none
Useful book to design an Active Directory domain from scratch

    Question

  • Dear all,

    I have to plan a new Active Directory domain, and need to create a very detailed low level design. For this, is there any good book on the market, that can be used as a complete checklists of planning items to 100% plan an Active Directory domain? It should contain for example all the tasks needed to plan the following: AD site-links, OU structure, GPO inventory, admin delegation model to OU level etc.

    Is there such book available? I dont need the usual fairy tale about directories, LDAP etc., I only need to focus on designing all the bits and pieces of a working AD domain.

    Any pointer to proven books is greatly appreciated!

    Monday, September 17, 2012 9:35 AM

Answers

  • Dear all,

    I have to plan a new Active Directory domain, and need to create a very detailed low level design. For this, is there any good book on the market, that can be used as a complete checklists of planning items to 100% plan an Active Directory domain? It should contain for example all the tasks needed to plan the following: AD site-links, OU structure, GPO inventory, admin delegation model to OU level etc.

    Is there such book available? I dont need the usual fairy tale about directories, LDAP etc., I only need to focus on designing all the bits and pieces of a working AD domain.

    Any pointer to proven books is greatly appreciated!

    Books are available for the basics & as per my understanding, there are no such book available. But, there are few guides available online or can be read offline. Below link might help you to design.

    Active Directory Design Guide by Microsoft  http://www.microsoft.com/download/en/details.aspx?id=8133

    Infrastructure Planning and Design  http://www.microsoft.com/download/en/details.aspx?id=732

    AD DS Design Guide  http://technet.microsoft.com/en-us/library/cc754678%28WS.10%29.aspx


    Awinish Vishwakarma - MVP

    My Blog: awinish.wordpress.com

    Disclaimer This posting is provided AS-IS with no warranties/guarantees and confers no rights.

    Monday, September 17, 2012 10:08 AM
  • If you don't understand the product (The LDAP Directory Service) how are you going to understand the fairytale.  There is no book that you are looking for only because you want highly specifics and at this point your understanding of AD is limited so it wouldn't be able to hone in on what you understand and how to explain it.

    I would suggest you consider buying an AD book and learn more than just the basics so you can create a robust environment and learn to adjust it as the need arises.  Joe Richards, Robbie Allen, Alistart G Lowe-Norris and Brian Desmond have all collaborated on the a great book called "Active Directory".  I believe if you want to track an answer down this is going to be your best resource.

    http://www.amazon.com/Active-Directory-3rd-Edition-Richards/dp/0596101732

    --
    Paul Bergson
    MVP - Directory Services
    MCITP: Enterprise Administrator
    MCTS, MCT, MCSE, MCSA, Security+, BS CSci
    2008, Vista, 2003, 2000 (Early Achiever), NT4
    http://www.pbbergs.com    Twitter @pbbergs
    http://blogs.dirteam.com/blogs/paulbergson

    Please no e-mails, any questions should be posted in the NewsGroup. This posting is provided "AS IS" with no warranties, and confers no rights.

    Monday, September 17, 2012 12:13 PM
  • Hi,

    To design Active Directory Domain, you should consider for performance, security, manageability, scalability, and many other criteria must be taken into account if the desine is to be successful.

    Decision flow chart

    The Infrastructure Planning and Design Guide for Active Directory Domain Services includes the following thirteen-step process:

    Step 1: Determine the Number of Forests. This step involves determining whether one or multiple forests are required to meet the organization’s objectives.

    Step 2: Determine the Number of Domains. This step involves determining the number of domains that are required to meet the organization’s objectives.

    Step 3: Assign Domain Names. This step involves assigning names to each of the domains.

    Step 4: Select the Forest Root Domain. This step involves selecting the forest root domain.

    Step A1: Design the OU Structure. This step involves defining the OU structure for each domain in the design.

    Step B1: Determine Domain Controller Placement. This step involves decidinge where domain controller resources will be placed for each domain in each forest.

    Step B2: Determine the Number of Domain Controllers. This step addresses how many domain controllers to place in each location for each domain.

    Step B3: Determine Global Catalog Placement. This step involves deciding which domain controllers in the forest will host global catalog services.

    Step B4: Determine Operations Master Role Placement. This step involves deciding the placement of the operations master roles for the forest and each domain.

    Step C1: Create the Site Design. This step involves examining each physical location and deciding whether the location should be a new site within the directory or should be associated to another site.

    Step C2: Create the Site Link Design. This step involves defining links between all sites through the use of one or more site links.

    Step C3: Create the Site Link Bridge Design. This step involves creating the site link bridge design.

    Step D1: Determine Domain Controller Configuration. This step involves determining the disk space, memory, processor, and the network requirements for each domain controller

    For more information please refer to following MS articles:

    Active Directory Domain Services
    http://technet.microsoft.com/en-us/library/cc268216.aspx
    Active Directory Design
    http://technet.microsoft.com/en-us/library/bb742592.aspx
    Determining Your Active Directory Design and Deployment Strategy
    http://technet.microsoft.com/en-us/library/cc755932(v=ws.10).aspx

    Hope this helps!

