8.1 The Complexities of a Design

Active Directory is a complex beast, and designing for it isn't easy. Take a look at a fictitious global company called PetroCorp, depicted in Figure 8-1.

Figure 8-1. The sites and servers of a company called PetroCorp

Here you can see a huge network of sites linked with various network connections across wide area networks. A variety of domains seems to exist for othercorp.com and petrocorp.com, and as each one of those square boxes represents a single domain controller (the servers that host Active Directory in an organization), you can see that some of the servers will need to replicate data across those WAN links. petrocorp.com, for example, seems to need to replicate to all the major sites, since it has domain controllers (DCs) in each of those sites.

Take a look at Figure 8-2, which shows a much more complex hierarchy.

Figure 8-2. A complex domain tree showing GPOs

It's possible to see the users and computers in all the Organizational Units in this view, and the structure seems to be set up so that Group Policy Objects (GPOs, represented by trapezoids) can act on various portions of the tree. These GPOs could be anything from what menus appear on the screen to what applications can be run to what hardware is available for each user.

Following is a discussion of the principles and processes that will help you create complicated designs like these to mirror the complexities in your own organization.

    Part II: Designing an Active Directory Infrastructure
    Part III: Scripting Active Directory with ADSI, ADO, and WMI