Microsoft Windows NT 4.0 Guide Manual de usuario descargar pdf (Pagina 53)

Microsoft

Windows Server

™

2003 White Paper

Windows NT 4.0 Server Upgrade Guide 48

Another major area of study especially important to Windows NT administrators are the Flexible

Single Master Operations Roles (FSMO) roles. The PDC emulator role can be crucial to the

success of an upgrade to Windows Server 2003 Active Directory from Windows NT 4.0. This role

emulates the functions of a PDC for pre-Windows 2000 clients.

What follows are guidelines for devising a high-level Active Directory infrastructure design.

Design a Forest Plan

One of the first decisions in Active Directory planning is how many forests are present in an

organization. A forest is essentially a boundary for a domain or multiple domains. All domains in a

forest share a common Active Directory schema. The Active Directory schema defines the objects

that can be stored in Active Directory. An object is a distinct named set of attributes that

represents a network resource. Object attributes are characteristics of objects in the directory. For

example, a printer object has a name, location, driver, and so on. These attributes make up a

printer object and define how the object works. The goal of any upgrade is to minimize the

number of forests, and thus the number of schemas. The ultimate goal is to have only one forest,

but this ideal is not always practical. For example, maybe an organization has two distinct

businesses that do not interact with one another. They are independent, even though they live

under the same corporate umbrella. In such a case, two forests are necessary.

Making changes to the schema can have enterprise-wide ramifications, so a schema modification

policy is important at this stage. This policy defines who can make changes to the schema. These

changes propagate to all domains and domain controllers in the forest, so it is an important policy.

Design a Domain Plan

When designing the domain plan, keep in mind that Active Directory may enable you to use fewer

domains than Windows NT 4.0. OUs did not exist in Windows NT 4.0 domains. An OU is a

container used to organize objects within a domain into a logical administrative group.

With Windows NT 4.0 domains, if an enterprise administrator wanted to allow an administrator in

a remote location to administer their own network resources without administering all network

resources in the enterprise, it required another domain to be installed. OUs perform the same

function in Active Directory. Using an OU, an enterprise administrator can grant administrative

access to a local administrator for all objects located at the remote location but prohibit access to

objects outside that OU.

The domain design phase should also evaluate the number of domains to be upgraded and why

those domains were created in the first place. If a domain can be retired and replaced by an OU,

the upgrade plans should include the removal of unnecessary domains—a scenario known as

domain consolidation.

Designing an OU Plan

When determining the OUs to include, it is important to understand an OU’s purpose.

Fundamentally, an OU serves three purposes:

• Provides logical groupings of objects (for locating objects).

1 2 ... 48 49 50 51 52 53 54 55 56 57 58 ... 154 155

Comentarios a estos manuales

Sin comentarios

Microsoft Windows NT 4.0 Guide Manual de usuario Pagina 53

Comentarios a estos manuales

Relacionado con productos y manuales para Servidores Microsoft Windows NT 4.0 Guide