Module 9: Designing an Active Directory Infrastructure iii
All of the scenario and criteria information needed to complete the lab is written
in the role documents. It is the job of the students to share the information that
they have with their group. The students will work together in their groups to
define the vision/scope of the project, assess the risks of the project, and create
the specifications and design of the Active Directory structure that will meet the
needs of the organization described in the scenario.
When students are finished with the lab, discuss the scope and risks sections as
a group. Then have one of the groups present their solution. Show the solution
on the instructor computer. Show the finished drawing stored in the
\\London\solutions
directory as Lab9.vsd.
Module Strategy
Use the following strategy to present this module:
!
Conducting an Organizational Analysis
Explain the importance of performing a careful analysis of an organization
prior to designing an Active Directory structure. Explain the various roles
that comprise a successful project team, and tell students that they will be
assuming these roles in the lab. Define vision, scope, and risk, and relate
how these concepts will help in guiding the preliminary design process.
!
Designing an Active Directory Structure
Review the architectural elements of an Active Directory structure,
including delegation, Group Policy, domain structures, schema, site
topology and naming strategies.
!
Creating a Functional Specification
Explain the features of a functional specification, and emphasize the
importance of a written plan for the project.
Customization Information
This section identifies the lab setup requirements for a module and the
configuration changes that occur on student computers during the labs. This
information is provided to assist you in replicating or customizing Microsoft
Official Curriculum (MOC) courseware.
The lab in this module requires students to use Visio 2000 to document their
designs. Visio 2000 is demonstrated in course 1561B, module 3, Designing
Active Directory to Delegate Administrative Authority. If Visio has not been
previously demonstrated to students, refer to module 3 for instructions on
demonstrating Visio 2000.
Module 9: Designing an Active Directory Infrastructure 1
Overview
!
Conducting an Organizational Analysis
!
Designing an Active Directory Structure
!
Creating a Functional Specification
Designing a Microsoft
®
Windows
®
2000 Active Directory
™
directory service
infrastructure involves planning the logical and physical aspects of the
environment. You will start by gathering information about the current structure
within the organization. Your design should incorporate the architectural
elements of Active Directory to best address the business and administrative
needs of the organization. Then, you will complete the design and ensure that it
is inclusive and flexible enough to support your organization’s needs.
Slide Objective
To provide an overview of
the module topics and
objectives.
Lead-in
In this module, you will learn
about designing a
comprehensive Active
Directory structure based on
the needs of an
organization.
2 Module 9: Designing an Active Directory Infrastructure
#
##
#
Conducting an Organizational Analysis
!
Assembling the Central Planning Team
!
Identifying the Vision and Scope of the Project
!
Performing Risk Management
!
Documenting the Current Physical Network
!
Analyzing Current Business Practices
!
Projecting Growth and Reorganization
To create an Active Directory directory service for an enterprise, you should
first assemble a central planning team. The central planning team will gather
data about the organization’s structure and business locations. This data will
provide key information about how the organization manages people,
information, and resources. At the same time, the central planning team must
also examine the enterprise’s business practices to determine how best to meet
the business needs of an organization.
Slide Objective
To introduce the information
gathering phase of an Active
Directory design.
Lead-in
Before you design Active
Directory, you need to
gather information about the
company’s organizational
and technological structure.
Module 9: Designing an Active Directory Infrastructure 3
Assembling the Central Planning Team
!
The Central Planning Team Will
$
Obtain approval from upper management
$
Identify and consult with all systems
and operations administrators
$
Gather information
about current network
Program
Management
Program
Management
Development
Development
Testing
Testing
Logistics
Management
Logistics
Management
User
Education
User
Education
Product
Management
Product
Management
Communication
The central planning team is responsible for gathering necessary information
about an enterprise, and organizing the information so it can guide the Active
Directory design from conception to implementation. The planning team should
work closely with all aspects of the organization to ensure that the
organization’s needs are being met effectively and efficiently. The planning
team members must also communicate openly with each other to ensure that all
aspects of the organization’s needs are being addressed in the design of Active
Directory.
