Part Number: X05-39393
Course Number: 1561B


Released: 2/00
Delivery Guide
Designing a Microsoft
®

Windows
®
2000 Directory
Services Infrastructure

Information in this document is subject to change without notice. The names of companies,
products, people, characters, and/or data mentioned herein are fictitious and are in no way intended
to represent any real individual, company, product, or event, unless otherwise noted. Complying
with all applicable copyright laws is the responsibility of the user. No part of this document may
be reproduced or transmitted in any form or by any means, electronic or mechanical, for any
purpose, without the express written permission of Microsoft Corporation. If, however, your only
means of access is electronic, permission to print one copy is hereby granted.

Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual
property rights covering subject matter in this document. Except as expressly provided in any
written license agreement from Microsoft, the furnishing of this document does not give you any

license to these patents, trademarks, copyrights, or other intellectual property.

 2000 Microsoft Corporation. All rights reserved.

Microsoft, Windows, Windows NT, Active Directory, BackOffice, PowerPoint, Visual Basic, and
Visual Studio are either registered trademarks or trademarks of Microsoft Corporation in the
U.S.A. and/or other countries.

The names of companies, products, people, characters, and/or data mentioned herein are fictitious
and are in no way intended to represent any real individual, company, product, or event, unless
otherwise noted.

Other product and company names mentioned herein may be the trademarks of their respective
owners.

Project Lead: Andy Sweet (S&T OnSite)
Instructional Designers: Andy Sweet (S&T OnSite), Ravi Acharya (NIIT), Sid Benavente,
Richard Rose, Kathleen Norton
Instructional Design Consultants: Paul Howard, Susan Greenberg
Program Managers: Lorrin Smith-Bates (Volt), Megan Camp (Independent Contractor)
Technical Contributors: Angie Fultz, Lyle Curry, Brian Komar (3947018 Manitoba, Inc.), Jim
Clark (Infotec Commercial Systems), Bill Wade (Excell Data Corporation), David Stern, Steve
Tate, Greg Bulette (Independent Contractor), Kathleen Cole (S&T OnSite)
Graphic Artist: Kirsten Larson (S&T OnSite)
Editing Manager: Lynette Skinner
Editor: Jeffrey Gilbert (Wasser)
Copy Editor: Patti Neff (S&T Consulting)
Online Program Manager: Debbi Conger
Online Publications Manager: Arlo Emerson (Aditi)
Online Support: Eric Brandt (S&T Consulting)

Multimedia Development: Kelly Renner (Entex)
Testing Leads: Sid Benavente, Keith Cotton
Testing Developer: Greg Stemp (S&T OnSite)
Compact Disc and Lab Testing: Testing Testing 123
Production Support: Ed Casper (S&T Consulting)
Manufacturing Manager: Rick Terek (S&T OnSite)
Manufacturing Support: Laura King (S&T OnSite)
Lead Product Manager, Development Services: Bo Galford
Lead Product Managers: Dean Murray, Ken Rosen
Group Product Manager: Robert Stewart


Course Number: 1561B
Part Number: X05-39393
Released: 2/00
Designing a Microsoft® Windows® 2000 Directory Services Infrastructure iii


Contents

Introduction
Course Materials 2
Prerequisites 3
Course Outline 4
Microsoft Official Curriculum 6
Microsoft Certified Professional Program 7
Facilities 9
Module 1: Introduction to Designing a Directory Services Infrastructure
Overview 1
Role of Active Directory in an Enterprise 2

Conducting an Organizational Analysis 3
Architectural Elements of Active Directory 7
Review 15
Module 2: Designing an Active Directory Naming Strategy
Overview 1
Identifying Business Needs 2
DNS and Active Directory 3
Planning Active Directory Domain Names 7
Designing a DNS Naming Strategy for Active Directory 11
Lab A: Designing an Active Directory Naming Strategy 22
Review 31
Module 3: Designing Active Directory to Delegate Administrative
Authority
Overview 1
Identifying Business Needs 2
Characterizing the IT Organization 4
Developing a Strategy for Administrative Design 5
Developing a Strategy for Delegation 15
Lab A: Designing Delegated Administration 24
Review 35
Module 4: Designing a Schema Policy
Overview 1
Identifying Business Needs 2
Schema Fundamentals 3
Implications of Modifying the Schema 9
Planning for Schema Modification 11
Lab A: Modifying the Schema 20
Review 27
iv Designing a Microsoft® Windows® 2000 Directory Services Infrastructure



Module 5: Designing Active Directory to Support Group Policy
Overview 1
Identifying Business Needs 2
Applying Group Policy in Active Directory 4
Planning for Group Policy 10
Lab A: Designing Group Policy and a Supporting Active Directory Structure 21
Review 32
Module 6: Designing an Active Directory Domain
Overview 1
Identifying Business Needs 2
Designing the Initial Active Directory Domain 3
Planning for Security Groups 4
Discussion: Designing Security Groups 9
Planning for OUs 11
Lab A: Designing a Group and Organizational Unit Strategy 15
Review 22
Module 7: Designing a Multiple-Domain Structure
Overview 1
Identifying Business Needs 2
Accessing Resources Between Domains 5
Planning for Multiple-Domain Trees 9
Planning for Multiple-Tree Forests 13
Planning for Multiple Forests 16
Lab A: Designing a Multiple-Domain Structure 19
Review 23
Module 8: Designing an Active Directory Site Topology
Overview 1
Using Sites in Active Directory 2
Assessing the Need for Active Directory Sites 5

