Designing a Directory Service Architecture
Feeling more comfortable with this objective? Good, you shouldespecially if you already passed the four core exams. This objective is really funyou're in charge now. You'll be deciding how the company's current geographical, technological, and financial composition will influence your design of directory services.
You'll need an advanced understanding of trees versus forests, and when it's best suited to create one over the other. This means that sometimes it may make perfect sense for you, the Windows 2000 guru, to create a tree, but it doesn't make sense in a company in which departments and egos are battling. Sometimes, a forest is required because the powers that be say so.
You will need to know about the schema and the mechanics of extending the schema. There may be applications in use that require the extension or objects that need to be added to the AD that are currently supported in any of the available containers. Know what it means to extend the schema, how it's done, and who can do it.
As you design your AD implementation, consider the existing Windows NT 4.0 domains that may be already in place. Did the company use a master model domain? A multiple master model? And, heaven forbid, a complete trust model? You will need an understanding of the Windows NT 4.0 trust relationships and how those will work with Windows 2000 to pass this portion of the exam.
Of course, not all companies are using just a Microsoft network. How will you replace or integrate with other directory services? (Think Netware, Banyan Vines.) Which protocols and services are needed within 2000 to integrate with these network operating systems?
You will have to be either a pawn or a politician. What I mean is that you'll have to organize "business units" into organizational units (OUs) that fit within the political scheme of the company. Who will be in control of these OUs? Will you delegate control to each department? How is delegation managed?
Finally, as your plans for directory services are coming into shape, you must consider the replication and communication of AD between servers. Consider sites separated by slow WAN links. And what of AD-integrated DNS zones and those that are independent, such as UNIX DNS servers? How will they transfer zone information over slow links?
Study Hint: Study the requirements and procedures for upgrading Windows NT 4.0 domains to Windows 2000. Remember: PDCs go first.