Escolar Documentos
Profissional Documentos
Cultura Documentos
Imp notes: - This Document is prepared on the Basis of RFP requirement and solutions, in each point
the Document is divided into three areas, 1. Role or Service, 2. Current Architecture and Solution
Design.
Contents
Directory Services ......................................................................................................................................... 2
1.
2.
3.
4.
5.
6.
AD Setup ............................................................................................................................................... 5
7.
8.
9.
10.
11.
12.
13.
14.
15.
a)
AD DNS. ........................................................................................................................................... 11
DNS Server features ........................................................................................................................ 11
16.
AD Schema. ..................................................................................................................................... 12
17.
18.
AD DHCP. ......................................................................................................................................... 13
19.
AD OU Structure.............................................................................................................................. 13
20.
21.
22.
__________________________________________________________
Directory Services
1. Overview of Directory Services
A directory service provides the ability to store information about networked devices and services,
and the people who use them, in a central location within a distributed environment. A directory
service also implements the services that make this information available to users, computers, and
applications. Therefore, a directory service is both a directory (the store of this information) and a set
of services that provide the means to securely add, modify, delete, and locate data in the directory
store.
By deploying Windows Server 2012 Active Directory Domain Services (AD DS) in MSTD
environment, MSTD can take the advantage of the centralized, delegated administrative model and
single sign-on (SSO) capability that AD DS provides or MSTD can use the AD DS for the third party
SSO.
MSTD can use Active Directory Domain Services (AD DS) in Windows Server 2012 to simplify
user and resource management while creating scalable, secure, and manageable infrastructures. You
can use AD DS to manage your network infrastructure, including branch office, Microsoft Exchange
Server, and multiple forest environments.
Figure 1 illustrates, the benefits of AD DS and how it acts as the focal point of the Windows
Server 2012 R2 network, demonstrating how it can be used to manage identities and broker
relationships between distributed resources.
a. Improving the Security of the MSTD AD Infrastructure The ability to better defend the AD
infrastructure from exploitation and minimize the risk of information compromise as documented.
b. Global Logon the ability for any authorized MSTD user to logon to any local MSTD network
(Active Directory forest) connected to the intranet or any Internet application which will
authenticating through AD DS of MSTD (Eg:- SSO)
c. Sharing Active Directory Contact Objects across AD Forests The ability for any authorized
MSTD user to look up and find any other MSTD user natively within the desktop Outlook client,
Outlook Web Access, or authorized mobile device (e.g. Microsoft Mobile Application).
d. Sharing AD-Dependent Applications across AD Forests The ability for an authorized MSTD
user in one AD forest to securely access applications or systems located in a different AD forest.
e. Optimize Rapid Reconfiguration/Agility Enhance the ability of Windows networks to respond
to changing mission needs and the ability to quickly reconstitute following a partial network loss or
breach.
f. Optimize Affordability/Efficiency Reduce the overall complexity and cost of operating and
defending MSTD networks by supporting their networks through AD consolidation and
rationalization.
6. AD Setup
a) The AD Services will be setup on the Virtual Instance of windows 2012 Std. Edition, as a
Single forest, single domain model.
PDC
DC Site
ADC1
ADC2
ADC3
DRC Site
8. Domain Name
Active Directory domains can be identified using a DNS name, which can be the same as an
organization's public domain name, a sub-domain or an alternate version (which may end in .local).
While Group Policy can be applied to an entire domain, it is typical to apply policies to sub-groups of
objects known as organizational units (OUs). All object attributes, such as usernames, must be
unique within a single domain and, by extension, an OU.
A) Current Scenario: - Currently MSTD is using the Domain name as Mahavat.gov.in
with XYZ IP Address provided by ISP.
B) Solution Design : MSTD can use the same Domain for the new infrastructure setup this domain system
will also be used to mailing users. But at the time of implementation, the new public
IP need to edit in the register DNS.
MSTD should take a specific down time for the changes of IP address from existing
to new IP address.
A) Current Scenario: - MSTD does not have any site currently so no current replication
tropology is present.
B) Solution Design: - Two Site replication will happen as per the below Map.
15. AD DNS.
Domain Name System (DNS) is a system for naming computers and network services that is
organized into a hierarchy of domains. DNS naming is used in TCP/IP networks, such as the
Internet, to locate computers and services with user-friendly names. When a user enters a DNS
name in an application, DNS services can resolve the name to other information that is
associated with the name, such as an IP address.
For example, most users prefer a friendly name, such as corp.contoso.com, to locate a computer,
such as a mail server or Web server, on a network. A friendly name can be easier to learn and
remember. However, computers communicate over a network by using numeric addresses. To
make the use of network resources easier, name systems such as DNS provide a way to map the
user-friendly name for a computer or service to its numeric address.
The DNS Server role in Windows Server 2012 combines support for standard DNS protocols
with the benefits of integration with Active Directory Domain Services (AD DS) and other
Windows networking and security features, including such advanced capabilities as secure
dynamic update of DNS resource records
16. AD Schema.
Active Directory Schema is a Microsoft Management Console (MMC) snap-in that you can use to view
and manage the Active Directory Domain Services (AD DS) schema.
Current Scenario: - MSTD does not have any Domain.
Solution Design: - By default Schema will be installed with AD Directory Services
enabled, But due to Exchange 2013 in the MSTD infrastructure going to deployed,
Administration team need upgrade the Schema. This Schema will be upgraded at the
time of First Exchange Instance installation with the below help command line.
Setup.exe /PrepareSchema /IAcceptExchangeServerLicenseTerms
18. AD DHCP.
Dynamic Host Configuration Protocol (DHCP) is a client-server technology that allows DHCP servers to
assign, or lease, IP addresses to computers and other devices that are enabled as DHCP clients. When
DHCP servers are deployed on our network, we can automatically provide client computers and other
TCP/IPv4 and IPv6 based network devices with valid IP addresses.
Current Scenario: - MSTD does not have any DHCP configure in any AD.
Solution Design: - AS per the new Infrastructure of PDC and DRC currently there is
no requirement of DHCP Services, But if Changes required by MSTD management,
AD administrator will enabled the DHCP services on PDC and create the Scope as
per network Subnet.
19. AD OU Structure.
After domain planning is complete, an OU structure can be designed. In the best practices OU
model, departments within the domain manage their internal operations, while the domain's IT
staff manages the overall infrastructure. In other words, each department manages its objects in
the directory, while the domain IT staff manages the configuration of the directory service itself.
Best practices for creating an OU design introduces the role of "OU owner." The Active
Directory OU owner is comparable to most Windows 2012 domain administrators. This means
that domain administrators who manage users and resources in a Windows 2012 domain will
manage the same resources in an Active Directory domain, but will be owners of OUs.
Expect to make periodic changes to your OU structure to reflect changes in your administrative
structure and to support policy-based administration. OUs are designed to be easily changed.
OUs are containers within domains that can contain other OUs, users, groups, computers, and
other objects. These OUs and sub-OUs form a hierarchical structure within a domain, and are
primarily used to group objects for management purposes
Current Scenario: - MSTD does not have any OU structure. Below is the eg :- of
one location of MSTD .