    TechNet Subscriber Support

    If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.

     


    Lawrence

    TechNet Community Support

    Tuesday, September 18, 2012 6:57 AM
  • Hi,

    MS Library has below articles, that maybe useful for you:

    Active Directory Checklists (Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2)
    http://technet.microsoft.com/en-us/library/cc787858(v=ws.10).aspx

    Checklist: Deploying AD DS in a New Organization (Applies To: Windows Server 2008, Windows Server 2008 R2)
    http://technet.microsoft.com/en-us/library/cc725897(v=ws.10).aspx

    Or you may want to read this book:

    Self-Paced Training Kit (Exam 70-640): Configuring Windows Server 2008 Active Directory (I don’t find the boot link, this is the link of exam 70-640)
    http://www.microsoft.com/learning/en/us/exam.aspx?ID=70-640&locale=en-us

    Hope this helps!

    TechNet Subscriber Support

    If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.


    Lawrence

    TechNet Community Support

    Wednesday, September 19, 2012 6:48 AM

All replies

  • Dear all,

    I have to plan a new Active Directory domain, and need to create a very detailed low level design. For this, is there any good book on the market, that can be used as a complete checklists of planning items to 100% plan an Active Directory domain? It should contain for example all the tasks needed to plan the following: AD site-links, OU structure, GPO inventory, admin delegation model to OU level etc.

    Is there such book available? I dont need the usual fairy tale about directories, LDAP etc., I only need to focus on designing all the bits and pieces of a working AD domain.

    Any pointer to proven books is greatly appreciated!

    Books are available for the basics & as per my understanding, there are no such book available. But, there are few guides available online or can be read offline. Below link might help you to design.

    Active Directory Design Guide by Microsoft  http://www.microsoft.com/download/en/details.aspx?id=8133

    Infrastructure Planning and Design  http://www.microsoft.com/download/en/details.aspx?id=732

    AD DS Design Guide  http://technet.microsoft.com/en-us/library/cc754678%28WS.10%29.aspx


    Awinish Vishwakarma - MVP

    My Blog: awinish.wordpress.com

    Disclaimer This posting is provided AS-IS with no warranties/guarantees and confers no rights.

    Monday, September 17, 2012 10:08 AM
  • If you don't understand the product (The LDAP Directory Service) how are you going to understand the fairytale.  There is no book that you are looking for only because you want highly specifics and at this point your understanding of AD is limited so it wouldn't be able to hone in on what you understand and how to explain it.

    I would suggest you consider buying an AD book and learn more than just the basics so you can create a robust environment and learn to adjust it as the need arises.  Joe Richards, Robbie Allen, Alistart G Lowe-Norris and Brian Desmond have all collaborated on the a great book called "Active Directory".  I believe if you want to track an answer down this is going to be your best resource.

    http://www.amazon.com/Active-Directory-3rd-Edition-Richards/dp/0596101732

    --
    Paul Bergson
    MVP - Directory Services
    MCITP: Enterprise Administrator
    MCTS, MCT, MCSE, MCSA, Security+, BS CSci
    2008, Vista, 2003, 2000 (Early Achiever), NT4
    http://www.pbbergs.com    Twitter @pbbergs
    http://blogs.dirteam.com/blogs/paulbergson

    Please no e-mails, any questions should be posted in the NewsGroup. This posting is provided "AS IS" with no warranties, and confers no rights.

    Monday, September 17, 2012 12:13 PM
  • Hi,

    To design Active Directory Domain, you should consider for performance, security, manageability, scalability, and many other criteria must be taken into account if the desine is to be successful.

    Decision flow chart

    The Infrastructure Planning and Design Guide for Active Directory Domain Services includes the following thirteen-step process:

    Step 1: Determine the Number of Forests. This step involves determining whether one or multiple forests are required to meet the organization’s objectives.

    Step 2: Determine the Number of Domains. This step involves determining the number of domains that are required to meet the organization’s objectives.

    Step 3: Assign Domain Names. This step involves assigning names to each of the domains.

    Step 4: Select the Forest Root Domain. This step involves selecting the forest root domain.

    Step A1: Design the OU Structure. This step involves defining the OU structure for each domain in the design.

    Step B1: Determine Domain Controller Placement. This step involves decidinge where domain controller resources will be placed for each domain in each forest.

    Step B2: Determine the Number of Domain Controllers. This step addresses how many domain controllers to place in each location for each domain.

    Step B3: Determine Global Catalog Placement. This step involves deciding which domain controllers in the forest will host global catalog services.

    Step B4: Determine Operations Master Role Placement. This step involves deciding the placement of the operations master roles for the forest and each domain.

    Step C1: Create the Site Design. This step involves examining each physical location and deciding whether the location should be a new site within the directory or should be associated to another site.

    Step C2: Create the Site Link Design. This step involves defining links between all sites through the use of one or more site links.

    Step C3: Create the Site Link Bridge Design. This step involves creating the site link bridge design.

