PUBLISHED BY
Microsoft Press
A Division of Microsoft Corporation
One Microsoft Way
Redmond, Washington 98052-6399
Copyright © 2004 by Microsoft Corporation
All rights reserved. No part of the contents of this book may be reproduced or transmitted in any form or
by any means without the written permission of the publisher.
Library of Congress Cataloging-in-Publication Data pending.
Printed and bound in the United States of America.
1 2 3 4 5 6 7 8 9 QWT 8 7 6 5 4 3
Distributed in Canada by H.B. Fenn and Company Ltd.
A CIP catalogue record for this book is available from the British Library.
Microsoft Press books are available through booksellers and distributors worldwide. For further informa-
tion about international editions, contact your local Microsoft Corporation office or contact Microsoft
Press International directly at fax (425) 936-7329. Visit our Web site at www.microsoft.com/mspress. Send
comments to
Active Directory, Microsoft, Microsoft Press, Windows, the Windows logo, Windows Server, and
Windows NT are either registered trademarks or trademarks of Microsoft Corporation in the United States
and/or other countries. Other product and company names mentioned herein may be the trademarks of
their respective owners.
The example companies, organizations, products, domain names, e-mail addresses, logos, people,
places, and events depicted herein are fictitious. No association with any real company, organiza-
tion, product, domain name, e-mail address, logo, person, place, or event is intended or should be
inferred.
Acquisitions Editor: Kathy Harding
Project Manager: Julie Pickering
Technical Editor: Tony Northrup
Body Part No. X10-09386
For my wife, Susan

1
2
3
4
5
6
7
8
9
10
Contents at a Glance
Introduction to Active Directory and Network Infrastructure . . . . . . . . . 1-1€
Analyzing an Existing Infrastructure . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-1€
Planning an Active Directory Structure. . . . . . . . . . . . . . . . . . . . . . . . . . 3-1€
Designing an Administrative Security Structure . . . . . . . . . . . . . . . . . . . 4-1€
Designing a Site Plan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-1€
Designing a DNS Structure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-1€
Designing a WINS Structure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-1€
Designing a Network and Routing Infrastructure . . . . . . . . . . . . . . . . . 8-1€
Designing Internet Connectivity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-1€
Designing a Remote Access Strategy . . . . . . . . . . . . . . . . . . . . . . . . . 10-1€
Glossary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . G-1€
vi Contents at a Glance
Practices
Analyze the Existing Directory Structure. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-24
Creating a Forest and Domain Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-12
Designing an Organizational Unit Structure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-18
Planning an Account Strategy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-30
Designing a Group Policy Implementation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-40

Planning Domain Controllers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-19
Creating a Site Design and Replication Strategy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-29
Designing a DNS Namespace for Forests and Domains. . . . . . . . . . . . . . . . . . . . . . . . 6-21
Designing a DNS Infrastructure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-33
Designing a WINS Replication Strategy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-25
Creating an IP Addressing Scheme. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-13
Creating a DHCP Strategy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-32
Designing a NAT Strategy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-23
Designing Wireless Network Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-15
Designing a Remote Access Infrastructure. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-22
Designing Security for Remote Access Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-32
Tables
Table 1-1: Common Top-Level Domain Names . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-22
Table 1-2: DNS Resource Records . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-27
Table 1-3: IP Address Classes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-35
Table 1-4: Custom Subnet Mask Values . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-37
Table 4-1: Group Scopes and Functionalities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-28
Table 4-2: Administrative Template Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-34
Table 5-1: Recommended Site-Link Costs by Available Bandwidth . . . . . . . . . . . . . . . 5-26
Table 6-1: DNS Resource Records . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-4
Table 6-2: Top-Level Domains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-11
Table 7-1: Microsoft Component NetBIOS Unique Names . . . . . . . . . . . . . . . . . . . . . . . 7-3
Table 7-2: Microsoft Component NetBIOS Group Names . . . . . . . . . . . . . . . . . . . . . . . . 7-3
Table 7-3: NetBIOS Node Types. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-4
Table 7-4: WINS Server Functions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-7
Table 8-1: Address Classes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-5
Table 8-2: Private and Reserved IP Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-7
Table 8-3: Default Subnet Masks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-8
Table 8-4: Class A Subnetted Network ID . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-11
Table 8-5: Class B Subnetted Network ID . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-12

