Tip

Maximize your AD domain design

Active Directory networks are organized using four types of divisions or container structures. These four divisions are forests, domains, organizational units and sites. When you are designing your network, it is important to use these divisions to their maximum potential. Let's take a closer look at the domain division.

Domain divisions are most often used as logical containers. However, Microsoft recommends that you employ domains also as physical containers. In other words, create domains whose members are all geographically close rather than distant. This is an important design aspect since the level of traffic within a domain is considerably higher than that between one domain and another. In general, a domain with limited physical size is less likely to include expensive WAN links or pay-per-bit connections. When slow links must be included in a network design, it is often beneficial to create multiple domains connected by the slower connections.

Domains serve as containers for security policies and administrative assignments. All objects within a domain are subject to domain-wide group policies by default. Likewise, any domain administrator can manage all objects within a domain. Furthermore, each domain has its own unique accounts database. Thus, authentication is on a domain basis. Once a user account is authenticated to a domain, that user account has access to resources within that domain.

If you are migrating from a Windows

    Requires Free Membership to View

NT environment to Windows 2000 or Windows 2003, there are a few additional issues to be aware of when designing domains. It is no longer necessary to create separate domains to divide administrative privileges. Within Active Directory, it is possible to delegate administrative privileges based on organizational units. Domains are no longer restricted by a 40,000-user limit. Active Directory domains can manage millions of objects. There are no longer PDCs and BDCs. Instead, Active Directory uses multi-master replication and all domain controllers are peers

This was first published in April 2003

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.