Windows 2000 has been available for more than a year, but many people are still struggling with how to implement the most promising and most complex part of Microsoft Corp.'s new operating system: Active Directory. Windows 2000, Microsoft's first enterprise-ready operating system, uses Active Directory to provide scalable, secure and Lightweight Directory Access Protocol (LDAP) standards-based directory services. Many tools are available to assist administrators and planners in this process, but administrators may wonder where to start.

Designing an Active Directory requires a methodology with a strong focus on your political, business and security requirements. You also need to take into consideration how the big picture evolves as you integrate new applications with a Windows 2000 infrastructure over time. This becomes even more important as the Microsoft software is evolving into the .Net world. We focus here on the 10 most critical steps you'll need to consider during the design of your corporate Active Directory.

Build the project teams

To properly start a Windows 2000 project, it's critical to first understand the reasons for implementing the new infrastructure. One may be to consolidate servers and domains to reduce ownership, administration, maintenance and troubleshooting costs. Another might be to provide an infrastructure for mission-critical applications, such as Microsoft Exchange 2000 Server. You must also understand your current IT environment and administrative model before creating a project plan and project team.

The number and size of each team varies from project to project but groups are generally created for the directory, networking, operations and management, security, migration, client platforms, application deployment and development and system sizing.

Designing Active Directory also requires strong cooperation between different teams in your organization -- teams that had little in common in the past. An Active Directory can't be effectively implemented without good communication between the directory, networking and security groups in your organization.

In an Active Directory design, roles may be inverted creating further tensions. In the past, for example, the Windows NT people owned the data and the Exchange group owned the directory. Now with the Web store in Exchange 2000, the messaging group will own the data and the NT people will own the directory. Furthermore, the NT group now must provide the necessary services for e-business in terms of security, interoperability and availability.

Design the Active Directory schema

The Active Directory schema design defines what Active Directory objects (such as users, groups and servers) will be created. Setting up the schema design is easy if the default Active Directory schema will satisfy the needs of your organization. Your organization may, however, require the storage of special objects or attributes in the Active Directory. This may require the generation of new object identifiers, which define object classes and their attributes. The Active Directory schema design also defines which objects and attributes will be indexed and what will be published in the Active Directory's Global Catalog (GC), the domain controller that acts as a master directory of all domain

• Email
• Print
• Share
  • Slashdot
  • Digg
  • Stumble
  • Reddit
  • Newsvine