Module 8: Implementing the Placement of Domain

Controllers

Overview

Implementing the Global Catalog in Active Directory

Determining the Placement of Domain Controllers in Active Directory

Planning the Placement of Domain Controllers

Lesson: Implementing the Global Catalog in Active Directory

Review of a Global Catalog Server

How to Enable a Global Catalog Server

When to Customize a Global Catalog Server

How to Customize a Global Catalog Server

What Is Universal Group Membership Caching?

Multimedia: The Role of Universal Groups in the Logon Process

How to Enable Universal Group Membership Caching for a Site

Review of a Global Catalog Server

Domain

Domain

DomainDomainDomain

Domain Domain

Global Catalog ServerGlobal Catalog Server

Global CatalogGlobal Catalog

ResultResult

QueryQuery

How to Enable a Global Catalog Server

Your instructor will demonstrate how to enable a global catalog server by using Active Directory Sites and Services

Your instructor will demonstrate how to enable a global catalog server by using Active Directory Sites and Services

When to Customize a Global Catalog Server

firstNamelastNameemail addressaccountExpiresdistinguishedName

firstNamelastNameemail addressaccountExpiresdistinguishedName

Common AttributesCommon Attributes

Global Catalog ServerGlobal Catalog Server

Create additionalattributes

Create additionalattributes

Add only the additional attributes that you query or refer to frequently Add only the additional attributes that you query or refer to frequently

departmentfirstNamelastNameemail addressaccountExpiresdistinguishedName

departmentfirstNamelastNameemail addressaccountExpiresdistinguishedName

Changed AttributesChanged Attributes

How to Customize a Global Catalog Server

Your instructor will demonstrate how to customize a global catalog server by using Active Directory SchemaYour instructor will demonstrate how to customize a global catalog server by using Active Directory Schema

What Is Universal Group Membership Caching?

At first logon, the local domain controller requests

information from the global catalog server

At first logon, the local domain controller requests

information from the global catalog server

After the first logon, the local domain controller uses the cached

copy of the universal group membership

After the first logon, the local domain controller uses the cached

copy of the universal group membership Small Site

Universal GroupsUniversal Groups

Large Site

User’s Cached Universal GroupUser’s Cached

Universal Group

Multimedia: The Role of Universal Groups in the Logon Process

This presentation describes the logon process in three situations:

With the global catalog availableWith the global catalog available

Without the global catalog availableWithout the global catalog available

With universal group membership caching enabled

With universal group membership caching enabled

How to Enable Universal Group Membership Caching for a Site

Your instructor will demonstrate how to enable universal group membership caching by using Active Directory Sites and Services

Your instructor will demonstrate how to enable universal group membership caching by using Active Directory Sites and Services

Practice: Implementing the Global Catalog in Active Directory

In this practice, you will enable a global catalog server

Lesson: Determining the Placement of Domain Controllers in Active Directory

What Is Active Directory Sizer?

Parameters for Active Directory Sizer

How to Use Active Directory Sizer

What Is Active Directory Sizer?

CPU Requirement

CPU Requirement

Network RequirementNetwork Requirement

Hard Disk RequirementHard Disk Requirement

Active Directory SizerActive Directory Sizer

Memory RequirementMemory RequirementNumber of Domain

ControllersNumber of Domain

Controllers

Global Catalog Database SizeGlobal Catalog Database Size

Domain Database SizeDomain Database Size

Number of Global Catalog Servers

Number of Global Catalog Servers

Intersite Replication Bandwidth

Intersite Replication Bandwidth

Active Directory Sizer provides estimates for:Active Directory Sizer provides estimates for:

Parameters for Active Directory Sizer

Users concurrently active during a peak hour Number of groups that a user belongs to Logon rate per second during a peak hour CPU utilization limit Administrative requirements DNS requirements

Users concurrently active during a peak hour Number of groups that a user belongs to Logon rate per second during a peak hour CPU utilization limit Administrative requirements DNS requirements

Example ParametersExample Parameters

AdministratorAdministrator

Active Directory SizerActive Directory Sizer

Output ReportOutput Report

How to Use Active Directory Sizer

Your instructor will demonstrate how to:Your instructor will demonstrate how to:

Use Active Directory Sizer

Examine the output of Active Directory Sizer

Use Active Directory Sizer

Examine the output of Active Directory Sizer

Practice: Determining the Placement of Domain Controllers in Active Directory

In this practice, you will determine the placement of domain controllers by using Active Directory Sizer

Lesson: Planning the Placement of Domain Controllers

Guidelines for Placing Domain Controllers

Guidelines for Placing Global Catalog Servers

Guidelines for Enabling Universal Group Membership Caching

Guidelines for Placing Active Directory Integrated DNS Servers

Guidelines for Placing Domain Controllers

Place a domain controller based on:Number of users

Site-aware applications

Server resources

Place a domain controller based on:Number of users

Site-aware applications

Server resources

Do not place a domain controller that has: Inadequate physical security

Poor computer maintenance

Do not place a domain controller that has: Inadequate physical security

Poor computer maintenance

Determine the number of domain controllers based on: Number of users

Performance characteristics

Determine the number of domain controllers based on: Number of users

Performance characteristics

Guidelines for Placing Global Catalog Servers

Ensure that a global catalog server has enough disk spaceEnsure that a global catalog server has enough disk space

Ensure that a global catalog server can respond to queries immediately Ensure that a global catalog server can respond to queries immediately

Provide enough WAN bandwidthProvide enough WAN bandwidth

Make all domain controllers global catalog serversMake all domain controllers global catalog servers

Provide redundant global catalog servers Provide redundant global catalog servers

Guidelines for Enabling Universal Group Membership Caching

Enable if sites meet specific conditionsEnable if sites meet specific conditions

Consider alternatives firstConsider alternatives first

Do not enable if lost connectivity would affect network resourcesDo not enable if lost connectivity would affect network resources

Guidelines for Placing Active Directory Integrated DNS Servers

Place at least one DNS server in every site Place at least one DNS server in every site

Use an Active Directory integrated DNS that uses an application partitionUse an Active Directory integrated DNS that uses an application partition

Use a local DNS if an Active Directory integrated DNS is in use Use a local DNS if an Active Directory integrated DNS is in use

Configure domain controllers with IP addresses for at least two DNS serversConfigure domain controllers with IP addresses for at least two DNS servers

Multimedia Practice: Placing Domain Controllers

Universal Group CachingUniversal Group Caching

Global Catalog (GC)Global Catalog (GC)

AD integrated DNS (DNS)AD integrated DNS (DNS)

Domain Controller (DC)Domain Controller (DC)

In this practice, you will plan the placement of domain controllers

DCDC

DNSDNS

GCGC

DCDC

DNSDNS

Redmond

Denver Vancouver

T1 128Kbps

Lab A: Implementing the Placement of Domain Controllers

Determining the Placement of Domain Controllers Using Active Directory Sizer

Enabling Universal Group Membership Caching