Using Site Links in a Network 9
Planning the Inter-Site Replication Topology 14
Planning for Server Placement in Sites 19
Demonstration: Active Directory Sizer 23
Lab A: Planning Sites to Control Active Directory Replication 24
Review 35
Module 9: Designing an Active Directory Infrastructure
Overview 1
Conducting an Organizational Analysis 2
Designing an Active Directory Structure 11
Creating a Functional Specification 20
Lab A: Designing an Active Directory Infrastructure 21
Review 31
Designing a Microsoft® Windows® 2000 Directory Services Infrastructure v


About This Course
This section provides you with a brief description of the course, audience,
suggested prerequisites, and course objectives.
Description
This course provides students with the knowledge and skills necessary to design
a Microsoft
®
Windows
®
2000 directory services infrastructure in an enterprise
environment. After completion of this course, a student will be able to identify
the business and administrative needs of an organization that impact the design
of the Active Directory
™

directory service. The student will be able to describe
key decision points for naming, delegation of authority, domain design, and site
topology design. The student will then be able to translate the business needs of
an organization into an Active Directory design that meets those needs.
Audience
This course is intended for senior support professionals, architects, and
consultants responsible for developing an Active Directory design based on the
business needs of an organization. This course is also appropriate for those who
are on the Microsoft Certified Systems Engineer Windows 2000 track and wish
to acquire the skills necessary to design an Active Directory services
infrastructure.
Student Prerequisites
This course requires that students meet the following prerequisites:
• Course 1560, Updating Support Skills from Microsoft Windows NT 4.0 to
Microsoft Windows 2000, or equivalent knowledge and skills.
OR
• Course 2154, Implementing and Administering Microsoft Windows 2000
Directory Services, or equivalent knowledge and skills.

Course Objectives
At the end of this course, the student will be able to:
!
Describe guidelines for gathering business and administrative information
from an organization and explain how an architect uses that information to
design an Active Directory for an enterprise.
!
Design an Active Directory naming strategy that accommodates the
organizational structure of a business.
!
Develop a plan to secure and delegate administrative authority over Active

Directory objects based on the administrative model of an organization.
!
Identify business needs and scenarios that may require modification of the
Active Directory schema, and plan a policy to govern schema modification.
!
Create an Active Directory design based on administrative Group Policy
requirements defined by business needs.
vi Designing a Microsoft® Windows® 2000 Directory Services Infrastructure


!
Design an Active Directory domain and the organizational unit hierarchy
within the domain.
!
Identify situations where a multiple-domain Active Directory structure may
be necessary to meet the administrative and security needs of an
organization, and then design a structure that meets those needs.
!
Design a site topology for managing Active Directory replication that
fulfills the administrative needs of an organization and that optimizes the
available bandwidth of the physical network.
!
Design an Active Directory structure that combines administrative,
replication, and naming requirements.

Designing a Microsoft® Windows® 2000 Directory Services Infrastructure vii


Course Timing
The following schedule is an estimate of the course timing. Your timing may

vary.
Day 1
Start End Module
9:00 9:30 Introduction
9:30 10:00 Module 1: Introduction to Designing a Directory Services
Infrastructure
10:00 10:15 Break
10:15 11:15 Module 2: Designing an Active Directory Naming Strategy
11:15 12:15 Lab A: Designing an Active Directory Naming Strategy
12:15 1:15 Lunch
1:15 2:30 Module 3: Designing Active Directory to Delegate Administrative
Authority
2:30 3:00 Lab A: Designing Delegated Administration
3:00 3:15 Break
3:15 3:45 Lab A: Designing Delegated Administration (continued)

Day 2
Start End Module
9:00 9:15 Day 1 review
9:15 10:15 Module 4: Designing a Schema Policy
10:15 10:30 Break
10:30 11:00 Lab A: Modifying the Schema
11:00 11:45 Module 5: Designing Active Directory to Support Group Policy
11:45 12:45 Lunch
12:45 2:30 Lab A: Designing Group Policy and a Supporting Active
Directory Structure
2:30 2:45 Break
2:45 3:30 Module 6: Designing an Active Directory Domain
3:30 4:45 Lab A: Designing a Group and Organizational Unit Strategy


viii Designing a Microsoft® Windows® 2000 Directory Services Infrastructure


Day 3
Start End Module
9:00 9:15 Day 2 review
9:15 10:00 Module 7: Designing a Multiple-Domain Structure
10:00 10:30 Lab A: Designing a Multiple-Domain Structure
10:30 10:45 Break
10:45 11:45 Module 8: Designing an Active Directory Site Topology
11:45 12:30 Lab A: Planning Sites to Control Active Directory Replication
12:30 1:30 Lunch
1:30 2:00 Module 9: Designing an Active Directory Infrastructure
2:00 3:30 Lab A: Designing an Active Directory Infrastructure