    Step D1: Determine Domain Controller Configuration. This step involves determining the disk space, memory, processor, and the network requirements for each domain controller

    For more information please refer to following MS articles:

    Active Directory Domain Services
    http://technet.microsoft.com/en-us/library/cc268216.aspx
    Active Directory Design
    http://technet.microsoft.com/en-us/library/bb742592.aspx
    Determining Your Active Directory Design and Deployment Strategy
    http://technet.microsoft.com/en-us/library/cc755932(v=ws.10).aspx

    Hope this helps!

    TechNet Subscriber Support

    If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.

     


    Lawrence

    TechNet Community Support

    Tuesday, September 18, 2012 6:57 AM
  • Hellom

    This depends of your organization requirements and goals.

    Best Practice Active Directory Design for Managing Windows Networks: http://technet.microsoft.com/en-us/library/bb727085.aspx

    Integrating Applications with Windows 2000 and Active Directory: http://technet.microsoft.com/en-us/library/bb727028.aspx

    Implementing Active Directory Delegation of Administration: http://www.windowsecurity.com/articles/Implementing-Active-Directory-Delegation-Administration.html

    As you see, we can provide with recommendations for specific need but you have to provide us with your requirements and goals so that we can help you more.



    This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.   

    Microsoft Student Partner 2010 / 2011
    Microsoft Certified Professional
    Microsoft Certified Systems Administrator: Security
    Microsoft Certified Systems Engineer: Security
    Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows 7, Configuring
    Microsoft Certified Technology Specialist: Designing and Providing Volume Licensing Solutions to Large Organizations
    Microsoft Certified IT Professional: Enterprise Administrator
    Microsoft Certified IT Professional: Server Administrator
    Microsoft Certified Trainer

    Tuesday, September 18, 2012 8:26 AM
  • Thanks for all the inputs, greatly appreciated!

    Basically what I need to accomplish is, to write an  AD design document. What I need to make sure, that I do not skip any essential topics. For example I write a 60 page AD design, and it turns out, I am missing a chapter about admin permission delegation at the OU level. Or for example missing chapter about replication topology. Or missing chapter about GPO inventory. I can continue the list for a long time, I hope you get my point here..

    I would like to avoid any possible missing chapters from my design. The purpose of my topic is to try collect all these chapters. I expected, there is a book about proper design of Active Directory, that includes a template or checklist that guides the reader through all the possible chapters that an AD design should include in general (there may always be customer specific topics, but it the book can cover the general, that is fine).

    If there is no such book on the market, I think it is a huge hole in the documentation, as we have AD basically since 12 years, and such a book should already have been written by one of the members of the AD MVP community.

    Tuesday, September 18, 2012 8:57 AM
  • Thanks for all the inputs, greatly appreciated!

    Basically what I need to accomplish is, to write an  AD design document. What I need to make sure, that I do not skip any essential topics. For example I write a 60 page AD design, and it turns out, I am missing a chapter about admin permission delegation at the OU level. Or for example missing chapter about replication topology. Or missing chapter about GPO inventory. I can continue the list for a long time, I hope you get my point here..

    I would like to avoid any possible missing chapters from my design. The purpose of my topic is to try collect all these chapters. I expected, there is a book about proper design of Active Directory, that includes a template or checklist that guides the reader through all the possible chapters that an AD design should include in general (there may always be customer specific topics, but it the book can cover the general, that is fine).

    If there is no such book on the market, I think it is a huge hole in the documentation, as we have AD basically since 12 years, and such a book should already have been written by one of the members of the AD MVP community.

    I don't think that you will find a such document. As I mentioned, your document depends of your company requirements and goals. Chapters to use should be identified internally.

     

    This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.   

    Microsoft Student Partner 2010 / 2011
    Microsoft Certified Professional
    Microsoft Certified Systems Administrator: Security
    Microsoft Certified Systems Engineer: Security
    Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows 7, Configuring
    Microsoft Certified Technology Specialist: Designing and Providing Volume Licensing Solutions to Large Organizations
    Microsoft Certified IT Professional: Enterprise Administrator
    Microsoft Certified IT Professional: Server Administrator
    Microsoft Certified Trainer

    Tuesday, September 18, 2012 9:03 AM
  • Hi,

    MS Library has below articles, that maybe useful for you:

    Active Directory Checklists (Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2)
    http://technet.microsoft.com/en-us/library/cc787858(v=ws.10).aspx

    Checklist: Deploying AD DS in a New Organization (Applies To: Windows Server 2008, Windows Server 2008 R2)
    http://technet.microsoft.com/en-us/library/cc725897(v=ws.10).aspx

    Or you may want to read this book:

    Self-Paced Training Kit (Exam 70-640): Configuring Windows Server 2008 Active Directory (I don’t find the boot link, this is the link of exam 70-640)
    http://www.microsoft.com/learning/en/us/exam.aspx?ID=70-640&locale=en-us

    Hope this helps!

    TechNet Subscriber Support

    If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.


    Lawrence

    TechNet Community Support

    Wednesday, September 19, 2012 6:48 AM