Active Directory Infrastructure Design Document



Similar documents
SETTING UP ACTIVE DIRECTORY (AD) ON WINDOWS 2008 FOR EROOM

Searching for accepting?

Contents Introduction... 3 Introduction to Active Directory Services... 4 Installing and Configuring Active Directory Services...

Setting Up a Backup Domain Controller

Setting up Active Directory Domain Services

Network System Management. Creating an Active Directory Domain

How to install Small Business Server 2003 in an existing Active

Installing Active Directory on Windows Server 2008 by Daniel Petri - January 8, 2009 Printer Friendly Version

How to Scale out SharePoint Server 2007 from a single server farm to a 3 server farm with Microsoft Network Load Balancing on the Web servers.

Installing Active Directory

Upgrade Guide BES12. Version 12.1

SKV PROPOSAL TO CLT FOR ACTIVE DIRECTORY AND DNS IMPLEMENTATION

istorage Server: High-Availability iscsi SAN for Windows Server 2008 & Hyper-V Clustering

Appendix B Lab Setup Guide

In the Active Directory Domain Services Window, click Active Directory Domain Services.

Installing Exchange and Extending the Active Directory Schema for Cisco Unity 8.x

How to Test Out Backup & Replication 6.5 for Hyper-V

Ajera 7 Installation Guide

WhatsUp Gold v16.3 Installation and Configuration Guide

Implementing Microsoft Windows Server Failover Clustering (WSFC) and SQL Server 2012 AlwaysOn Availability Groups in the AWS Cloud

Active Directory integration with CloudByte ElastiStor

Installing and Configuring a. SQL Server 2012 Failover Cluster

Outline SSS Configuring and Troubleshooting Windows Server 2008 Active Directory

Step By Step Guide: Demonstrate DirectAccess in a Test Lab

R4: Configuring Windows Server 2008 Active Directory

Thinspace deskcloud. Quick Start Guide

SRT210 Lab 01 Active Directory

Use 802.1x EAP-TLS or PEAP-MS-CHAP v2 with Microsoft Windows Server 2003 to Make a Secure Network

istorage Server: High Availability iscsi SAN for Windows Server 2012 Cluster

Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

6425C - Windows Server 2008 R2 Active Directory Domain Services

Networking Best Practices Guide. Version 6.5

GoGrid Implement.com Configuring a SQL Server 2012 AlwaysOn Cluster

Course 6425C: Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

Migrating MSDE to Microsoft SQL 2008 R2 Express

Configuring and Troubleshooting Windows 2008 Active Directory Domain Services

SharePoint Server for Business Intelligence

RSA SecurID Ready Implementation Guide

Trial environment setup. Exchange Server Archiver - 3.0

Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

Reconfiguring VMware vsphere Update Manager

AD RMS Windows Server 2008 to Windows Server 2008 R2 Migration and Upgrade Guide... 2 About this guide... 2

Application Note 116: Gauntlet System High Availability Using Replication

Deploying Windows Streaming Media Servers NLB Cluster and metasan

Diamond II v2.3 Service Pack 4 Installation Manual

MS-6425C - Configuring Windows Server 2008 Active Directory Domain Services

Course 6425C: Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

Installation of MicroSoft Active Directory

MCITP MCITP: Enterprise Administrator on Windows Server 2008 (5 Modules)

How do I install Active Directory on my Windows Server 2003 server?

F-Secure Messaging Security Gateway. Deployment Guide

COMPLETE COMPUTING, INC.

Microsoft. Jump Start. M11: Implementing Active Directory Domain Services

How to Install the Active Directory Domain Services (AD DS) Role in Windows Server 2008 R2 and Promote a Server to a Domain Controller

Installation Notes for Outpost Network Security (ONS) version 3.2

MCSA/MCITP: Enterprise Windows Server 2008 Course 9952; 14 Days, Instructor-led

How to. Install Active Directory. Server 2003

Outline SSS Microsoft Windows Server 2008 Hyper-V Virtualization

BlackBerry Enterprise Service 10. Version: Configuration Guide

Installing and Configuring Windows Server Module Overview 14/05/2013. Lesson 1: Planning Windows Server 2008 Installation.

Faculty Details. : Assistant Professor ( OG. ),Assistant Professor (OG) Course Details. : B. Tech. Batch : : Information Technology

Deploying Personal Virtual Desktops by Using RemoteApp and Desktop Connection Step-by-Step Guide

Metalogix SharePoint Backup. Advanced Installation Guide. Publication Date: August 24, 2015

Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

NE-6425C Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

Backup Exec Private Cloud Services. Planning and Deployment Guide

Creating a Domain Tree

AD RMS Step-by-Step Guide

Clearswift SECURE Exchange Gateway Installation & Setup Guide. Version 1.0

70-412: Configuring Advanced Windows Server 2012 Services

Windows 2003 Server Installation Guide

Course: Configuring and Troubleshooting Windows Server 2008 Active Direct-ory Domain Services

M6425a Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

Windows Domain Network Configuration Guide

How To Install And Configure Windows Server 2003 On A Student Computer

6425C: Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

Introduction. Versions Used Windows Server 2003

Active Directory Restoration

Acronis Backup & Recovery 11.5 Quick Start Guide

Installing and Configuring vcloud Connector

Installing Windows XP Professional

The Windows Server 2003 Environment. Introduction. Computer Roles. Introduction to Administering Accounts and Resources. Lab 2

Course 6425C: Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

Upgrade Guide. CA Application Delivery Analysis 10.1

Virtualizing your Datacenter

Course: WIN310. Student Lab Setup Guide. Summer Microsoft Windows Server 2003 Network Infrastructure (70-291)

GlobalSCAPE DMZ Gateway, v1. User Guide

Step-by-Step Guide to Setup Instant Messaging (IM) Workspace Datasheet

VMware vsphere Data Protection

How To Create An Easybelle History Database On A Microsoft Powerbook (Windows)

VMware Quick Start Guide

AUTOMATED DISASTER RECOVERY SOLUTION USING AZURE SITE RECOVERY FOR FILE SHARES HOSTED ON STORSIMPLE

Operating System Installation Guide

Active Directory Management. Agent Deployment Guide

MOC 5047B: Intro to Installing & Managing Microsoft Exchange Server 2007 SP1

Configuring Global Protect SSL VPN with a user-defined port

Dell Compellent Storage Center

RSA Authentication Manager 7.1 to 8.1 Migration Guide: Upgrading RSA SecurID Appliance 3.0 On Existing Hardware

Setting Up Exchange. In this chapter, you do the following tasks in the order listed:

Transcription:

Active Directory Infrastructure Design Document Written By Sainath KEV Microsoft MVP Directory Services Microsoft Author TechNet Magazine, Microsoft Operations Framework Microsoft Speaker - Singapore Document Information Document Version Active Directory Design Change For Flexi Corp Created by Wednesday, 11 May, 2011 Creation Date Sainath Kev Reviewed by Release Date Management Review Name Title Approved Version Date Commercial in Confidence Page 1 of 10

Important Notice This design document is written based on assumptions which are not related to any organization infrastructure. This document would help Solutions Architects, Technical Architects, Consultants and Analysts, in understanding, evaluating the design of conceptual client. This document doesn t contain information about procurement of hardware and is assumed that organization has the infrastructure in-place. Confidential All information contained within this document is provided in confidence for the sole purpose of evaluating the solution prior implementing in the production environment. Users can copy the data provided in the document and modify accordingly. Copyright The entire contents, design and proprietary information contained in this Proposal is sole and exclusive property of Sainath KEV Table of Contents 1 Introduction SS Technologies identifies the required information to perform the Active Directory Infrastructure change for Flexi Corp. SS Technologies provides Enterprise Consulting Services to Mid-size Enterprise level customers with diverse infrastructures including Health, Pharmaceuticals, Shipping, Mining and Software Industries. SS Technologies also provides Outsourced and Managed Services which assists customers in managing Data-Centers, Cloud based infrastructure along with different Application Tiers. SS Technologies provides world class solutions for proactive monitoring of the Servers, Applications, Databases and Security Appliances. This infrastructure design change offering helps Flexi Corp to restructure the Read Only Domain Controller server and lock down the server as per the request. This offering also provides the methods to monitor the RODC server. Commercial in Confidence Page 2 of 10

SS Technologies has successfully implemented the similar projects in the past, we are confident to deliver Flexi Corp objective of restructuring the Active Directory. SS Technologies looks forward to work closely with Flexi Corp for designing a cost effective solution for this infrastructure change. For further communication please do call at the below number or email us at the below mentioned address. < Director s Name> <Title> <Hand Phone number> <Email address> Commercial in Confidence Page 3 of 10

1.0 Understanding Flexi Corp Requirements SS Technologies understands that Flexi Corp currently has 2 sites configured with single Active Directory forest with Root Domain in Primary Site and Additional Domain in Disaster Recovery Site. As part of the requirement, Flexi Corp has the requirement to setup a Domain Controller at their Disaster Recovery site and test the failover process. SS Technologies would be providing the following services: 1. Planning and Design of Disaster Recovery site 2. Install and configure Active Directory Additional Domain Controller 3. Configure the users to authenticate against Additional Domain Controller 4. Rolling back the users to authenticate against Primary Domain Controller. All servers, network devices and circuits will be owned by Flexi Corp and managed by Flexi Corp. We will provide Consulting service to design and setup the infrastructure based on Flexi Corp production environment in Malaysia. The design includes healthy Active Directory replication between Primary and Disaster Recovery sites. 2.0 Solutions Overview SS Technologies provides Active Directory design solution for configuring Additional Domain Controller at the Disaster Recovery site. The solution implements, configures and test the availability of the services during the shutdown of the primary site. SS Technologies involves best pool of talent to implement the changes. 3.0 Solutions Diagram The solution diagram below defines the proposed disaster recovery site which will be used to implement Additional Domain Controller. Commercial in Confidence Page 4 of 10

Internet Internet Router Router switch Switch Gateway Router 2 Router 2 Gateway SQL Server SharePoint Server Domain Controller Exchange Server Application Server Additional Domain Controller File Server Data center 1 Data center 2 4.0 Scope Of Work SS Technologies provides the following services to Flexi Corp IT Infrastructure. 4.1.1 Server Management a) Operating System Installation: SS Technologies will install and configure Operating System on Flexi Corp server hardware and perform the OS Patch installation on the server b) Network Configuration: SS Technologies will configure the IP-Address and relevant subnet on the Windows Server 2008 based on the information provided by Flexi Corp and set the NIC speed accordingly c) Active Directory Installation: SS Technologies will install and configure the Active Directory service on the Windows Server 2008 R2 server and configure the DNS server according to the domain name space. Also configure the replication across the Primary Domain Controller and Additional Domain Controller d) AntiVirus Installation: Commercial in Confidence Page 5 of 10

SS Technologies will install and configure Antivirus on the windows server 2008 R2 Additional domain controller and configure the definition files accordingly e) Firewall configuration: SS Technologies will configure the relevant firewall ports on the Additional domain controller and ensure all the relevant ports are opened for the communication 4.1.2 Testing After configuration of the Additional Domain Controller on Data Center 2, SS Technologies will monitor the server for a week as per the SLA and will fix all the problems related to the server and Active Directory. 4.1.3 Assumptions Flexi Corp to provide the Network infrastructure including the Routers, Switches and Gateways. Flexi Corp to configure the Routers, Switches and Gateways Flexi Corp to provide the Hardware to configure Windows Server 2008 R2 server Flexi Corp to provide the license for the server Any issues pertaining to Network / Infrastructure will be resolved by Flexi Corp. Third party products are managed and supported by Flexi Corp. 5.0 Design Phase 5.0.1 Server Installation and Configuration Following are the checklist for installation of the Operating System at Flexi Corp Data Center 2 site location Make sure the DVD / CD Rom is working Make sure Vendor provide the license key of the Windows Server 2008 R2 OS Make sure Internet Access is available Verify that server can be reachable to Data Center 1 / Primary Domain Controller Make sure to configure Static IPaddress on the domain controller. Commercial in Confidence Page 6 of 10

Once the Operating System is installed following are the below steps needs to be performed. Make sure to activate the Windows Server 2008 R2 license Install and upgrade server with all the latest patches. Configure the server with Primary DNS server pointing at Primary DC and Secondary to itself Make sure the IPconfig / all is appropriate as per the data provided by Flexi Corp Make sure the server is able to ping to Primary domain controller 5.0.2 Active Directory Installation and Configuration Following are the procedure for installing and configuring Active Directory on Flexi Corp Data Center 2 location 1. Open Server Manager. Click Start, point to Administrative Tools, and then click Server Manager. 2. In Roles Summary, click Add Roles. 3. If necessary, review the information on the Before You Begin page, and then click Next. 4. On the Select Server Roles page, click the Active Directory Domain Services check box, and then click Next. 5. If necessary, review the information on the Active Directory Domain Services page, and then click Next. 6. On the Confirm Installation Selections page, click Install. 7. On the Installation Results page, click Close this wizard and launch the Active Directory Domain Services Installation Wizard (dcpromo.exe). 8. On the Welcome to the Active Directory Domain Services Installation Wizard page, click Next. If you want to install from media, identify the source domain controller for AD DS replication, or specify the Password Replication Policy (PRP) for an RODC as part of the installation of the additional domain controller, select Use advanced mode installation. 9. On the Operating System Compatibility page, review the warning about the default security settings for Windows Server 2008 and Windows Server 2008 R2 domain controllers, and then click Next. Commercial in Confidence Page 7 of 10

