Directory naming strategy
- Plan the WINS NetBIOS name resolution strategy
- Design the namespace
- Plan the DNS strategy
- Design and plan the structure of organizational units Considerations include administrative control, existing domain structures, administrative policy, and geographic and company structure
- Develop an organizational unit delegation plan
- Plan Group Policy object management
- Develop a change in the configuration management plan for client computers
- Plan for the coexistence of Active Directory and other directory services
- Design a schema modification policy
- Design an Active Directory implementation plan
Designing Service Locations
- Design the placement of operations masters Considerations include performance, fault tolerance, functionality, and manageability
- Design the placement of global catalog servers Considerations include performance, fault tolerance, functionality, and manageability
- Design the placement of domain controllers Considerations include performance, fault tolerance, functionality, and manageability
- Design the placement of DNS, WINS, and DHCP servers Considerations include performance, fault tolerance, functionality, manageability, and interoperability
- Design an Active Directory site topology
- Design a replication strategy
- Define site boundaries
Well, that wraps up my introductory article for the series. I hope you found it informative and will return for the next regular weekly installment. If you have any questions, comments or even constructive criticism, please feel free to drop me a note. I want to write good, solid technical articles that appeal to a large range of readers and skill levels and I can only be sure of that through your feedback.
Next week, I plan to write a detailed Introduction to Active Directory column, describing the function of Active Directory and it’s physical and logical structure.
Until then, remember,
“Weak passwords trump strong security.”
For the rest of the series, go here:
Jason Zandri