Module 12: Implementing an Active Directory® Domain Services

Infrastructure

Module Overview

• Overview of the AD DS Domain

• Planning a Group Policy Strategy

Lesson 1: Overview of the AD DS Domain

• Overview of the Current AD DS Domain Design

• Overview of the Required AD DS Domain Design

• Overview of the AD DS Site Design

Overview of the Current AD DS Domain Design

Forest Root Domain

Asia.WoodgroveBank.comEMEA.WoodgroveBank.com

WoodgroveBank.com

Overview of the Required AD DS Domain Design

Contoso.com

Separate Tree

Contoso.com will join the WoodgroveBank forest in a separate tree

Forest Root Domain

Asia.WoodgroveBank.com

WoodgroveBank.com

EMEA.WoodgroveBank.com

Overview of the AD DS Site DesignLondon_Site

NYC-Branch-Office

Miami_Site

Tokyo_Site

New Site

Contoso

New Site

NYC-Head-Office

Two new sites will be created

•Contoso site

•NYC-Branch-Office site

Lesson 2: Planning a Group Policy Strategy

• Overview of Domain Controller Deployment

• Overview of Forest Trust Relationship

• Overview of the AD DS Group Policy Object Design

Overview of Domain Controller Deployment

London_Site

RODC

RODCNYC-DC3

NYC-Branch-Office

Miami_Site

Tokyo_Site

New

Contoso

New

NYC_Site

ContosoDC

Lab A: Deploying Active Directory Domain Services

• Exercise 1: Installing a Read-only Domain Controller (RODC) onto Server Core, and Creating a Branch Office Site

• Exercise 2: Creating a Domain in a Separate Tree and Separate Site

Logon information

Virtual machine NYC-DC1, NYC-DC1, NYC-DC3, NYC-SRV1

User name Administrator

Password Pa$$w0rd

Estimated time: 120 minutes

Lab A: Review

• How do sites control logon traffic?

• What is the advantage of having separate trees in the forest for Woodgrove Bank?

Overview of Forest Trust Relationship

Forest Root Domain

Asia.WoodgroveBank.com

WoodgroveBank.com

EMEA.WoodgroveBank.com

Fabrikam.com

Forest Root Domain

Contoso.com

Forest TrustSeparate Tree

The Fabrikam.com forest will have a forest trust relationship with the WoodgroveBank forest

Lab B: Configuring Forest Trust Relationships

• Exercise: Upgrading the Fabrikam Domain, and Creating a Forest Trust with Woodgrove Bank

Logon information

Virtual machine NYC-DC1, VAN-DC1, NYC-SRV1, NYC-RAS

User name Administrator

Password Pa$$w0rd

Estimated time: 60 minutes

Lab B Review

• What tasks must be performed before a Windows Server 2008 can be added to a Windows 2003 domain as a member server?

• What tasks must be performed before a Windows Server 2008 can be added to a Windows 2003 domain as a domain controller?

Overview of the AD DS Group Policy Object Design

ITAdmins

WoodgroveBank.com

ExecutivesTorontoNYCMiami

BranchManagers BranchManagers BranchManagers

Investments Workstations

CustomerService Computers

Users

CustomerService CustomerService

Marketing

Workstations

Investments

Marketing

Workstations

Lab C: Designing a Group Policy Strategy

• Exercise 1: Planning Group Policy

• Exercise 2: Implementing the Corporate Desktop Policy

Logon information

Virtual machine NYC-DC1

User name Administrator

Password Pa$$w0rd

Estimated time: 30 minutes

Lab C: Review

• How would you ensure that a policy will always be applied?

• How would you exempt certain users or computers from being affected by a GPO?

Module Review and Takeaways

• Considerations

Course Evaluation