Table 8-6: Class C Subnetted Network ID . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-13
Table 8-7: Additional Configuration Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-26
Contents at a Glance vii
Table 8-8: DHCP Test Server Functions and Volume Handled . . . . . . . . . . . . . . . . . . . 8-30
Table 8-9: Client Support
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-31
Table 9-1: Private Network Addressing
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-12
Table 9-2: Network Address Translation Session Mapping Table
. . . . . . . . . . . . . . . . . 9-13
Table 10-1: User Account Dial-In Permissions
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-5
Table 10-2: Wireless Standards .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-6
Table 10-3: Authentication Methods
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-10
Table 10-4: Network Access Server Resource Usage.
. . . . . . . . . . . . . . . . . . . . . . . . 10-20
Table 10-5: Remote Access Policy Conditions
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-25
Case Scenario Exercises
Chapter 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-27
Chapter 3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-24
Chapter 4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-43
Chapter 5 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-36
Chapter 6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-35
Chapter 7 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-27
Chapter 8 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-34
Chapter 9 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-26
Chapter 10 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-34


Contents
About This Book . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxi
Intended Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxi
Prerequisites
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxi
About the CD-ROM
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxii
Features of This Book
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxii
Chapter and Appendix Overview
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxii
Reader Aids
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxiii
Notational Conventions
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxiv
Getting Started . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxiv
Hardware Requirements
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxiv
Software Requirements
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxiv
Setup Instructions
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxv
The Readiness Review Suite
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxv
The eBook
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxv
The Microsoft Certified Professional Program . . . . . . . . . . . . . . . . . . . . . . . . . xxvi
Microsoft Certification Benefits
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxvi

Requirements for Becoming a Microsoft Certified Professional
. . . . . . . . . . xxvii
Technical Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxviii
Evaluation Edition Software Support
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxviii
1 Introduction to Active Directory and Network Infrastructure 1-1
Why This Chapter Matters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-1
Before You Begin
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1
Lesson 1: Active Directory Overview
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2
What Is Active Directory? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2
The Logical Active Directory Structure
. . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-5
Trust Relationships
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-9
Partitioning the Active Directory Database
. . . . . . . . . . . . . . . . . . . . . . . . 1-12
The Physical Network Structure
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-12
Lesson Review
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-17
Lesson Summary
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-17
Lesson 2: Domain Name System Overview . . . . . . . . . . . . . . . . . . . . . . . . . 1-19
Name Resolution
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-19
Understanding DNS
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-20
How Active Directory Uses DNS

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-28
Lesson Review
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-28
Lesson Summary
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-29
ix€
x Contents
Lesson 3: TCP/IP Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-30
TCP/IP Architecture
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-30
IP Addressing
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-34
IP Routing
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-38
Automatic IP Address Assignment Using DHCP
. . . . . . . . . . . . . . . . . . . . 1-39
Lesson Review
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-40
Lesson Summary
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-41
Lesson 4: Remote Access Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-42
What Remote Access Provides
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-42
Remote Access Connection Methods
. . . . . . . . . . . . . . . . . . . . . . . . . . . 1-42
Protocols Used by Routing And Remote Access
. . . . . . . . . . . . . . . . . . . . 1-43
Remote Access Security
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-44
Lesson Review

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-46
Lesson Summary
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-47
Chapter Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-47
Exam Highlights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-49
Key Points
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-49
Key Terms
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-50
Questions and Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-51
2 Analyzing an Existing Infrastructure 2-1
Why This Chapter Matters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-2
Before You Begin
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-2
Lesson 1: Analyzing the Company
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-3
Geographical Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-3
Information Flow
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-8
Analyze the Current Administration Model
. . . . . . . . . . . . . . . . . . . . . . . . 2-10
Future Plans
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-11
Lesson Review
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-11
Lesson Summary
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-11
Lesson 2: Analyzing the Existing Network Topology . . . . . . . . . . . . . . . . . . . . 2-12
Network Environment
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-12

Servers and Workstations
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-13
Analyzing Performance Requirements
. . . . . . . . . . . . . . . . . . . . . . . . . . . 2-15
Lesson Review
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-16
Lesson Summary
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-17
Lesson 3: Analyzing the Existing Directory Structure . . . . . . . . . . . . . . . . . . . 2-18
Analyze an Existing Windows 2000 Infrastructure
. . . . . . . . . . . . . . . . . . 2-18
Analyze an Existing Windows NT 4.0 Infrastructure
. . . . . . . . . . . . . . . . . 2-21
Windows 2003 Functional Levels
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-23
Practice: Analyze the Existing Directory Structure
. . . . . . . . . . . . . . . . . . . 2-24
Contents xi€
Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-26
Lesson Summary
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-27
Case Scenario Exercise
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-27
Questions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-28
Chapter Summary
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-29
Exam Highlights
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-30
Key Points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-30
Key Terms

