Domain Namespace Design
Everyone can agree that Active Directory will be a more efficient Windows directory than the one in Windows NT 4.0. With this more flexible directory comes much more complexity.
So how do I create a domain namespace in Windows 2000 Active Directory? Well the answer will be longer than a single tip, but there is a single word answer that can get you headed in the right direction: Plan.
On that note, here are 6 steps toward effective namespace design (From Windows 2000 Active Directory by Alistair G. Lowe-Norris, O'Reilly and Associates, 2000).
- Decide on the number of domains
Imagine one domain for all of your objects then make sure that each other domain created has a specific justification. You don't want to rename domains so make sure they will be static and will not become obsolete.
- Design and name the tree structure
One domain will need to be the forest root. Once this is selected you will need to decide on a namespace naming scheme before you add additional trees.
- Design the workstation and server naming scheme
Fully qualified Domain Names must be unique across the entire forest, so the addition of a unique prefix to identify a workstation or server can make the object name unique domain wide.
- Design the hierarchy of Organizational Units
Organizational Units are much more flexible than Domains; administrative permissions
- are best applied in OUs.
- Design the users and groups
Groups have only users or computers as members and can be used in assigning permissions to the members collectively.
- Design the Global Catalog
The Global Catalog is needed to facilitate efficient searching of Active Directory.
For a more information on each of these steps and real world examples see Alistair G. Lowe-Norris's book Windows 2000 Active Directory.
This was first published in October 2000