Active Directory Boundaries - Purpose
Replication Boundaries
Security Boundaries
Active Directory Boundaries - Types
Geographic vs Organizational
Contiguous vs Discontigous namespace
i.e. oldcompany1.newcompany.com and oldcompany2.newcompany.com are 2 contiguous namespaces
Prestaging
forestprep and domainprep
Removal
Removing Domains or Trees
ADMT pruning/grafting
ADMTv3.1
Functional Levels
Viewing
Raising
Interoperability
UPN – User Principal Name
Simplifying Logon
Each userHas a unique down-level logon name
Can have multiple friendly UPN's
Trust Basics
Trusts allow communication between the boundaries of domains and forests
1 way Trust
2 way Trust
Transitive Trusts
Extend permissions across multiple domains
Automatically created as new domain joins a tree or new child is created
Forest Trusts
Forest wide
Selective authentication
External Trusts
Non-Transitive
NT4.0 or Kerebos compatible
Shortcut Trust
Transitive
Speeds up authentication and authorization
Identity
Security Identification (SID) filtering
Create Sites
Balance service delivered to all locations.
Inventory the number of users at each site
Inventory the types of WAN links
Create AD Subnets
Associate subnets with the site location that has the closest DC
Configure Site Links
Site Links = WAN links
Star vs Mesh
Associating Link Costs
Cost = Speed/Availability of WAN
Configure Infrastructure
Manually link Operational Masters with their backup servers
Global Catalog Servers
Deploy Global Catalog servers at each site when possible
Replication
Each domain can have its own replication topology and schedule
Different events have different priorities to trigger replication
DFS
DFS – Distributed File System
Method for synchronizing shared folders
DFS
DFS – Distributed File System
Method for synchronizing shared folders
Conflict and Deleted folder
Good for application distribution or other read-only data
Replication - Automatic
Knowledge Consistency Checker (KCC)
Bridgehead Server
Intersite Topology Generator
Replication - Automatic
Knowledge Consistency Checker (KCC)
Bridgehead Server
Intersite Topology Generator
Scheduling
IP and SMTP protocols
Replication - Manual
Designate a specific bridgehead server
Make a one way replication partnership
Manually force replication after making changes to AD
Global Catalog Server
DC that contains information about other Domains
Promotion
Use the AD snap-in Sites and Services
Partial Attribute Set
Alternate Methods
UGMC – Universal Group Membership Caching
Domain Operations Masters
PDC emulator
Relative ID (RID)
Infrastructure
Forest Operations Masters
Schema Master
Domain Naming
Operations Master
Seize vs Transfer
Backup
Placement
Schema Master
Schema can be extended with various tools
Placement should be on a Global Catalog
Time Service is important for successful upgrades