Design and Configuration of an AD Infrastructure Prepare a 4-5 page (or longer) paper in APA format that details the recommendations that you would implement if you were planning and designing an Active Directory Infrastructure. The information for this project is based on the previous modules' assignments. For this implementation to be successful, the system administrator must take into consideration factors such as performance, manageability, scalability, and security. The design and configuration must include the following criteria: • What considerations need to be planned for the implementation and placement of a Read Only Domain Controller (RDOC)? How would these be configured and maintained? Ensure that the forest functional level is Windows Server 2003 or higher, so that linked-value replication (LVR) is available. This provides a higher level of replication consistency. The domain functional level must be Windows Server 2003 or higher, so that Kerberos constrained delegation is available. If the forest functional level is Windows Server 2003, the domain functional level of all domains in the forest is Windows Server 2003 or higher. Delegation makes it possible for applications and services to authenticate to a remote resource on behalf of a user. Because it provides powerful capabilities, typically only domain controllers are enabled for delegation. For RODCs, applications and services must be able to delegate, but only constrained delegation is allowed because it prevents the target from impersonating again and making another hop. The user or computer must be cacheable at the RODC for constrained delegation to work. This restriction places limits on how a rogue RODC may be able to abuse cached credentials. • How would you structure your DNS services? The logical structure of Windows Server® 2008 DNS involves DNS namespace partitioning, which extends the DNS domain name hierarchy into multiple subdomains. The physical structure of DNS involves distributing the DNS database using DNS servers to host DNS zones for the subdomains of the DNS domain name hierarchy. Both the DNS Client and Server service applications manage the physical DNS data in the DNS database. The DNS Server service is the component that provides the server implementation of DNS. The settings discussed in this section include: Disabling the use of recursion Round robin use of resource records Subnet prioritization Advanced parameters • Discuss what steps should go into the planning, design, and implementation of Organizational Units? What would be some best practices you would implement in your OU design? The first challenge of the design process is to create a streamlined and effective organization that is aligned with the strategy and desired results of the organization. The second challenge is to get buy-in from the entire organization and implement the new design so that it dramatically and positively changes the way the business operates. Many organizations fail to adapt and adjust their internal infrastructure to the rapidly changing business demands around them because their business processes, structures, and systems act as barriers to efficiency and common-sense decision making. These internal barriers can trap capable people who eventually become cynical and disheartened by their inability to change or influence obvious gaps, inconsistencies, or burdensome constraints within the organization. The design process identifies ineffective work flows, structures, or systems, redesigns them to fit current business needs, and develops plans to implement the new changes, promptly achieving better results throughout the organization. Processes are streamlined, structures are simplified, and systems are improved as people are organized into business units and teams which allow them greater authority and responsibility for their success. There are a number of ways to set up the design process. Senior leadership can sponsor and lead the change process using the conference model, where large numbers of people from a cross-section of the organization participate real-time in analysis, design, and implementation sessions. The advantage of this model is that a significant number of employees, if not the entire organization, can be directly involved in the change process. This builds a strong sense of commitment and ownership to new design decisions and directions. Another advantage to the conference model sessions is that problems can be identified and design and implementation decisions can be made quickly, without drawing out the process over extended periods of time. Using this model we can accomplish short-cycle redesign in a matter of weeks instead of months and years. • What type of planning and considerations would go into the implementation of Group Policy for this organization? What procedures or guidelines would be used for the basis of these policies? How would they be monitored and maintained? Before you can consider to even begin planning a Group Policy implementation in your organization, you have to understand a few important aspects of Group Policy. Microsoft initially introduced group policies in Windows NT to assist administrators in managing the desktop configuration settings of users and computers. Windows Server 2000 included hundreds of Group Policy settings which you could configure. Windows Server 2003 offers all the group policies included with Windows 2000 as well as more group policies, which enable you to use new Windows Server 2003 features. Group Policies can be defined as the groupings of user configuration settings and computer configuration settings which can be linked to container type objects in Active Directory, so that they are applied to users and computers. Group Policy is extremely flexible. It contains options for numerous user and computer configuration settings. This includes options for: Computer startup and shutdown User logon and logoff Registry based policy settings Security settings Scripts Folder Replication Application deployment and management While group policies do after all affect settings in the Registry, the use of Group Policy eliminates the need for administrators to manually change the Registry. A simpler option is to use Group Policy to configure and apply settings. Group Policy settings can be linked to the following: Computers Sites Domains Organizational Units (OUs) By linking a Group Policy Object (GPO) to a site, domain, or Organizational Units (OUs) in Active Directory, you can apply Group Policy settings to the following Active Directory objects: User objects Computer Objects A Group Policy Object (GPO) is the container used to store Group Policy settings in Active Directory. The GPO is then linked to a site, domain or OU, and applied to users or computers within the particular site, domain, or OU. Because a GPO is considered an Active Directory object, you can set permissions on the GPO to control which users or computers can access the Group Policy settings stored within the GPO. As mentioned already, GPOs can be applied to users and computers by linking GPOs to sites, domains, or OUs. Through Group Policy, you can configure the following types of policies: Computer configuration settings: These settings are used to configure policies which affect computers. The user logging on to the computer does not influence whether these settings are applied. Computer configuration settings are applied when the operating system starts. User configuration settings: These settings are used to configure policies which affect users. The computer which the user is logging on to does not influence whether these settings are applied. User configuration settings are applied when a user logs on to the computer. Computer configuration settings and user configuration settings have Software Settings, Windows Settings and Administrative Templates. Group policies have following setting options: Enabled Disabled Not Configured A domain in Active Directory has the following default GPOs: Default Domain GPO, includes security settings which affect each computer belonging to the domain. The Default Domain GPO is linked to the Domain object in Active Directory. Default Domain Controller GPO, includes both security settings and configuration settings which impact domain controllers, and is linked to the Domain Controllers OU in Active Directory. • Detail how you would manage, configure, and maintain Active Directory Management Service on your infrastructure. • • What factors need to be considered for the use of Active Directory Federation Services for a company? How could the use of ADFS be beneficial to the company? • Discuss factors for using digital certificates in your Active Directory design. Include how, when and why these would be implemented. • Describe your strategy for maintaining the Active Directory Database to ensure that a technical failure would not result in lost information or significant downtime. Include how this will be accomplished, when and how often this maintenance is performed, and who would be responsible for monitoring and implementing the database. • Detail the factors that go into the decision for the data that is being replicated, how often that is done, and how to ensure that it is functioning properly. Describe how and when replication should be configured on your AD infrastructure • What plans and strategies need to be considered when implementing security in your AD design? What security measures need to be used with which service? How is this security going to be monitored? Save your assignment as a Microsoft Word document.