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-30
Questions and Answers
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-31
3 Planning an Active Directory Structure 3-1
Why This Chapter Matters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-1
Before You Begin
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-1
Lesson 1: Designing a Forest and Domain Model
. . . . . . . . . . . . . . . . . . . . . . 3-2
Using a Single Domain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-2
Using Multiple Domains
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-4
Using Multiple Trees Within a Forest
. . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-8
Using Multiple Forests
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-10
Practice: Creating a Forest and Domain Model
. . . . . . . . . . . . . . . . . . . . . 3-12
Lesson Review
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-14
Lesson Summary
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-15
Lesson 2: Defining a Naming Strategy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-16
Active Directory Naming and LDAP
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-16
Creating the Naming Strategy
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-19
Supporting Registered DNS Names
. . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-20
Choosing Domain Names

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-21
Naming Security Principals
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-22
Lesson Review
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-23
Lesson Summary
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-24
Case Scenario Exercise . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-24
Questions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-26
Chapter Summary
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-26
Exam Highlights
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-27
Key Points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-27
Key Terms
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-28
Questions and Answers
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-29
4 Designing an Administrative Security Structure 4-1
Why This Chapter Matters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-2
Before You Begin
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-2
xii Contents
Lesson 1: Designing an Organizational Unit Structure . . . . . . . . . . . . . . . . . . . 4-3
Understanding Organizational Units
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-3
Using OUs to Delegate Administrative Control .
. . . . . . . . . . . . . . . . . . . . . 4-4
Using OUs to Limit Object Visibility
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-9

Using OUs to Control Group Policy
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-10
Default Containers and OUs
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-11
Planning for Inheritance
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-12
Standard Models for OU Structure
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-12
Practice: Designing an Organizational Unit Structure
. . . . . . . . . . . . . . . . 4-18
Lesson Review
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-20
Lesson Summary
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-20
Lesson 2: Planning an Account Strategy . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-21
Types of Accounts
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-21
Planning Computer Accounts
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-22
Planning User Accounts
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-22
Planning Groups
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-26
Putting Users and Groups Together
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-29
Practice: Planning an Account Strategy
. . . . . . . . . . . . . . . . . . . . . . . . . . 4-30
Lesson Review
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-31
Lesson Summary

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-31
Lesson 3: Designing a Group Policy Implementation . . . . . . . . . . . . . . . . . . . 4-32
Understanding Group Policy
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-32
Planning a GPO Structure
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-37
Planning the Deployment of GPOs
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-38
Practice: Designing a Group Policy Implementation
. . . . . . . . . . . . . . . . . 4-40
Lesson Review
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-42
Lesson Summary
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-42
Case Scenario Exercise . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-43
Questions
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-44
Chapter Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-45
Exam Highlights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-46
Key Points
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-46
Key Terms
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-46
Questions and Answers
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-47
5 Designing a Site Plan 5-1
Why This Chapter Matters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-1
Before You Begin. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-2
Lesson 1: Designing a Site Topology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-3
Why Sites Are Used

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-3
Choosing Site Boundaries
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-6
Contents xiii€
Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-9
Lesson Summary
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-9
Lesson 2: Planning Domain Controllers . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-10
Planning Domain Controller Placement
. . . . . . . . . . . . . . . . . . . . . . . . . . 5-10
Planning Operations Masters Servers
. . . . . . . . . . . . . . . . . . . . . . . . . . . 5-13
Planning Global Catalog Servers
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-15
Planning Domain Controller Capacity
. . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-17
Practice: Planning Domain Controllers
. . . . . . . . . . . . . . . . . . . . . . . . . . . 5-19
Lesson Review
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-20
Lesson Summary
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-21
Lesson 3: Planning a Replication Strategy . . . . . . . . . . . . . . . . . . . . . . . . . . 5-22
The Replication Process
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-22
Site Links
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-24
Bridgehead Servers
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-28
Practice: Creating a Site Design and Replication Strategy

. . . . . . . . . . . . . 5-29
Lesson Review
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-31
Lesson Summary
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-32
Lesson 4: Designing a Migration Path . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-33
Migrating from Windows NT 4 Domains
. . . . . . . . . . . . . . . . . . . . . . . . . . 5-33
Migrating from Windows 2000 Domains
. . . . . . . . . . . . . . . . . . . . . . . . . 5-34
Lesson Review
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-35
Lesson Summary
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-35
Case Scenario Exercise . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-36
Questions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-37
Chapter Summary
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-38
Exam Highlights
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-39
Key Points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-39
Key Terms
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-40
Questions and Answers
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-41
6 Designing a DNS Structure 6-1
Why This Chapter Matters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-1
Before You Begin
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-2
Lesson 1: Analyzing the Existing DNS Implementation

. . . . . . . . . . . . . . . . . . . 6-3
DNS Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-3
Components of DNS
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-3
Lesson Review
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-9
Lesson Summary
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-9
Lesson 2: Designing a DNS Name Resolution Strategy . . . . . . . . . . . . . . . . . 6-10
Creating the Namespace Design
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-10
xiv Contents
Interoperability with Active Directory, DHCP, and WINS . . . . . . . . . . . . . . . 6-12
Active Directory Integration
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-12
Zone Requirements
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-15
DNS Security
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-17
Securing Replication Data
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-19
Interoperability with UNIX Berkeley Internet Name Domain (BIND)
. . . . . . 6-19
Practice: Designing a DNS Namespace for Forests and Domains
. . . . . . . 6-21
Lesson Review
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-23
Lesson Summary
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-24
Lesson 3: Designing a DNS Implementation . . . . . . . . . . . . . . . . . . . . . . . . . 6-25

Zone Storage
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-26
Lesson Review
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-28
Lesson Summary
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-28
Lesson 4: Designing a DNS Service Placement Strategy . . . . . . . . . . . . . . . . 6-29
Designing DNS Service Placement
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-29
Practice: Designing a DNS Infrastructure
. . . . . . . . . . . . . . . . . . . . . . . . . 6-33
Lesson Review
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-34
Lesson Summary
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-35
Case Scenario Exercise . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-35
Questions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-37
Chapter Summary
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-38
Exam Highlights
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-39
Key Points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-39
Key Terms
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-39
Questions and Answers
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-40
7 Designing a WINS Structure 7-1
Why This Chapter Matters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-1
Before You Begin
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-1

Lesson 1: Understanding WINS
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-2
WINS Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-2
WINS Components
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-7
WINS Database
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-11
WINS Database Files
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-12
Database Size
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-13
Lesson Review
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-13
Lesson Summary
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-14
Lesson 2: Designing a WINS Infrastructure . . . . . . . . . . . . . . . . . . . . . . . . . 7-15
Creating the Conceptual Design
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-15
Designing a NetBIOS Name Resolution Strategy
. . . . . . . . . . . . . . . . . . . 7-16
Lesson Review
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-21
Lesson Summary
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-21
Contents xv€
Lesson 3: Designing a WINS Replication Strategy . . . . . . . . . . . . . . . . . . . . 7-22
Creating a Replication Strategy
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-22
Deleting and Tombstoning Records
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-24

Securing Your WINS Infrastructure
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-25
Practice: Designing a WINS Replication Strategy
. . . . . . . . . . . . . . . . . . . 7-25
Lesson Review
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-26
Lesson Summary
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-27
Case Scenario Exercise . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-27
Questions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-28
Chapter Summary
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-29
Exam Highlights
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-30
Key Points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-30
Key Terms
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-31
Questions and Answers
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-32
8 Designing a Network and Routing Infrastructure 8-1
Why This Chapter Matters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-1
Before You Begin
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-2
Lesson 1: Creating an IP Addressing Scheme
. . . . . . . . . . . . . . . . . . . . . . . . . 8-3
Overview of Binary Numbers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-3
IP Addressing
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-5
Subnetting Your Network
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-9

Practice: Creating an IP Addressing Scheme
. . . . . . . . . . . . . . . . . . . . . . 8-13
Lesson Review
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-16
Lesson Summary
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-17
Lesson 2: Designing a Perimeter Network . . . . . . . . . . . . . . . . . . . . . . . . . . 8-18
Protecting Your Private Network
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-18
Documenting Your Perimeter Network
. . . . . . . . . . . . . . . . . . . . . . . . . . . 8-21
Lesson Review
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-22
Lesson Summary
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-23
Lesson 3: Understanding DHCP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-24
Overview of DHCP
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-24
Securing your DHCP Infrastructure
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-27
Lesson Review
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-27
Lesson Summary
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-28
Lesson 4: Creating a DHCP Strategy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-29
Designing a DHCP Addressing Scheme
. . . . . . . . . . . . . . . . . . . . . . . . . . 8-29
Supporting Various DHCP Clients
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-31
Practice: Creating a DHCP Strategy

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-32
Lesson Review
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-33
Lesson Summary
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-34
xvi Contents
Case Scenario Exercise . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-34
Questions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-35
Chapter Summary
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-36
Exam Highlights
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-37
Key Points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-37
Key Terms
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-38
Questions and Answers
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-39
9 Designing Internet Connectivity 9-1
Why This Chapter Matters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-1
Before You Begin
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-1
Lesson 1: Identifying Redundancy Requirements
. . . . . . . . . . . . . . . . . . . . . . . 9-2
Creating a Redundant Infrastructure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-2
Assessing Internet Service Providers
. . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-4
Lesson Review
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-6
Lesson Summary
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-7

Lesson 2: Identifying Bandwidth Requirements . . . . . . . . . . . . . . . . . . . . . . . . 9-8
Obtaining Bandwidth Requirements
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-8
Lesson Review
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-10
Lesson Summary
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-11
Lesson 3: Understanding NAT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-12
NAT Overview
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-12
Limitations of NAT
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-15
Lesson Review
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-16
Lesson Summary
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-17
Lesson 4: Designing a NAT Strategy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-18
Creating the Conceptual Design
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-18
NAT Servers
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-20
Securing Your NAT Solution
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-21
Practice: Designing a NAT Strategy
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-23
Lesson Review
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-25
Lesson Summary
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-26
Case Scenario Exercise . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-26

Questions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-27
Chapter Summary
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-28
Exam Highlights
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-29
Key Points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-29
Key Terms
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-30
Questions and Answers
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-31
Contents xvii€
10 Designing a Remote Access Strategy 10-1
Why This Chapter Matters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-1
Before You Begin
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-2
Lesson 1: Designing a Remote Access Strategy
. . . . . . . . . . . . . . . . . . . . . . 10-3
Remote Access Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-3
Components of Dial-Up Remote Access
. . . . . . . . . . . . . . . . . . . . . . . . . 10-3
Network Access Client
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-3
Network Access Server
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-8
Authentication Methods for Remote Access
. . . . . . . . . . . . . . . . . . . . . . 10-9
Virtual Private Networking Remote Access
. . . . . . . . . . . . . . . . . . . . . . 10-11
Creating the Conceptual Design
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-14

Practice: Designing Wireless Network Access
. . . . . . . . . . . . . . . . . . . . 10-15
Lesson Review
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-16
Lesson Summary
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-17
Lesson 2: Designing the Remote Access Infrastructure . . . . . . . . . . . . . . . . 10-18
Planning the Capacity of Your Remote Access Infrastructure
. . . . . . . . . . 10-18
Practice: Designing a Remote Access Infrastructure
. . . . . . . . . . . . . . . . 10-22
Lesson Review
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-23
Lesson Summary
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-24
Lesson 3: Designing Security for Remote Access Users . . . . . . . . . . . . . . . 10-25
Securing Your Remote Access Infrastructure
. . . . . . . . . . . . . . . . . . . . . 10-25
Using an Internet Authentication Service Server
. . . . . . . . . . . . . . . . . . 10-27
Practice: Designing Security for Remote Access Users
. . . . . . . . . . . . . . 10-32
Lesson Review
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-33
Lesson Summary
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-33
Case Scenario Exercise . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-34
Questions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-35
Chapter Summary
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-36

Exam Highlights
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-37
Key Points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-37
Key Terms
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-38
Questions and Answers
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-39
Glossary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . G-1
Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .I-1

Acknowledgments
It always makes me feel a little strange to say that I have written a book because it
takes the combined effort of a lot of people to put a book like this into your hands.
Foremost, I’d like to thank my coauthor, Mike Simpson, for all his work. He signed on
late in the project and did a great job. I’d also like to thank Tony Northrup for a won-
derful technical review.
I’d also like to thank the folks at Microsoft Press for guiding this book through its var-
ious stages. Kathy Harding, our acquisitions editor, showed her faith in the project and
in me. Julie Pickering, our project manager, worked hard to make sure that this book
is of the best quality and that it was published on schedule. I’d also like to thank Rajni
Gulati, Karen Szall, and Lori Kane for their help at various stages.
Finally, as always, I’d like to thank Neil Salkind and everyone else at StudioB for help-
ing put this project together.
Walter Glen
n
xix

