Bill Detwiler: The way you design your Active Directory can make a huge difference in how well your network functions and how easy it is to administer.
I'm Bill Detwiler, and during this episode of TR Dojo, I'll show share five best practices that can help you maximize efficiency, simplify maintenance, and readily manage AD as your organization grows.
Active Directory design is a science, and it's far too complex to cover all the nuances in a five-minute video. But, TechRepublic blogger Brien Posey put together a list of 10 quick tips that can help you create an efficient AD design and make your AD easier to troubleshoot and manage. I'll go over five of those tips during this video, and I'll post a link to the full list in the TR Dojo blog.
The first tip should be an obvious one, and that's to keep things as simple as you can.
Active Directory is designed to be flexible, and if offers numerous types of objects and components. But just because you can use something doesn't mean you should.
Keeping your Active Directory as simple as possible will help improve overall efficiency, and it will make the troubleshooting process easier whenever problems arise.
Despite the benefits of keeping your AD design simple, you should always use the site topology that's appropriate for you network. And that's tip number two.
Larger networks will almost always require multiple Active Directory sites. The site topology should mirror your network topology. Portions of the network that are highly connected should fall within a single site. Site links should mirror WAN connections, with each physical facility that is separated by a WAN link encompassing a separate Active Directory site.
Smaller organizations often try to save money by configuring their domain controllers to pull double duty. For example, an organization might have a domain controller that also acts as a file server or as a mail server.
Whenever possible, your domain controllers should run on dedicated servers (physical or virtual). Adding additional roles to a domain controller can affect the server s performance, reduce security, and complicate the process of backing up or restoring the server.
Another way that smaller organizations sometimes try to save money is by having only a single DNS server. The problem with this approach is that Active Directory is totally dependent upon the DNS services. If you have a single DNS server, and that DNS server fails, Active Directory will stop working.
Finally, if you are operating an Active Directory consisting of multiple sites, make sure that each one has its own global catalog server. Otherwise, Active Directory clients will have to traverse WAN links to look up information from a global catalog.
As I mentioned at the beginning of this week's episode, these five best practices are just the tip of the iceberg when it comes to Active Directory design.
For more AD design advice, including the importance of backing up your Domain controllers that host FSMO roles, check out Brien Posey's 10 tips for effective Active Directory design. I link to it from the TR Dojo blog.
And as always for more teachings on your path to becoming an IT Ninja, visit trdojo.techrepublic.com, or you can follow me on Twitter at twitter.com/billdetwiler.
Thanks for visiting the TR Dojo.
