Microsoft Certifications

Planning and Implementing an Active Directory Infrastructure: Exam 70-294 – Part 1

Exam 70-294 – Planning and Implementing an Active Directory Infrastructure

The objectives covered in this Tutorial:

  • Plan a strategy for placing global catalog servers.
    • Evaluate network traffic considerations when placing global catalog servers.
    • Evaluate the need to enable universal group caching.
  • Plan flexible operations master role placement.
    • Plan for business continuity of operations master roles.
    • Identify operations master role dependencies.
  • Implement an Active Directory directory service forest and domain structure.
    • Create the forest root domain.
    • Create a child domain.
    • Create and configure Application Data Partitions.
    • Install and configure an Active Directory domain controller.
    • Set an Active Directory forest and domain functional level based on requirements.
    • Establish trust relationships. Types of trust relationships might include external trusts, shortcut trusts, and cross-forest trusts.
  • Implement an Active Directory site topology.
    • Configure site links.
    • Configure preferred bridgehead servers.
  • Plan an administrative delegation strategy.
    • Plan an organizational unit (OU) structure based on delegation requirements.
    • Plan a security group hierarchy based on delegation requirements.


This tutorial covers the first section of the MCSE 70-294 certification exam, Planning and Implementing an Active Directory Infrastructure, and teaches you how to pass this exam.

Planning plays an important role in implementing Active Directory (AD) Infrastructure in an organization. Each minute detail should be carefully worked upon before implementing Active Directory because even a small correction requires you to pay a high price at a later stage. For example, a small requirement of renaming a root domain name may require a complete rollback of the entire Active Directory in a Forest. Besides, poor planning may increase the maintenance cost, network traffic, and administrative headaches.

To create an efficient infrastructure design of Active Directory for an organization, you need to create a design team. This team should include people who can ensure that all the aspects of the organization are addressed while implementing AD. After creating a design team, you should analyze the business and technical requirements of the organization and then create a test environment to test your Active Directory deployment.

The planning process of AD infrastructure is done in four stages. These stages are:

  • Creating a Forest Plan: This stage requires you to determine the number of AD forests you want to implement in your organization. More than one forest may increase costs by requiring multiple administrators, maintaining multiple schemas, global catalogs, and trusts. More than one forest should only be created if the organization has two separate groups that do not trust each other and both of the groups must be managed separately.
  • Creating a Domain Plan: This stage requires you to determine the number of domains required in your organization. The number of domains should be carefully planned because each additional domain will increase the hardware cost. Also, once a domain is created, it is difficult to delete it or even rename it.

You should consider creating more than one domain based on the requirements of security policy settings, privacy concerns or administrative requirements, or the need to establish a distinct namespace.

This stage also requires you to define the forest root domain. You can use the existing domain as forest root domain or create another forest root. A dedicated forest root domain can provide better security, scalability, and network traffic optimization.

In this stage you also need to determine the number of domain trees, naming domains, and subdomains in the hierarchy.

  • Creating an OU (Organizational Unit) plan: This stage requires you to create a plan for the number of OUs required. The OU planning depends on the requirement of delegating information, hiding objects, and administering Group Policy. This plan also requires you to decide on the user accounts that must be placed in each OU.
  • Creating Site topology: This stage requires you to plan for the optimization of the network traffic in the organization. You need to determine the best way to physically group computers on the network and define sites so that optimum network response time can be achieved. It also requires placing domain controllers, global catalog servers, and operation masters within the forest.

This tutorial discusses each aspect of planning and implementing Active Directory infrastructure in a logical manner.