Active
Directory Planning Worksheets
taken with permission from Active Directory Planning and Design by Harry Brelsford
Table 1: Business Needs Analysis (Q and A)
Table 2: Business Requirements Analysis
Table 3: Project Plan
Table 4: Active Directory Design and Planning Team
Table 5: Technical Requirements Analysis
Table 6: Security Requirements Planning
Table 7: Windows 2000 Server Network Infrastructure Planning
Table 8: Active Directory Design and Planning
Table 9: Windows NT 4.0 to Windows 2000 Migration Planning
Table 1: Business Needs Analysis (Q and A) |
|
Question |
Answer |
Have you clearly defined the nature of the organization’s business? |
|
Has the organization developed a clear sense of direction or mission? |
|
Does the organization have a clear philosophy for conducting its business affairs? |
|
Are the organization’s business goals attainable? |
|
Are the organization’s objectives logically related in a hierarchy that will lead to goal achievement? |
|
Does the organization periodically reevaluate its objectives to be sure they have not grown obsolete? |
|
Has the organization developed a logical and planned approach for collecting data on its internal and external environment? |
|
Are data stored of filed in ways that allow easy retrieval of useful information? |
|
Are reports produced that are seldom or never used? |
|
Does the organization periodically review its information system to make certain it is useful and up-to-date? |
|
List four or five key strengths of the organization. |
|
What are key weaknesses in the organization? |
|
In developing the organization’s final strategy, did it consider three or four possible alternatives? |
|
Are employees involved in making planning decisions? |
|
Did management take time to communicate the final strategic plan to employees and deal with their concerns? |
|
Is the timetable for implementation of the strategic plan realistic? |
|
Have definite checkpoints been schedules for assessing progress toward goals? |
|
Has the organization developed effective ways of measuring progress? |
|
Table 2: Business Requirements Analysis |
||
Analysis Item |
Sub-Analysis Item |
Completed |
Analyze the existing and planned business models |
|
|
|
Analyze the company model and the geographical scope. Models include regional, national, international, subsidiary, and branch offices. |
|
|
Analyze company processes. Processes include information flow, communication flow, service and product life cycles, and decision-making. |
|
Analyze the existing and planned organizational structures. Considerations include management model: company organization: vendor, partner, and customer relationships; and acquisition plans. |
|
|
Analyze factors that influence company strategies. |
|
|
|
Identify company priorities. |
|
|
Identify the projected growth and growth strategy. |
|
|
Identify relevant laws and regulations. |
|
|
Identify the company’s tolerance for risk. |
|
|
Identify the total cost of operations |
|
Analyze the structure of IT management. Considerations include type of administration, such as centralized or decentralized; funding model; outsourcing; decision-making process; and change-management process. |
|
|
Analyze business and security requirements for the end user. |
|
|
Analyze the current physical model and information security model. |
|
|
|
Analyze internal and external security risks. |
|
Other |
|
|
Other |
|
|
Other |
|
|
Table 3: Project Plan |
||
Phase |
Tasks |
Duration / Assigned |
A. AD Design Creation |
|
|
|
A.1. Namespace (DNS) Selection |
|
|
A.2. Namespace Design |
|
|
A.3. Domain Tree/Forest Architectural Development |
|
|
A.4. AD Domain Naming Conventions |
|
|
A.5. DNS Design |
|
|
A.6. DNS Interoperability Issues |
|
|
A.7. DNS Zones and Administrative Model Development |
|
|
A.8 OU Development and Design |
|
|
A.9. Group and User Design |
|
|
A.10. Security Design and Development |
|
|
A.11. Delegation of Authority Design |
|
|
A.12. AD/Windows 2000 Capacity Planning |
|
|
A.13. Design of Group Policies |
|
B Test Lab (Proof of Concept) |
|
|
|
B.1. Testing Server Functionality |
|
|
B.2. Core Service Testing (DNS, DHCP, WINS) |
|
|
B.3. Server Interoperability and Coexistence Testing |
|
|
B.4. Server Migration Testing |
|
|
B.5. Desktop Testing (Operating System, Applications) |
|
|
B.6. Network Infrastructure |
|
|
B.7. Hardware Infrastructure |
|
C. Production Pilot |
|
|
|
C.1. Launch Pilot Phase |
|
|
C.2. Pilot Planning Tasks |
|
|
C.3. Pilot Feedback |
|
D. Rollout |
|
|
|
D.1. Develop Implementation Plan |
|
|
D.2. Perform Work |
|
|
D.3. Troubleshooting |
|
|
D.4. Feedback |
|
Other |
|
|
Other |
|
|
Other |
|
|
Table 4: Active Directory Design and Planning Team |
||
Team Member |
Role |
Comments |
|
Enterprise or AD Architect |
|
|
Corporate Standards Implementation Lead |
|
|
Deployment Site Lead |
|
|
Deployment Team Lead |
|
|
Help Desk Lead |
|
|
Networking Lead |
|
|
Services/Product/Technology Lead |
|
|
Developer Lead |
|
|
End User Lead |
|
|
Senior Management/Executive Representative |
|
|
Line Manager(s) |
|
|
Other |
|
|
Other |
|
|
Other |
|
Table 5: Technical Requirements Analysis |
||
Analysis Item |
Sub-Analysis Item |
Completed |
Evaluate the company’s existing and planned technical environment and goals |
|
|
|
Analyze company size and user and resource distribution |
|
|
Assess the available connectivity between the geographic location of worksites and remote sites |
|
|
Assess the net available bandwidth and latency issues |
|
|
Analyze performance, availability, and scalability requirements of services |
|
|
Analyze the method of accessing data and systems |
|
|
Analyze network roles and responsibilities. Roles include administrative, user, service, resource ownership, and application. |
|
|
Analyze security considerations |
|
Analyze the impact of Active Directory on the existing and planned technical environment |
|
|
|
Assess existing systems and applications |
|
|
Identify existing and planned upgrades and rollouts |
|
|
Analyze technical support structure |
|
|
Analyze existing and planned network and system management |
|
Analyze the business requirements for client computer desktop management |
|
|
|
Analyze end-user work needs |
|
|
Identify technical support needs for end-users |
|
Establish the required client computer environment standards |
|
|
Analyze the existing disaster recovery strategy for client computers, servers, and the network |
|
|
Analyze the impact of infrastructure design on the existing and planned technical environment |
|
|
|
Assess current applications |
|
|
Analyze network infrastructure, protocols, and hosts |
|
|
Evaluate network services |
|
|
Analyze TCP/IP infrastructure |
|
|
Assess current hardware |
|
|
Identify existing and planned upgrades and rollouts |
|
|
Analyze technical support structure |
|
|
Analyze existing and planned network and systems management |
|
Other |
|
|
Other |
|
|
Other |
|
|
Table 6: Security Requirements Planning |
||
Analysis Item |
Sub-Analysis Item |
Complete |
Design a security baseline for a Windows 2000 network that includes domain controller, operations masters, application servers, file and print servers, RAS servers, desktop computers, portable computers, and kiosks |
|
|
Identify the required level of security for each resource. Resources include printers, files, shares, Internet access, and dial-in access |
|
|
Design an audit policy |
|
|
Design a delegation of authority policy |
|
|
Design the placement and inheritance of security policies for sites, domains, and organizational units |
|
|
Design an Encrypting File System strategy |
|
|
Design an authentication strategy |
|
|
|
Select authentication methods. Methods include certificate-base authentication, Kerberos authentication, clear-text passwords, digest authentication, smart cards, NTMLM, RADIUS, and SSL. |
|
|
Design an authentication strategy for integration with other systems |
|
Design a security group strategy |
|
|
Design a Public Key Infrastructure |
|
|
|
Design Certificate Authority (CA) hierarchies |
|
|
Identify certificate server roles |
|
|
Certificate management plan |
|
|
Integrate with third-party CAs |
|
|
Map certificates |
|
Design Windows 2000 network services security |
|
|
|
Design Windows 2000 DNS security |
|
|
Design Windows 2000 Remote Installation Services (RIS) security |
|
|
Design Windows 2000 SNMP security |
|
|
Design Windows 2000 Terminal Services security |
|
Provide secure access to public networks from a private network |
|
|
Provide external users with secure access to private network resources |
|
|
Provide secure access between private networks |
|
|
|
Provide secure access within a LAN |
|
|
Provide secure access within a WAN |
|
|
Provide secure access across a public network |
|
Design Windows 2000 security for remote access users |
|
|
Design a Server-Messaging Block (SMB)-signing solution |
|
|
Design an IPSec solution |
|
|
|
Design an IPSec encryption scheme |
|
|
Design an IPSec management strategy |
|
|
Design negotiation policies |
|
|
Design security policies |
|
|
Design IP filters |
|
|
Design security levels |
|
Other |
|
|
Other |
|
|
Other |
|
|
Table 7: Windows 2000 Server Network Infrastructure
Planning |
||
Analysis Item |
Sub-Analysis Item |
Completed |
Modify and design a network topology |
|
|
Design network services that support application architecture |
|
|
Design a resource strategy |
|
|
|
Plan for the placement and management of resources |
|
|
Plan for growth |
|
|
Plan for decentralized or centralized resources |
|
Design a TCP/IP networking strategy |
|
|
|
Analyze IP subnet requirements |
|
|
Design a TCP/IP addressing and implementation plan |
|
|
Measure and optimize a TCP/IP infrastructure design |
|
|
Integrate software routing into existing networs |
|
|
Integrate TCP/IP with existing WAN requirements |
|
Design a plan for the interaction of Windows 2000 network services such as WINS, DHCP, and DNS |
|
|
Design a DHCP strategy |
|
|
|
Integrate DHCP into a routed environment |
|
|
Integrate DHCP with Windows 2000 |
|
|
Design a DHCP service for remote locations |
|
|
Measure and optimize a DHCP infrastructure design |
|
Design name resolution services |
|
|
|
Create an integrated DNS design |
|
|
Create a secure DNS design |
|
|
Create a highly available DNS design |
|
|
Measure and optimize a DNS infrastructure design |
|
|
Design a DNS deployment strategy |
|
|
Create a WINS design |
|
|
Create a secure WINS design |
|
|
Measure and optimize a WINS infrastructure design |
|
|
Design a WINS deployment strategy |
|
Design a multi-protocol strategy. Protocols include IPX/SPX and SNA |
|
|
Design a Distributed file system (Dfs) strategy |
|
|
|
Design the placement of a Dfs root |
|
|
Design a Dfs root replica strategy |
|
Designing for Internet Connectivity |
|
|
|
Design an Internet and extranet access solution. Components of the solution could include proxy server, firewall, routing and remote access, Network Address Translation (NAT, connection sharing, Web server, or mail server |
|
|
Design a load-balancing strategy |
|
Design an implementation strategy for dial-up remote access |
|
|
|
Design a remote access solution that uses Routing and Remote Access |
|
|
Integrate authentication with Remote Authentication Dial-In User Service (RADIUS) |
|
Design a virtual private network (VPN) strategy |
|
|
Design a Routing and Remote Access routing solution to connect locations |
|
|
|
Design a demand-dial routing strategy |
|
Other |
|
|
Other |
|
|
Other |
|
|
Table 8: Active Directory Design and Planning |
||
Analysis Item |
Sub-Analysis Item |
Completed |
Design an Active Directory forest and domain structure |
|
|
|
Design a forest and schema structure |
|
|
Design a domain structure |
|
|
Analyze and optimize trust relationships |
|
Design an Active Directory naming strategy |
|
|
|
Establish the scope of the Active Directory |
|
|
Design the namespace |
|
|
Plan DNS strategy |
|
Design and plan the structure of organizational units (OU). Considerations include administration control, existing resource domains, administrative policy, and geographic and company structure. |
|
|
|
Develop an OU delegation plan |
|
|
Plan Group Policy Object management |
|
|
Plan policy management for client computers |
|
Plan for the coexistence of Active Directory and other directory services |
|
|
Design an Active Directory site topology |
|
|
|
Design a replication strategy |
|
|
Define site boundaries |
|
Design a schema modification policy |
|
|
Design an Active Directory implementation plan |
|
|
Design the placement of operations masters |
|
|
|
Considerations include performance, fault tolerance, functionality, and manageability |
|
Design the placement of Global Catalog Servers |
|
|
|
Considerations include performance, fault tolerance, functionality, and manageability |
|
Design the placement of domain controllers |
|
|
|
Considerations include performance, fault tolerance, functionality, and manageability |
|
Design the placement of DNS servers |
|
|
|
Considerations include performance, fault tolerance, functionality, and manageability |
|
|
Plan for interoperability with the existing DNS |
|
Other |
|
|
Other |
|
|
Other |
|
|
Table 9: Windows NT 4.0 to Windows 2000 Migration
Planning |
||
Analysis Item |
Sub-Analysis Item |
Completed |
Choose the type of migration. Types include upgrade, restructure Windows NT to Windows 2000, restructure Windows 2000 to Windows 2000, upgrade and restructure, inter-forest restructure, and intra-forest restructure |
|
|
Plan the domain restructure |
|
|
|
Select the domain to be restructured and decide on the proper order for restructuring them. Decide when incremental migrations are appropriate |
|
|
Implement organizational units (OUs) |
|
Select the appropriate tools for implementing the migration from Windows NT to Windows 2000. Tools include Active Directory Migration Tool (ADMT); ClonePrincipal and NETDOM (for inter-forest type), and Move Tree and NETDOM (for intra-forest type) |
|
|
Perform pre-migration tasks |
|
|
|
Develop a testing strategy for upgrading and implementing a pilot migration |
|
|
Prepare the environment for upgrade. Considerations include readiness remediation |
|
Plan to install or upgrade DNS |
|
|
Plan the upgrade for hardware, software, and infrastructure |
|
|
|
Assess current hardware |
|
|
Assess and evaluate security implications. Considerations include physical security, delegating control to groups, and evaluating post-migration security risks |
|
|
Assess and evaluate application compatibility. Considerations include Web Server, Microsoft Exchange, and line of business (LOB) applications. |
|
|
Assess the implications of an upgrade for network services. Considerations include RAS, networking protocols, DHCP, LAN Manager Replication, WINS, NetBIOS, and third-party DNS. |
|
|
Assess security implications. Considerations include physical security, certificate services, SID history, and evaluating post-migration security risks |
|
Identify upgrade paths. Considerations include O/S version and service packs |
|
|
Develop a recovery plan. Considerations include Security Account Manger, WINS, DHCP, and DNS |
|
|
Upgrade the PDC, the BDCs, the application servers, and the RAS servers |
|
|
Implement system policies as Group Policies |
|
|
Implement replication bridges as necessary |
|
|
Decide when to switch to native mode |
|
|
If necessary, develop a procedure for restructuring. Create a Windows 2000 target domain, if necessary |
|
|
|
Create trusts as necessary |
|
|
Create OUs |
|
|
Create sites |
|
|
Reapply account policies and user rights in the Windows 2000 Group Policy |
|
Plan for migration |
|
|
|
Migrate groups and users |
|
|
Migrate local groups and computer accounts |
|
Verify the functionality of Exchange. Considerations include service accounts and mailboxes |
|
|
|
Map mailboxes |
|
Test the deployment |
|
|
Implement disaster recovery plans |
|
|
|
Have a plan to restore to a pre-migration environment |
|
Perform post-migration tasks |
|
|
|
Redefine DACLS |
|
|
Back up source domains |
|
|
Decommission source domains and redeploy domain controllers |
|
Other |
|
|
Other |
|
|
Other |
|
|