- All Best Essays, Term Papers and Book Report

Active Directory Domain Namespace Design

Essay by   •  July 17, 2011  •  Essay  •  505 Words (3 Pages)  •  2,209 Views

Essay Preview: Active Directory Domain Namespace Design

Report this essay
Page 1 of 3

Active Directory Domain Namespace Design

Namespace design is a critical component of AD design. The AD forest structure is a key component to providing stable, scalable and reliable functions for directory services. Generally, all business units in the enterprise are placed within the same AD forest. While there are considerations which warrant the creation of multiple Active Directory forest, it is prudent to design the infrastructure so that it can accommodate the entire organization. Once the AD domain is implemented, it can never be removed or renamed. Doing so effectively destroys the AD domain forest and requires a complete rebuild. It will always be the foundation on which the entire directory services are rebuilt. In addition, all objects within the same AD forest share a common schema, or database, of objects and attributes.

The first Active Directory domain created becomes the root domain for the forest. Every subsequent domain created within that forest becomes a "child" to the root domain.

The recommendation of the design during our meeting is that AD forest will be created and named the same as the intended DNS domain: MEDICAL.LAZAR. Furthermore, NRG maintains that standardizing naming and domain membership will allow for simpler location of resources across the place.

There are other factors that indicate such a design for the doctor such a design allows for audit visibility at the top level of the organization to ensure that security practices are in effect. It also allows for the uniform application of security policy such as password length, complexity and expiration. It is important to note that account policy settings are domain wide. In other words, all user accounts will have the same settings for password length, expiration, history, lockout time etc. If a subset of user accounts requires different settings, that requirement can only be accommodated by a separate Active Directory domain. While audit and policy settings can be managed centrally, Active Directory provides the flexibility required so that the administrator can accomplish the tasks that he/she require in order to complete the job.

Another consideration involves administrative privileges in a single forest model. The forest root domain contains a built-in group called Enterprise Administrators. This group is a member of every child domain's admin group by default. The consequence is that the Enterprise Administrators group has the administrative rights to every domain and every object in every domain in the forest. For this reason it is imperative that all business units fully cooperate on all future aspects of the AD design, including (but not limited to) how the entire forest will be administered, and by whom.

In order to manage a single forest across the entire firm, it is important to understand new administrative roles. These roles



Download as:   txt (3.2 Kb)   pdf (59.8 Kb)   docx (9.7 Kb)  
Continue for 2 more pages »
Only available on