- Domain Design Overview
- Choosing Your Domain Namespace
- New Domain Design Features in Windows .NET Server 2003
- Choosing Your Domain Structure
- Single Domain Model
- Multiple Subdomain Model
- Multiple Trees in a Single Forest Model
- Federated Forests Design Model
- Peer-Root Domain Model
- Placeholder Domain Model
- Special-Purpose Domains
- Renaming an Active Directory Domain
- Summary
- Best Practices
New Domain Design Features in Windows .NET Server 2003
Many administrators have already become accustomed to Active Directory design and are familiar with the basic layout and characteristics of the Active Directory structure in Windows 2000. Windows .NET Server 2003 introduces some dramatic changes to Active Directory, which changes some fundamental components of Active Directory and allows for greater flexibility in domain design. Among these changes are the following:
Domain Rename FunctionThe ability to rename a domain in a Windows .NET forest has opened up a new field of possibilities for the design and potential redesign of Active Directory domain structures. Previously, stern caveats were issued about the inability to rename domains or change the overall structure of an Active Directory forest. With the domain rename functionality present in Windows .NET Server 2003's Active Directory implementation, these limitations are lifted and designers can take heart in the fact that design changes can be made after implementation. Having this ability does not change the fact that it is still wise to plan out your domain design thoroughly, however. Not having to make changes to domain names or reposition domains in a forest is much easier than having to go through the domain rename process. Just knowing that such functionality exists, however, is a breath of fresh air for designers.
Cross-Forest Transitive TrustsNew in Windows .NET Server 2003, the concept of cross-forest transitive trusts lessens domain designers' connectivity worries. In the past, some administrators balked at the limitations of collaboration within Windows 2000 Active Directory structures. The cross-forest trust capability of Active Directory negates those concerns because multiple Active Directory forests can now be joined via cross-forest trusts that are transitive, rather than explicit, in nature. The combination of these forests is known in the Microsoft world as federated forests.
Global Catalog Media CreationThe ability to promote remote servers to domain controllers via a CD image of the global catalog helps to limit replication traffic and the time associated with establishing remote domain controllers. There have been some recorded instances of DC promotions taking several days and even up to a week to replicate the initial global catalog information in Windows 2000. Windows .NET Server 2003 solves this issue by providing you the ability to save the global catalog to media (like a CD-ROM), ship it to a remote site, and finally run domain controller promotion (dcpromo) and insert the data disk with the directory on it for restoral. Only the delta, or changes made since media creation, are then replicated, saving time and bandwidth. The effect of this on domain design creation is reflected in reduced setup times and increased flexibility of global catalog domain controller placement.
Administrative EnhancementsNew "headless" management functionality reduces the need to have local administrators present at each site. Essentially, Terminal Services Remote Administration has been built into all Windows .NET Server 2003 installs, facilitating remote administration. Terminal Services users will note how easy it is to take control of remote machines and administer them as if they were at the keyboard. No more driving 300 miles to your Death Valley branch office to reboot a server. Because all domain controllers, member servers, application servers, and so on will have Terminal Services capability, designers will have more flexibility in arranging server layout.