Active Directory Policy Statement General Active Directory Forest
Active Directory Policy Statement
Active Directory Forest :
Deployment of one Active Directory Forest will suffice for WWTC’s requirments. There are not requirements for data isolation within WWTC’s Active Directory configuration and any data separation can be performed using data isolation. A single-forest was chosen because it is very cost-effective and requires the least amount of administrative support. For example, with only one forest, the global catalog does not require synchronization across forests and management of a duplicate infrastructure is not required. An organizational forest model will be used with user accounts and resources contained in the forest and managed independently. The forest will be used to provide service and data isolation. This has been chosen insteady of other models where resources and users are isolated in separate forests.
Active Directory Domain :
WTC will use an Organizational Domain Forest to provide autonomous groups within the forest as required. The New York office will have a separate domain from the Hong Kong office since it will be largely autonomous. In addition, a separate domain can be created to restrict access to confidential data. Since WWTC will have few IT personnel to care for day-to-day IT support activities in New York, the following functions will be maintained by forest-level administration:
• Creating and removing domain controllers
• Monitoring the functioning of domain controllers
• Managing services that are running on domain controllers
• Backing up and restoring the directory
Two domains will require that Group Policy settings as well as access control /auditing settings( required forest-wide) are implemented separately to each domain in the forest. This setup is considered a regional domain configuration and will reduce traffic over wide area network (WAN) links. While service administration will be carefully controlled at the Hong Kong office, the following functions will be maintained within the New York office:
• Creating organizational units (OUs) and delegating administration
• Repairing problems in the OU structure that OU owners do not have sufficient access rights to fix
Instead of creating a separate forest root domain, the New York office function as the forest root domain. It will be a parent domain to the other offices. Service administrator accounts will reside on the New York root domain while user accounts for each region will reside on the appropriate domain. For administration purposes, the branch offices will functions as child domains under the New York root domain. This configuration was chosen because it is much easier to manage than a configuration with a separate domain for administrative accounts.
Active Directory Naming Convention:
WWTC.org is the Active Directory namespace used by WWTC. It is a registered fully qualified domain name for WWTC. WWTC will use the same internal and external namespace. WWTC.org will be used from inside and outside the organization without a separate namespace for internal access to resources. This means that the tree name (WWTC.org) is consistent for the private and public (Internet) allowing users to logon with the same credentials internally and externally. This requires a separate zone outside the firewall to provide name resolution for public resources and does create security concerns to ensure that clients accessing resources from outside the organization do not have access to internal company resources. This also creates the requirement for maintaining the records on both the internal and external DNS servers simultaneously. The attached illustration shows this configuration.
We Also Recommend
"Applying Skills Learned" Please respond to the following- From the e-Activity, explain what you learned about the Website you selected
(TCO 3) Managers are often required to make decisions about the future based