Module 12:

Implementing an
Active Directory®
Domain Services
Infrastructure
Module Overview
• Overview of the AD DS Domain

• Planning a Group Policy Strategy

Lesson 1: Overview of the AD DS Domain
• Overview of the Current AD DS Domain Design

• Overview of the Required AD DS Domain Design

• Overview of the AD DS Site Design

Overview of the Current AD DS Domain Design

Forest Root
WoodgroveBank.com
Domain

EMEA.WoodgroveBank.com Asia.WoodgroveBank.com
Overview of the Required AD DS Domain Design

Forest Root
Domain

Separate Tree
WoodgroveBank.com

Contoso.com

EMEA.WoodgroveBank.com Asia.WoodgroveBank.com

Contoso.com will join the WoodgroveBank forest in a separate tree

Overview of the AD DS Site Design
London_Site

New Site
NYC-Head-Office
NYC-Branch-Office

New Site

Contoso Tokyo_Site

Miami_Site

Two new sites will be created

•Contoso site
•NYC-Branch-Office site
Lesson 2: Planning a Group Policy Strategy
• Overview of Domain Controller Deployment

• Overview of Forest Trust Relationship

• Overview of the AD DS Group Policy Object Design

Overview of Domain Controller Deployment
New London_Site

RODC
NYC-DC3 NYC_Site

NYC-Branch-Office

New

ContosoDC

Tokyo_Site
Contoso
RODC

Miami_Site
Lab A: Deploying Active Directory
Domain Services
• Exercise 1: Installing a Read-only Domain Controller
(RODC) onto Server Core, and Creating a Branch Office
Site
• Exercise 2: Creating a Domain in a Separate Tree and
Separate Site

Logon information
Virtual machine NYC-DC1, NYC-DC1, NYC-DC3, NYC-SRV1
User name Administrator
Password Pa$$w0rd

Estimated time: 120 minutes

Lab A: Review
• How do sites control logon traffic?

• What is the advantage of having separate trees in the

forest for Woodgrove Bank?
Overview of Forest Trust Relationship

Forest Root Forest Root

Domain Domain

Separate Tree Forest Trust

WoodgroveBank.com

Contoso.com Fabrikam.com

EMEA.WoodgroveBank.com Asia.WoodgroveBank.com

The Fabrikam.com forest will have a forest trust relationship

with the WoodgroveBank forest
Lab B: Configuring Forest Trust Relationships
• Exercise: Upgrading the Fabrikam Domain, and Creating a
Forest Trust with Woodgrove Bank

Logon information
Virtual machine NYC-DC1, VAN-DC1, NYC-SRV1, NYC-RAS
User name Administrator
Password Pa$$w0rd

Estimated time: 60 minutes

Lab B Review
• What tasks must be performed before a Windows Server
2008 can be added to a Windows 2003 domain as a
member server?
• What tasks must be performed before a Windows Server
2008 can be added to a Windows 2003 domain as a
domain controller?
 Overview of the AD DS Group Policy
Object Design
Miami NYC Toronto Executives ITAdmins

BranchManagers BranchManagers BranchManagers Users

CustomerService CustomerService CustomerService Computers

Investments Investments Workstations

Marketing Marketing

Workstations Workstations

WoodgroveBank.com
Lab C: Designing a Group Policy Strategy
• Exercise 1: Planning Group Policy

• Exercise 2: Implementing the Corporate Desktop Policy

Logon information
Virtual machine NYC-DC1
User name Administrator
Password Pa$$w0rd

Estimated time: 30 minutes

Lab C: Review
• How would you ensure that a policy will always be
applied?
• How would you exempt certain users or computers from
being affected by a GPO?
Module Review and Takeaways
• Considerations
Course Evaluation