Full of I.T.

Kevin Remde's IT Pro WebLog

Best of Q&A from Webcast: Best Practices for Designing the Active Directory Structure

Holding some real power!


Below I’ve pasted an edited and cleaned up copy of the Q&A from the webcast I delivered on March 20th: Best Practices for Designing the Active Directory Structure

BIG thank you to Chris Henley for handling the Q&A on the backend, and who’s work this really represents.


Questions and Answers:

“Will this webcast be available for download at a later time?”

Yes it will, you can go to www.microsoft.com/webcasts

“Is there a good definitive resource for Active Directory Deployments?”

Good Question! I like the Active Directory Deployment Guide located here http://www.microsoft.com/windowsserver2003/technologies/directory/activedirectory/default.mspx

“What about Desktop Deployments?”

I always use the info located on the followign link. http://www.microsoft.com/technet/desktopdeployment/inframan/inframanad.mspx

“Are there any other webcasts that focus on Active Directory?”

There are tons. I would Recommend Michael Murphy’s Active Directory Series as a great resource or Chris Henley‘s Migrating to Active Directory and of course Kevin Remde‘s Administration series. Links to these can be found here: http://www.microsoft.com/events/AdvSearch.mspx?EventsAndWebcastsControlName=As1%3AAdvSrc&As1%3AAdvSrc%3AAudienceID=0&As1%3AAdvSrc%3AProductID=2e759425-9c39-421a-b53c-3f78ca563707&As1%3AAdvSrc%3AEventType=OnDemandWebcast&As1%3AAdvSrc%3ACountryRegionID=en%7CUS%7CUnited+States&StateProvinceID=0&As1%3AAdvSrc%3ATimeframeID=-1&As1%3AAdvSrc%3ASearchFilter=%C2%A0+Go+%C2%A0

“If application requires different schema, would it be better to use ADAM and provision using something like IIFP?”

That is a good possibility. You could also of course run separate Forests.  It really depends on network requirements. It is certainly nice that we have the ADAM option.

“Most of the AD designing concepts applies to ADAM as well?

In theory yes.  However, ADAM generally is used to provide AD access to applications and not to build network hierarchy. See the following http://technet2.microsoft.com/WindowsServer/en/Library/05c4f979-41c0-40d7-8687-2549d214643e1033.mspx

“I’m looking for standard policies to apply on kiosk machines, do we have set of policies can be downloaded from web?”

Start with this interactive GPMC training which illustrates the use of policy on a KIOSK. Then you can begin making your own choices for configuration. http://www.microsoft.com/windowsserver2003/techinfo/training/gpmctraining.mspx

“Will we be able to download this webcast for viewing?”

“Yes, you will be able to access this webcast on demand and have the ability to download in 24 hours at www.microsoft.com/webcasts.

“What Program are you using to get this nice graphics – Sorry for the off the wall question ;)”

It is actually just a PowerPoint presentation.

“Application( Outlook 11) is looking for GC or PDC to open??”

I believe it is looking for a simple domain controller only.

“What if all DCs are also GCs?”

It really depends on the size and the structure of the organization.  

“We want to use DFS at all branch locations. Would you recommend a DC at those locations to limit traffic across the WAN link?”

Interesting question. If you think about it, putting a DC at a branch office would actually increase the total traffic because it would add replication traffic. The traffic reductions would come from authentication traffic. Unfortunately there is no right or wrong answer. Yo need to look at the traffic on your network and then make the decision.

“Always in my segment, a user always have to press retry to open Outlook (DC2 is a in the segment)what U think is wrong??”

It sounds like a rpc issue try the information here. http://support.microsoft.com/default.aspx?scid=kb;en-us;325930

“Hey Kevin – Where are you getting your Circles and Domain graphics?”

We have a content development team that does all of the initial creation for us, so I really don’t know how they perform that graphical magic.