Designing a Microsoft® Windows® 2000 Directory Services Infrastructure ix


Trainer Materials Compact Disc Contents
The Trainer Materials compact disc contains the following files and folders:
!
Default.htm. This file opens the Trainer Materials Web page.
!
Readme.txt. This file contains a description of the compact disc contents and
setup instructions in ASCII format (non-Microsoft Word document).
!
1561b_sg.doc. This file is the Classroom Setup Guide. It contains a
description of classroom requirements, classroom configuration, and
classroom setup instructions.
!

Errorlog. This folder contains a template that is used to record any errors
and corrections that you find in the course.
!
Fonts. This folder contains fonts that are required to view the Microsoft
PowerPoint
®
presentation and Web-based materials.
!
Mplayer. This folder contains files that are required to install Microsoft
Windows Media Player.
!
Powerpnt. This folder contains the PowerPoint slides that are used in this
course.
!
Pptview. This folder contains the PowerPoint Viewer, which is used to
display the PowerPoint slides.
!
Studntcd. This folder contains the Web page that provides students with
links to resources pertaining to this course, including additional reading,
review and lab answers, lab files, multimedia presentations, and course-
related Web sites.
!
Tprep. This folder contains the Trainer Preparation Presentation, a narrated
slide show that explains the instructional strategy for the course and
presentation tips and caveats. To open the presentation, on the Trainer
Materials Web page, click Trainer Preparation Presentation.

x Designing a Microsoft® Windows® 2000 Directory Services Infrastructure



Student Materials Compact Disc Contents
The Student Materials compact disc contains the following files and folders:
!
Default.htm. This file opens the Student Materials Web page. It provides
students with resources pertaining to this course, including additional
reading, review and lab answers, lab files, multimedia presentations, and
course-related Web sites.
!
Readme.txt. This file contains a description of the compact disc contents and
setup instructions in ASCII format (non-Microsoft Word document).
!
AddRead. This folder contains additional reading pertaining to this course.
If there are no additional reading files, this folder does not appear.
!
Answers. This folder contains answers to the module review questions and
hands-on labs.
!
Appendix. This folder contains appendix files for this course. If there are no
appendix files, this folder does not appear.
!
Fonts. This folder contains fonts that are required to view the PowerPoint
presentation and Web-based materials.
!
Labfiles. This folder contains files that are used in the hands-on labs. These
files may be used to prepare the student computers for the hands-on labs.
!
Media. This folder contains files that are used in multimedia presentations
for this course. If this course does not include any multimedia presentations,
this folder does not appear.
!

Mplayer. This folder contains files that are required to install Microsoft
Windows Media Player.
!
Pptview. This folder contains the PowerPoint Viewer, which is used to
display the PowerPoint presentations that accompany the additional reading.
If there are no PowerPoint presentations, this folder does not appear.
!
Webfiles. This folder contains the files that are required to view the course
Web page. To open the Web page, open Windows Explorer, and in the root
directory of the compact disc, double-click Default.htm.
!
Wordview. This folder contains the Word Viewer that is used to view any
Word document (.doc) files that are included on the compact disc. If no
Word documents are included, this folder does not appear.

Designing a Microsoft® Windows® 2000 Directory Services Infrastructure xi


Document Conventions
The following conventions are used in course materials to distinguish elements
of the text.
Convention Use

#
##
#
Indicates an introductory page. This symbol appears next
to a slide title when additional information on the topic is
covered on the page or pages that follow it.
bold Represents commands, command options, and portions of

syntax that must be typed exactly as shown. It also
indicates commands on menus and buttons, icons, dialog
box titles and options, and icon and menu names.
italic In syntax statements, indicates placeholders for variable
information. Italic is also used for introducing new terms,
for book titles, and for emphasis in the text.
Title Capitals Indicate domain names, user names, computer names,
directory names, folders, and file names, except when
specifically referring to case-sensitive names. Unless
otherwise indicated, you can use lowercase letters when
you type a directory name or file name in a dialog box or
at a command prompt.
ALL CAPITALS
Indicate the names of keys, key sequences, and key
combinations — for example, ALT+SPACEBAR.
monospace
Represents code samples, examples of screen text, or
entries that you type at a command prompt or in
initialization files.
[ ] In syntax statements, enclose optional items. For example,
[filename] in command syntax indicates that you can
choose to type a file name with the command. Type only
the information within the brackets, not the brackets
themselves.
{ } In syntax statements, enclose required items. Type only
the information within the braces, not the braces
themselves.
| In syntax statements, separates an either/or choice.
!
Indicates a procedure with sequential steps.

In syntax statements, specifies that the preceding item may
be repeated.
.
.
.
Represents an omitted portion of a code sample.






THIS PAGE INTENTIONALLY LEFT BLANK