Active Directory Configuration 1

ACTIVE DIRECTORY CONFIGURATION 1

Active Directory Configuration

Name:

Institution:

Table of Contents

Introduction

Understanding Global Advertising, Inc (GAI)

Scope of Work

Server Management

• Operating System Installation and configuration

• Network Configuration

• Active Directory Installation

• Security Maintenance

Antivirus Installation:

Firewall creation:

Assumptions

Active Directory Infrastructure

• Describe features of Windows Server 2012 that will allow GAI to integrate the newly acquired company’s domain into their existing forest.

• How will Forest Functional Levels be implemented?

• How will cross-forest trusts be implemented?

• How will replication be handled?

• Read-Only Domain Controllers - how will they be used?

File and Storage Solutions

• Will BranchCache be used? Why/Why not?

• How can Dynamic Access Control benefit the organization?

• What about storage optimization?

Disaster Recovery

• How can Windows Server Backup be utilized?

• Will the organization use Volume Shadow Copies?

DNS and DHCP

• How had DHCP installation and authorization been implemented?

• Will DHCP reservations be used for servers?

• How will IPv6 be utilized?

• How will DNS be handled for the second site?

High Availability

• What implementation of Hyper-V would benefit GAI?

• Network Load Balancing

• Failover Clustering

Active Directory Certificate Services

• Will AD Certificate Services used in both domains need to be modified?

Active Directory Rights Management Services

• What use of AD Rights Management Services can be implemented?

Active Directory Federation Services

• AD Federation Services

Conclusion

References

Introduction

Generally, whenever there are any forms of restructuring done in an organization, different changes must always take place. The main areas that these changes are experienced to a wide extent are in the way the organization manages its information systems. The Information system is has a very wide coverage ranging from the smallest departments all the way to the top of the hierarchy. Any error in the system will always cause an utmost disruption to the activities of the entire organization. This paper outlines a proposal that will ensure that there are no errors in the organization’s network system, particularly in the Active Directory Configuration. It also gives a clear structure of how links between the head office in Houston, TX can be securely established with that of the offices of the newly acquired Media Guru Group based out of Richmond, VA.

Understanding Global Advertising, Inc (GAI)

According to the provided data on GAI, it is clear that the company now as two configuration sites that are not similar. This fact, therefore, makes it necessary to ensure compatibility of the configuration structures by creating media that will ensure that this difference in the configuration doesn’t cause any failures. The objective is to create an interface that will ensure that when the communication takes place, there is a conversion otherwise known as decoding and encoding happening at both ends that will ensure that the communication from the different domains (Windows server 2012 and 2008) are converted to a form that the relevant domain can easily understand. Because of the additional site, there are initial services that will have to take place first. The services are:

• A disaster recovery site must be established

• An Active Directory Additional Domain Controller must be installed and configured.

• Users must be configured to authenticate against the added Domain Controller

• Users must be rolled back to authenticate against the Primary Domain Controller.

The network devices such as the routers, the switches, and the network circuits will be located at the head office in Houston, TX; however, the site in Richmond will also have its network service though its main servers will be in Houston. This design will include healthy Active Directory replication between the two sites. The diagram below shows how the new Active Directory recovery domain controller will be implemented. It shows how the servers will be set up and how the communication will take place between these two organizations (Edge Jr & Smith, 2015).

Scope of Work

The work done in the design of the new directory system will be handled as follows

Server Management

• Operating System Installation and configuration

There will be an installation of the OS on the servers and hardware of GAI and also the creation of OS patch on those same servers and their hardware.

• Network Configuration

There will be a configuration of the IP-Addresses and relevant subnets on Windows Server (2008), for Media Guru Group and Windows server (2012), for the site in Houston, TX. The configuration will be based on the information provided by GAI on its operation structure and employee distribution. Based on the configured network a relevant NIC speed will be set accordingly. Since the networking equipment for both sites is already in place, the only issue would be to create a link that will ensure free communication. There will be network adapters that will have to be customized to meet the required network functionality. Local Area Network will have to be created as well as a Metropolitan Network structure that will ensure that the two sites have their information communicated efficiently (Gavrilov & Cheung, 2013).

• Active Directory Installation

The directory will have to be installed on the servers to manage the centralized activities of the departments. Since other organization departments will require privacy, they will have their domains configured with different directories to ensure they are the only ones that with authorized access. Those activities of the Finance department that they will want to be unique to them will go through the servers that are controlled by their administrators. The same will apply to any other department that wants privacy. The Active Directory will be configured on both servers on the R2 and R1 server for Houston and Richmond respectively. This means that the Domain Controller for Houston will be replicated in those for Media Guru Group in Richmond. The DNS servers will also be configured according to appropriate domain name space.

• Security Maintenance

In every organization, security of the information system is always a key concern. The organization must always ensure that the system is secure enough before it can commence the use of the system. The ways of ensuring that security is maintained through the following two huge amounts ways:

Antivirus Installation: This antivirus will be installed on the servers to ensure that any malware is kept out of the system. The antivirus will make sure that the files are kept from any potential threats especially since the definition files will be configured appropriately.

Firewall creation: Relevant firewall ports will be configured to ensure that the files are not vulnerable to hackers. Once the ports are established, they will always be kept functional according to the Active Directories of the two sites (Server et al. 2008).

Assumptions

The logical assumptions would be that the servers will be controlled entirely by GAI. They will be responsible for any technical problem that might arise as a result of misinformation that was relied on during the creation of the designed proposal. Another assumption is that the domain name space for both sites would certainly be the same though with different IP-Address. GAI will also provide the additional hardware and the license for the DNS.

Active Directory Infrastructure

• Describe features of Windows Server 2012 that will allow GAI to integrate the newly acquired company’s domain into their existing forest.

Some of the features that enable the integration are the availability of the Windows 2012 R2 that allows for its installation on a physical server or a virtual server and on an existing member server of any size. The server also allows for client deployment that allow for connection of the computer to a remote location; this will allow for the connection to the acquired organization computers. The next feature is the availability of a pre-configured auto-VPN dialing that will allow for the connection to a preexisting domain regardless of the server date. The office 365 availability make the server very beneficial to the organization both economically and technically. Technically, it has share-points that will allow its integration with the other existing domain. All the above features will see to it that there is a successful integration into the existing directory forest.

• How will Forest Functional Levels be implemented?

GAI will have to start by implementing the phased upgrade requirements. They will have to install a higher version of the servers in Media Guru Groups. They will ensure that the 2003 versions are all upgrade to 2008 R2 versions and the 2008 versions upgraded to 2012 versions to achieve a high functionality in their domains (Gavrilov & Cheung, 2013).

• How will cross-forest trusts be implemented?

Before implementing the trust, there must be synchronization of the system time, that is, a skew for the time must be set to match each domain systems. Then a DNS name resolution I provided between the two forests by configuring the secondary zones of the Media Guru DNS to be hosted on GAI servers and do the same for GAI on the Media Guru Group servers; this will ensure that the DNS of both corporations are defined on each server. The finally the trust can be implemented.

• How will replication be handled?

Replication can be handled through a multi-master replication which involves the creation of replicas by numerous computers in the servers. There, however, will be restrictions as to whom the rights of making updates are given.

• Read-Only Domain Controllers - how will they be used?

RODC service is one of the latest development or rather advancements made in the windows server 2008. They do not allow the administrators to make any changes to the information on it directly; instead, the needed updates are made on the writable servers then implemented in the RODC. The RODC makes it very safe for the organization to secure its data. Since there is no account information written on it directly, it becomes very hard for the hackers to get any information that might help them hack into the servers. The other advantage it has is that it will limit the number of those that will be able to make updates hence the data will always be kept at the required standards. They will be implemented at the domain level; in this case, it will ensure that the files are all secured at the point of intake. There will also be a proper storage space management (Hester & Henley, 2013).

File and Storage Solutions

• Will BranchCache be used? Why/Why not?

BranchCache will have to be used. The reason is that it will be needed to improve the data access of the essential information that is stored offsite. In the GAI server, whenever there is any information that is needed from Media Guru Group, this information will be considered as offsite information. The same applies to most of the essentials that the servers at Media Guru Need from Houston site. Another reason is that BranchCache acts as a wide area network (WAN) that will improve the bandwidth the information accessed. It also allows for the access of huge amounts of data; this is because it will be able to access data from the head office or the cloud host and make them available as caches when needed.

• How can Dynamic Access Control benefit the organization?

Dynamic Access Control is a way in which the management controls access to the organization files. Through DAC, the management can establish a clear classification of data that will see to it that the data is well managed as well as making the security auditing quite easy. It is through the DAC that there is cross-forest trust establishment. The DAC has the domain being established with rules that will only grant access to the authorized persons only; this is quite an advantage to the organization since it will ensure that the files are kept very safe. There will not be any unauthorized access because in attempts will be realized during the auditing and will attract penalties as per the organization's regulations. The benefits of DAC to the organization is ensuring the safety of the files and making sure that there is a level of reliability in any information of the organization

• What about storage optimization?

Storage optimization is the service where the administrators attempt to manage the storage space and ensure that no muck space is used up by irrelevant files. Administrators can use the file and storage services to manage the server storage and their multiple files. They can use the power-shell applications. The other way to ensure storage space management is through the utilization of the Deduplication service technique; this will ensure that data duplicate blocks are reduced to the very minimum amounts so as to store massive amounts of data than was previously possible. Data deduplication has proved very useful when combined with BranchCache especially since the same elimination of data duplicates is required over the WAN servers (Hester & Henley, 2013).

Disaster Recovery

• How can Windows Server Backup be utilized?

There are very many ways that the backup system can be used in an organization to ensure that the data is not lost in case of power shortage or any other technical error that might lead to the loss of information. The shadow backup is the main way of creating a backup system. Other ways of ensuring that data is backed up are through the use of cloud computing techniques and, external drives to store copies of the files on the servers.

• Will the organization use Volume Shadow Copies?

The organization will have to use the volume shadow copies to ensure that the data that is accidentally deleted can be easily retrieved in a safe mode. Another reason why it will have to be used is that an employee might accidentally overwrite a file necessitating the implementation of a recovery process of the original version of the file. Finally, the need to compare the files while still writing make this very necessary within the organization.

DNS and DHCP

• How had DHCP installation and authorization been implemented?

DHCP will first have to be created, configured then tested for any errors before it is implemented. Domain will have to be set.

• Will DHCP reservations be used for servers?

DHCP reservation will have to be created for other departments that wanted their activities to be only accessible by them; this will be done by creating for them a separate IP-address (Holme et al. 2008).

• How will IPv6 be utilized?

IPV6 is used to address the billions of transactions of the servers; this will ensure that the traffic is reduced. It also ensures that security is at the top. The security is maintained at the configuration level where a security audit is conducted at regular intervals automatically. There are also multiple firewalls that must be created to protect the servers from being hacked.

• How will DNS be handled for the second site?

For the second site, the DNS configuration will be done the same as the main site. The servers will be configured using different IP-address, and the namespace will be related, some servers will have to be upgraded to match those of GAI.

High Availability

• What implementation of Hyper-V would benefit GAI?

The hardware assisted Hyper-v six will ensure that all the functionality of the organization is kept at a high standard. They will also ensure that the organization is safe from other breaches.

• Network Load Balancing

The Network Load Balancing is a feature that helps distribute the network traffic across the servers using the TCP/IP protocol. NLB combines several computers that are running applications in a system to the single virtual cluster to provide high efficiency for webservers as well as other very critical servers. The servers found in an NLB are called hosts. The hosts are known to run separate copies of the server applications. In GAI, NLB will be necessary since it will help in ensuring that computers in the servers are addressed by the same set of IP addresses that are kept unique for each set of hosts (Minasi et al. 2013).

• Failover Clustering

Since there is no guarantee that the entire set of servers will always work as expected at all times, a failover clustering is necessary to ensure that in case one of the servers fails, the organization activities are not kept on hold. Failover clustering will bring the servers together and ensure that the applications are available to all servers.

Active Directory Certificate Services

• Will AD Certificate Services used in both domains need to be modified?