The central planning team is responsible for the following activities:
!
Obtaining approval from upper management and the authority to represent
the needs of the entire organization.
!
Identifying all systems and operations administrators for the entire
organization so that you can gather information from the people who will be
using the final network. Administrators can provide details about the
network that may be missed in a high-level overview of the network.
!
Gathering information about the organization’s current internal
administrative structures, locations, resources, users, and security policies.
Slide Objective
To describe the purpose of
a central planning team.
Lead-in
The central planning team
will develop the plan to
implement Active Directory
in your organization.
Delivery Tip
Ask a volunteer to describe,
by role, the members of
their own organization that
would be best fit to serve on
the central planning team.
4 Module 9: Designing an Active Directory Infrastructure
Team Roles
There are six general roles on a complete planning team. These roles may be
performed by one or more persons, depending on the size of the organization,
and include:
!
Program Manager. The program manager provides technical support for the
project and secures resources the team needs to complete the project.
!
Product Manager. Product Management articulates a vision for the design.
The product manager identifies requirements of the organization, develops
and maintains the business reasons for initiating the project, and manages
expectations of the organization. Product Management owns the vision
statement.
!
Development Manager. Development builds or implements the design. The
development manager is typically an experienced implementation architect
or developer who is able to understand and appreciate the key issues in all
technical areas of the project. An important aspect of this role is active
participation in creating the functional specification.
!
Testing. Testing ensures all issues are known before the release of the
design. Testing prepares the test plan, test specifications, and test cases.
!
User Education. User Education strives to make the final design as
beneficial and easy to use as possible. User Education develops training
systems, and is also responsible for reducing support costs by making the
product easier to understand and use. User Education participates in the
design as a user advocate.
!
Logistics Management. The Logistics team ensures a smooth distribution,
installation and migration of the product to the operations and support
groups. The logistics manager works with the development manager to
ensure that the necessary data is packaged to facilitate installation and
administration.
Scaling the Team
Depending on the project size, each role may be assigned to a single individual
or to a team of people with a team lead. Alternatively, one person may take
responsibility for more than one role. Because some roles can be combined, use
the following table to determine how roles may be combined, with P for
possible, U for unlikely, and N for no.
Title PRM PM DEV TES UE LM
Product Manager (PRM) N N P P U
Program Manager (PM) N N U U P
Development (DEV) N N N N N
Testing (TES) P U N P P
User Education (UE) P U N P U
Logistics (LM) U P N P U
For more information about team roles, see course 1515, Principles of
Enterprise Architecture, at www.microsoft.com/msf.
Note
Module 9: Designing an Active Directory Infrastructure 5
Identifying the Vision and Scope of the Project
!
Vision
$
Defines clear
direction
!
Scope
$
Encourages
discussion
$
Sets expectations
$
Provides initial
assessment of risk
$
Baselines design and
deployment
Executive Summary
Position
Problem Statement
Vision
Project Scope
Scope
Project User Profiles
Project Assumptions
Project Requirements
Project Success Factors
Project Team Structure
Roles and Responsibilities
Project Schedule
Project Risk Assessment
Document Sign off
Vision/Scope Document
A planning team should define the vision and scope of the project prior to
beginning the design. The vision and scope of the project will help the team to
design an Active Directory structure that fulfills the needs of the enterprise.
Vision
The vision of a project establishes the primary goals. The vision can be used to
inspire the team for the long-term success of the project and also help establish
short-term objectives.
Each organization will have its own business vision. By collecting information
on the vision or goals of the organization and keeping those goals in mind while
creating the project vision, you can ensure that the product aligns with the long-
term vision of the organization.
Scope
The scope defines which features the team must address, and in what priority,
according to the needs of the organization. It establishes a baseline for making
trade-off decisions in terms of resources, features, and schedule. Using scope to
attain the vision in achievable segments allows you more flexibility to adjust
the course of the project should the business vision change.
Slide Objective
To describe the purpose of
the vision/scope document.
Lead-in
The vision/scope document
is a roadmap for the project,
and will identify what the
team will accomplish in the
project.
