TWiki> CF Web>Infrastructure>CSCFActiveDirectory>ADForestLayout (2019-10-08, DaveGawley) EditAttach
-- Main.ctucker - 28 Oct 2005

CSCF Active Directory Forest

UNDER CONSTRUCTION: to be updated to new AD service design Fall 2019

The previous CSCF Active Directory is structured in the following manner.

  • One Forest
    • The Forest Root Domain being CSCF since it was the first to be established.
  • Two Trees
    • The Tree Root Domains for these trees being CS-GENERAL and CSCF since these domains were the first members of their respective trees.
  • Four Domains
    • CSCF, CS-GENERAL, CS-TEACHING and CSCF-SYSADMINS. CS-TEACHING and CSCF-SYSADMINS are considered child domains or sub-domains of CS-GENERAL and CSCF respectively.
  • AD Domain hierarchy and DNS names established to reflect pre-existing host naming standards within CS.
  • CSCF, as a forest root domain, is empty of computers and users save domain controllers, and domain administrators.
  • CS-GENERAL and CS-TEACHING correspond to the xhier core and teaching regions respectively.
  • CSCF-SYSADMINS was established for the development of TwoFactor authentication within the Active Directory.

CSCF Active Directory Layout

Domain Controller Distribution

There should be three domain controllers per domain. Why three?

  • To preserve redundancy in the event of a failure or necessary shut down of one domain controller.
  • To provide an alternate replication route within a domain if some part of the network becomes disabled.
  • Based upon our experience with our prototype Active Directory called DRAGONFLY; To avoid domain activity becoming slowed to a crawl if the domain is left to rely upon one domain controller.
  • To properly distribute key domain and forest Operational Masters across the domain.
    • PDC Emulator
    • RID Master
    • Infrastructure Master
    • Global Catalogue Server
    Microsoft recommends that there be at least one redundant Global Catalogue in any forest. This ensures availability of the Global Catalogue at all times. Hence one Global Catalogue server is placed in the forest root domain (CSCF) and one in the CS-GENERAL domain. In addition, the sheer size of the CS-TEACHING domain in user objects alone necessitates a spare Global Catalogue located there in this domain.
    Microsoft recommends that the Infrastructure Master not be on any Global Catalogue server. Apparently the presence of the Global Catalogue interfers with the Infrastructure Master. Microsoft recommends a standby DC for PDC, RID and Infra Masters in the event of masters' failure.
Edit | Attach | Watch | Print version | History: r13 < r12 < r11 < r10 < r9 | Backlinks | Raw View | WYSIWYG | More topic actions
Topic revision: r13 - 2019-10-08 - DaveGawley
 
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2024 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback