Re: Help with planning large AD structure and schema modifications
- From: Meinolf Weber [MVP-DS] <meiweb(nospam)@gmx.de>
- Date: Sat, 28 Feb 2009 19:53:10 +0000 (UTC)
Hello mkroska,
1. Nothing is built-in for that, you can use scripting for that, windows support lot's of scripting languages.
2.+3. You can create lot's of objects in AD, but how do you like to associate them to users? See here about limit's: http://technet.microsoft.com/en-us/library/cc756101.aspx
If you modify the schema it will be the same as the built-in ones, if you do it the correct way. See also here:
http://technet.microsoft.com/en-us/library/cc759633.aspx http://technet.microsoft.com/en-us/library/cc784557.aspx
Changes for users will be added to existing accounts.
4. See here about hardware planning and monitoring: http://technet.microsoft.com/en-us/library/cc728303.aspx http://technet.microsoft.com/en-us/library/cc787688.aspx http://technet.microsoft.com/en-us/library/cc739728.aspx
In this large network setup do not use DC's for other roles, let them do only there main task's, DNS/GC and maybe DHCP. Power intensiv applications like Exchange and SQL run on member servers also for RRAS use member servers.
5. We only use english, but i think it shouldn't be a problem.
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
Hi all--
I'm on a team for developing a solution for a new AD implementation
and need
help with a few planning questions.
Background:
This is a green-field: this will be rolled out from the ground up.
There will be a minimum of 3 new domains for web-front end traffic,
each in
a distinct forest with a one-way trust from the internal core domain.
The 3 new domains will represent Dev, Test and Prod. We chose to do
each on
a distinct domain since MOSS will be used heavily and we want to
separate the
databases, credentials and workloads.
The prod domain will be the largest (upwards of 100k objects and
growing).
Dev and Test will substantially smaller, so not as big of questions
about
scaling there.
We'd like to use AD for managing end-user accounts (customers) for
e-commerce; and we'll be transitioning our existing customer base from
a legacy database to AD.
Important Questions for Planning:
1. We may need the ability to pull all accounts updated in the last XX
amount of minutes. We were curious if AD has anything built-in to
support
this type of functionality.
2. Are there limitations to creating n-amount of complex objects
associated
with a user?
o Is there a difference between a built-in object like address and a
custom
created object type?
o How does defining a new object affect existing user accounts and
storage?
3. What are the ramifications of modifying an existing object?
o Is existing data dropped and re-created or does it extend the
object
cleanly?
4. How do we know when to scale the active directory server?
o When we hit a # of users?
o When resource utilization is high?
5. How does Active Directory support internationalization character
sets?
Please let me know if I can clarify any questions. Thank you very much
in
advance for any assistance or guidance.
Regards,
Mark
.
- References:
- Prev by Date: Re: not seeing invalid login attempts in event log
- Next by Date: Re: DC not authenticating local users
- Previous by thread: Re: Help with planning large AD structure and schema modifications
- Next by thread: Granting access via security group (user object vs. computer objec
- Index(es):
Relevant Pages
|
