Active Directory: Growing with your business
Deb Shinder
Published: 13 Mar 2006 13:00 GMT
Designing a directory services infrastructure for your Windows network can seem like an overwhelming task. If your business is small, it may seem logical to go with the simplest design possible, but if there's anything more time consuming and complex than developing a brand new Active Directory design, it's trying to redesign an existing infrastructure that wasn't developed with growth in mind.
The good news is that a well-planned directory infrastructure can easily grow as your business does, even accommodating acquisitions and mergers, without ever having to tear it down and start over. That's why it's important to take the time to learn best design practices and build scalability into your directory infrastructure from the beginning.
Active Directory: Born to scale
The Active Directory is a hierarchical database that contains all of the important information about users, and computer and other network resources. Its structure allows you to locate, manage, and apply security mechanisms and other policies to selected objects in a centralised manner. Active Directory is based on LDAP and ISO/ITU X.500 standards, making it easier to interoperate with, and migrate information to and from, other LDAP-compliant directory services.
As your organisation grows, you may need to develop your own proprietary software applications. Using the ADSI API, your programmers can create software that works with Active Directory and other LDAP-compliant directories. You can also use DSML to create an environment where XML-based applications can work with the Active Directory and use its information.
Active Directory structural components
If you're creating your Active Directory infrastructure from scratch, you have the opportunity to maximise scalability and flexibility. There are two components involved in planning your directory structure:
- Logical structure
- Physical structure
The logical structure consists of objects (files, folders, computers, users, printers, etc.) that are organised within containers (objects in which you can place other objects, including organisational units, domains, domain trees, and forests). The physical structure consists of sites, which are groups of computers or IP subnets that are connected via a high speed link. Sites contain computers.
The logical and physical structures don't necessarily correspond. One domain can span multiple sites and one site can contain more than one domain. It's important to note that you can apply group policy objects based on either logical or physical structure. That is, you can apply a policy to a logical unit such as a domain or organisational unite, or to a physical unit (a site).
Designing for scalability
An important consideration in designing a scalable directory structure is the namespace. Every directory object has a unique name, and Active Directory uses standard naming conventions to describe and locate objects within the directory. Active Directory uses DNS to resolve names. This is the same system used on the...
For more, click here...
Previous
Did you find this article useful?
42 out of 84 people found this useful
- Share this article:
