Active Directory

Best Practice Active Directory Litmus Test

Professionals: Install the Active Directory Feature of Windows Server

Amateurs:  Use Windows Servers Only as Member Servers

Implementing Active Directory

While the uptake of Windows Server 2008 has been brisk, only a minority of administrators are confident of installing the Active Directory feature.  What amateurs do is only install Windows Server 2008/12 as a member server for their SQL database and mail servers.

Best Practice for Installing Active Directory

When you move to Active Directory, there are crucial decisions to make.  By analysing the following factors the best practice will become clear.

1) How will you begin your migration?  Reformat the machines and build from scratch; I have heard this strategy called ‘Wipe and Roll’.  Alternatively, go for an ‘In Place’ upgrade to the new system.  Simple, but no rollback, therefore impractical for big organisations.

2) Understand DNS and choose the best naming system for your new root domain.  DNS with its new SRV records is vital for Active Directory.  So do not even thinkabout promoting a member server to a domain controller until you are anexpert on DNS.

3) Plan how many domains you really need, and how they will be linked?

4) Take advantage of Organizational Units and delegation to manage your users and computers.

5) Develop a vision of your desktops, create that lockdown through Group Policy.

6) Calculate the best distribution of physical sites.  Consider upgrading network connections.

7) Take the time to understand the Windows 2000 Schema as it defines all the objects in Active Directory.

8) Upgrade the desktops first.  The reasons for this tactic are practical rather than logical – users need the benefits of XP Professional quickly.

See much more about Active Directory here.

Guy Recommends:  SolarWinds’ Free Bulk Import ToolFree Download Solarwinds Bulk Import Tool

Import users from a spreadsheet.  Just provide a list of the users with their fields in the top row, and save as .csv file.  Then launch this FREE utility and match your fields with AD’s attributes, click and import the users.

Optionally, you can provide the name of the OU where the new accounts will be born. Download your FREE bulk import tool.

If you need more comprehensive software, download a free trial of SAM (Server & Application Monitor)

FSMO Roles

For most operations Windows 2003 uses the multiple master model.  For example if you have three domain controllers, you can physically create a new user in the NTDS.dit database on any of the three.  Five minutes later, the new user object will be replicated to the other domain controllers. 

Unlike NT 4.0, there are no primary and backup domain controllers in Windows 2003.  However, a few operations are so critical that only one domain controller can carry out that operation.  These operations are called Flexible Single Master Operations (FSMO); creating a new child domain would be one example of a single master operation.

I have to confess a hidden agenda with FSMO.  If I want to instantly know how well someone knows Active Directory, I introduce FSMO into the conversation and watch their reaction.  Professionals will know what FSMO means and its significance, amateurs just frown.

The Five FSMO Roles Are

  1. PDC Emulator – For NT 4.0 BDC’s.  But also for synchronizing time and creating group policies.
  2. RID Master – Each object must have a globally unique number.  The RID master makes sure each domain controller issues unique numbers when you create objects like users.
  3. Infrastructure Master – Responsible for checking Universal group membership in multiple domain forests.
  4. Domain Naming Master – Ensures that each child domain has a unique name.
  5. Schema Master – Operations that involve expanding user properties e.g. Exchange 2000 adds the mailbox property to users.

See much more about Active Directory here »

Download my Jumbo Litmus Test eBook $5.95

Litmus TestsOver 40 of Guy’s litmus tests.  Have fun while you learn about aspects of computing.  Stacks of ideas to check your servers, networks and security.

Your eBook has printer friendly pages and lots more screen shots.


Litmus Tests

Guy’s Litmus test is a concept that you can apply anywhere.  Each test gives you an instant answer to the simple question:-  ‘Are you dealing with a professional, or are they an amateur?   Is this the real deal, or is it a turkey?’   The Litmus Test concept is rather like Best Practice, but it reduces a 27 page report to one sentence. 

Try another of my Litmus tests »

Learn about Windows 8 and Active Directory

Windows 8 New Features   • Windows 8 Remote Desktop   •Windows 8 Install and Boot

Windows 8 Performance  •Windows 8 Overview  •Permissions

Organization Units Litmus Test  • Universal Groups  •Permissions Analyzer