Active Directory Installation
Some larger organizations take months (and in some cases, over a year) to plan a proper Active Directory design and get input from a global organization of technology leaders. It is extremely important to give a lot of thought to your AD design to ensure it meets your organization’s needs.
Choosing Your AD Layout
As we mentioned earlier, there are many ways you can structure your Active Directory. From a top level down perspective, most companies either start with a geographic separation or a organizational structure separation, for example Americas, EMEA, PacificRIM for geographic or Accounting, Marketing, Technology, Sales for organizational structure. It does not matter which you select: either will provide a fine starting point for your domain structure, but you need to ensure you pick one direction and be consistent with your choices.
Many organizations start with geography at the top level, then break down into business units or departments underneath that top level. It is important to write naming conventions and standards down so a team in Europe does not call an OU “SalesMarketing” while a team in North America calls an OU “Sales.” Consistency provides for an efficient and manageable Active Directory layout.
There are many different combinations you could choose when designing your AD structure.
In this section, we will look at the installation requirements of Active Directory. Installing AD isn’t a complex process, but the design and configuration can be.
Here are the requirements for installing Active Directory on Windows Server 2003:
· An NTFS partition with enough free space
· An Administrator’s username and password
· NIC with Network Connection
· Properly configured TCP/IP (IP address, subnet mask and – optional – default gateway)
· An operational DNS server (which can be installed on the DC itself)
· A Domain name that you want to use
· Windows Server 2003 CD media or the i386 Folder
In Windows 2000, you chose from two levels: mixed mode or native mode. When Windows 2000 Server was introduced, NT 4 was still a popular server option. To ensure backward compatibility with these servers and clients, Windows 2000 defaulted to mixed mode where you could add Windows NT 4 servers to the Windows 2000 Active Directory domain.
Windows Server 2003 introduced functional levels – a set level of backward compatibility for previous operating systems. If you are in an environment with NT 4 servers and Windows 2000 servers which are still accessed, you can set a functional level to ensure backwards compatibility.
Windows 2003 expands from those two modes to one of many domain functional levels including Windows 2000 Mixed, Windows 2000 Native, Windows Server 2003 Interim, and Windows Server 2003. Also, in Windows Server 2003, you have three forest functional levels available: Windows 2000, Windows Server 2003 Interim, or Windows server 2003. Each functional level brings new features available and lose compatibility with some set of servers or clients.
By default, Windows Server 2003 starts at Windows 2000 Mixed functional level. Not all of the features of 2003 are available in this mode, so if you are designing a new Windows 2003 AD environment, you will want to take advantage of the new features added in Windows Server 2003.
In Windows 2000, we referred to this change as “changing the mode,” but in Windows 2003, we now raise the functional level with either Active Directory Users and Computers or Domains and Trusts.
This change cannot be reversed – once you make a decision to raise the functional level, you cannot go back to a lower functional level.