10. On the Choose a Deployment Configuration page, click Existing forest, click Add a domain controller to an existing domain, and then click Next. 11. On the Network Credentials page, type the name of any existing domain in the forest where you plan to install the additional domain controller. Under Specify the account credentials to use to perform the installation, click My current logged on credentials or click Alternate credentials, and then click Set. In the Windows Security dialog box, provide the user name and password for an account that can install the additional domain controller. To install an additional domain controller, you must be a member of the Enterprise Admins group or the Domain Admins group. When you are finished providing credentials, click Next. 12. On the Select a Domain page, select the domain of the new domain controller, and then click Next. 13. On the Select a Site page, select a site from the list or select the option to install the domain controller in the site that corresponds to its IP address, and then click Next. 14. On the Additional Domain Controller Options page, make the following selections, and then click Next: DNS server: This option is selected by default so that your domain controller can function as a Domain Name System (DNS) server. If you do not want the domain controller to be a DNS server, clear this option. If the DNS server role is not installed on the Primary Domain Controller (PDC) emulator in the forest root domain, then the option to install DNS server on an additional domain controller is not available. As a workaround in this situation, you can install the DNS server role before or after the AD DS installation. Global Catalog: This option is selected by default. It adds the global catalog, read-only directory partitions to the domain controller, and it enables global catalog search functionality. Read-only domain controller. This option is not selected by default. It makes the additional domain controller read only; that is, it makes the domain controller an RODC. If you do not have static IPv4 and IPv6 addresses assigned to your network adapters, a warning message might appear advising you to set static addresses for both of Commercial in Confidence Page 8 of 10

these protocols before you can continue. If you have assigned a static IPv4 address to your network adapter and your organization does not use IPv6, you can ignore this message and click, Yes, the computer will use a dynamically assigned IP address (not recommended). 15. On the Location for Database, Log Files, and SYSVOL page, type or browse to the volume and folder locations for the database file, the directory service log files, and the system volume (SYSVOL) files, and then click Next. Windows Server Backup backs up the directory service by volume. For backup and recovery efficiency, store these files on separate volumes that do not contain applications or other nondirectory files. 16. On the Directory Services Restore Mode Administrator Password page, type and confirm the restore mode password, and then click Next. This password must be used to start AD DS in Directory Service Restore Mode (DSRM) for tasks that must be performed offline. 17. On the Summary page, review your selections. Click Back to change any selections, if necessary. To save the settings that you have selected to an answer file that you can use to automate subsequent AD DS operations, click Export settings. Type the name for your answer file, and then click Save. When you are sure that your selections are accurate, click Next to install AD DS. 18. On the Completing the Active Directory Domain Services Installation Wizard page, click Finish. 19. You can either select the Reboot on completion check box to have the server restart automatically or you can restart the server to complete the AD DS installation when you are prompted to do so. 5.0.3 Client Side Configuration And Settings: For the Disaster Recovery to work, following are the mandatory settings we need to perform on the Client operating systems as well on Server operating systems. On every client operating system ( both Windows XP and Windows 7 ), configure the Primary DNS server as Primary Domain Controller IPaddress and configure the Commercial in Confidence Page 9 of 10

Secondary DNS server IPaddress pointing to Disaster Recovery Additional Domain Controller. Perform the same on all the servers which are requiring Active Directory authentication. Test the connectivity by pinging both the primary domain controller and secondary domain controller ( If ping is disabled, you can try access the servers default shares ( sysvol ) 5.0.4 Server Side Check List Following are the check list need to perform on the Windows Server 2008 R2 servers. Make sure both the servers are replicating, run the require utilities like replmon, repadmin, dcdiag to troubleshoot and debug the problems Make sure you use PortQry utility to check the relevant ports to be opened on both the servers for replication to work The above document combines the Solution Architecting and Design document which will help Customers / Engineers / Architects to use this proposal and Design document for similar requirement. In my next posts I will add more details related to service management and bring different architecture flavor. Commercial in Confidence Page 10 of 10

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information