© 2004 Mustan Bharmal. All Rights Reserved.
1.Introduction to Domain Plan
This design methodology requires an organisation to generate a single “Domain Plan” for each required production Active Directory domain, within each required forest. Hence, wherea Windows Server 2003 Active Directory infrastructure for an organisation consist of threeforests supporting only four production domains, then four domain plans are required.Note that it is not necessary to generate a domain plan for test domains or non-productiondomains, which will not support business processes within an organisation.
1.1.
Domain Plan Scope
The “Domain Plan” will assist the owner(s) and participants within this domain to generate adesign for only those components of an Active Directory infrastructure that requireimplementation for an organisation at the domain level and not at any other Active Directorycomponent (forest or site) level, or as part of a migration, change control, or managementplan.
1.2.
Background Information
Execute the processes within this Domain Plan following the completion of the processeswithin the respective Forest Plan for this domain, within the Windows Server 2003 ActiveDirectory infrastructure.The results of the following Forest Plan processes provide indications as to intendedfunction(s) of each required domain:
•
“Determination of the number of domains required”
•
“Determination of the structure and relationships of multiple domains”
•
“Determination of the boundaries and content of each domain”As it is possible to identify a number of factors that will influence the requirement for thisdomain, each domain may be slightly or greatly different to other domains in the forest, or Active Directory infrastructure. Hence, one domain plan may not support all of the designaspects for every required domain within an organisation, and thus the requirement to designa dedicated Domain Plan for each required domain.Note that references to “this domain” or “this Active Directory domain” within the processeswithin this Domain Plan implicitly refer only to the Active Directory domain that this DomainPlan supports.
1.3.
Domain Plan Concepts
This design methodology introduces the concept of an “object and resource managementinfrastructure”, abbreviated as “ORMI” or “ORMIs” to denote multiple instances of this type of infrastructure. An ORMI is consists of four components dedicated to the management of Active Directory objects, and the management of access control to resources using a securitygroup infrastructure.The Domain Plan will assist an organisation in the generation of a design for theimplementation of one or more ORMIs within this domain. A component of the “ActiveDirectory Management Plan” (volume 2 of design methodology) will assist an organisation ingeneration of a design for the management of one or more ORMIs within this domain.With respect to object management, an Active Directory domain is the largest logical structurewithin an Active Directory forest within which Active Directory objects (such as user andcomputer accounts, security and distribution groups, Organizational Units (OUs), printer objects, shared folder objects, and so on) are generated.Page 3 of 354 Last printed 28/5/2004 12:28a5/p5
Leave a Comment