Key Points
The vision of the project
addresses the ideal
scenarios, while the scope
addresses the actual
parameters of the project.
6 Module 9: Designing an Active Directory Infrastructure
Vision/Scope Document
The vision/scope document broadly describes the project to the organization.
The document clearly defines the business problem or opportunity, the solution,
and the organization or group that benefits from the solution.
Once the vision/scope document is developed, the organization and the
members of the project team have achieved a common understanding and
agreement on:
!
The overall vision of the project.
!
The order in which to address the business requirements.
!
The time frame when the functionality is required.
!
Any risks and assumptions associated with the project.
!
Any business constraints that may affect the project.
!
The level and effort required to complete the planning phase.
For more information about a vision/scope document, see course 1515,
Principles of Enterprise Architecture, at www.microsoft.com/msf.
Note
Module 9: Designing an Active Directory Infrastructure 7
Performing Risk Management
!
Proactive Risk Management
$
Prevents Risk
$
Lessens Impact
!
Risk Document
$
Calculates Probability,
Severity, and Exposure
$
Lists Mitigation and
Contingency Plans
Risk Document
Risk Management
Problem Statement
Risk Assessment Categories
Risk Assessment for
Organization
Risks
Probability
Risk Owner
Risk Mitigation
Contingency Plans & Triggers
Severity
The risk in a project is possible damage resulting from diminished quality of a
solution to increased cost, missed deadlines, or project failure. Risk is inherent
in any project.
Proactive risk management involves identifying risks ahead of time and
minimizing the likelihood that a loss will occur. For example, if the risk is that
users will be unable to log on to the network, you can add additional domain
controllers and global catalog servers available in each site. Risk reduction also
attempts to minimize the impact should loss occur. For example, if the risk is a
corrupted Active Directory database, you can maintain a backup of the
directory information tree.
Risk Assessment Document
Create a risk assessment document to document the initial identification and
analysis of risks. A risk assessment document helps the team create and clarify
mitigation plans for reducing the likelihood of risk. The document also lists a
contingency plan for coping with the results of risk should it occur. The risk
assessment document should contain:
!
Risk statements that list the types of risks that have been identified.
!
Risk probability calculations that estimate the likelihood of a risk occurring.
!
Risk severity calculations that identify the scope of potential damage.
!
Risk exposure calculations that identify the cost of an actual loss.
!
Mitigation plans for reducing the likelihood of a given risk.
!
Contingency plans and triggers for decreasing damage if a problem does
occur.
For more information about a risk assessment document, see course
1515, Principles of Enterprise Architecture, at www.microsoft.com/msf.
Slide Objective
To describe the purpose of
risk management and the
contents of a risk
management document.
Lead-in
Assessing the risk of a
project before you begin will
help you avoid risk and also
deal with risk effectively
should it occur.
Note
8 Module 9: Designing an Active Directory Infrastructure
Documenting the Current Physical Network
Physical locations can be cities, buildings, floors within a building, network
segments, and so on. Identifying details about each location provides the
necessary data to design an Active Directory site structure that meets the needs
of its users. Knowing how and where a company locates itself geographically is
important and addresses the following implementation issues of the Active
Directory structure:
!
Site placement and structure.
!
Domain controller and global catalog server placement.
!
Replication requirements.
To determine pertinent location details you should consider the following:
!
The total number of physical locations, including remote sites, subsidiaries,
and international offices.
!
Where the offices are located geographically. For example, are they located
in cities, counties, states, or countries/regions?
!
The number of buildings in each geographic location and the number of
floors in each building.
!
The business functions performed at each location.
Slide Objective
To describe design
considerations based on the
physical locations of the
organization’s networks.
Lead-in
The geographic distribution
of your network will
influence design decisions
regarding sites, server
locations, and domains
Delivery Tip
Have a volunteer provide
network information about
his or her organization.
Work through questions with
the class, based on the
information. Draw a diagram
of the network layout on a
whiteboard.
Không có nhận xét nào:
Đăng nhận xét