About This Book
Welcome to MCSE Self-Paced Training Kit (Exam 70-297): Designing a Microsoft
Windows Server 2003 Active Directory and Network Infrastructure. This book teaches

you how to gather the network requirements for a business, how to analyze an existing
network, and how to design an Active Directory directory service and networking
infrastructure.
The first chapter of this book provides an overview of the technologies that you work
with on a Windows Server 2003 network. In subsequent chapters, you learn how to
design an Active Directory structure, which includes creating a forest and domain plan,
an organizational unit and administrative plan, and a site topology plan. The remaining
chapters teach you how to design a network infrastructure and focus on Domain Name
System, Windows Internet Naming System, routing, and remote access.
Note For more information about becoming a Microsoft Certified Professional, see the sec-
tion titled “The Microsoft Certified Professional Program” later in this introduction.
Intended Audience
This book was developed for information technology (IT) professionals who plan to
take the related Microsoft Certified Professional exam 70-297, “Designing a Microsoft
Windows Server 2003 Active Directory and Network Infrastructure,” as well as for IT
professionals who design, develop, and implement software solutions for Microsoft
Windows environments using Microsoft tools and technologies.
Note Exam skills tested are subject to change without prior notice and at the sole discre-
tion of Microsoft.
Prerequisites
This training kit requires that students have a solid understanding of the networking
technologies in Windows Server 2003. Although Chapter 1 provides an overview of
those technologies, you should have 12 to 18 months of experience administering
Windows technologies in a network environment.
xxi
xxii About This Book
About the CD-ROM
For your use, this book includes a Supplemental Course Materials CD-ROM that con-
tains a variety of informational aids to complement the book content, including:
■ The Microsoft Press Readiness Review Suite Powered by MeasureUp. This suite of

practice tests and objective reviews contains questions of varying degrees of com
-
plexity and offers multiple testing modes. You can assess your understanding of
the concepts presented in this book and use the results to develop a learning plan
that meets your needs.
■ An electronic version of this book (eBook). For information about using the
eBook, see the section “The eBook” later in this introduction.
■ An eBook of the Microsoft Encyclopedia of Networking, Second Edition. This
eBook provides complete and up-to-date reference material for networking.
■ Sample chapters from several Microsoft Press books. These chapters give you
additional information about Windows Server 2003 and introduce you to other
resources that are available from Microsoft Press.
A second CD-ROM contains a 180-day evaluation edition of Microsoft Windows Server
2003, Enterprise Edition.
Caution The 180-day evaluation edition provided with this training kit is not the full retail
product and is provided only for the purposes of training and evaluation. Microsoft Technical
Support does not support this evaluation edition.
For additional support information regarding this book and the CD-ROM (including
answers to commonly asked questions about installation and use), visit the Microsoft
Press Technical Support Web site at You
can also e-mail or send a letter to Microsoft Press, Attention:
Microsoft Press Technical Support, One Microsoft Way, Redmond, WA 98052-6399.
Features of This Book
Chapter and Appendix Overview
Each chapter identifies the exam objectives covered within the chapter, provides an
overview of why the topics matter by identifying how the information applies in the
real world, and lists any prerequisites that must be met to complete the lessons pre
-
sented in the chapter.
The chapters are divided into lessons. Lessons end with a summary of important con-

cepts and a set of review questions to test your knowledge of the material presented in
the lesson. Many lessons also include a practice exercise.
About This Book xxiii
After the lessons, you are given an opportunity to apply what you’ve learned in a case
scenario exercise. In this exercise, you work through a multistep solution for a realistic
case scenario. Each chapter concludes with a summary of important concepts and a
short section listing key topics and terms that you need to know before taking the
exam. A glossary of key terms used in the book follows the chapters.
Real World Helpful Information
You will find sidebars similar to this one that contain related information you
might find helpful. “Real World” sidebars contain specific information gained
through the experience of IT professionals just like you.
Reader Aids
Several types of reader aids appear throughout the training kit.
Tip contains methods of performing a task more quickly or in a less obvious way.
Note contains supplemental information.
Caution contains valuable information about possible loss of data; be sure to read this
information carefully.
Warning contains critical information about possible physical injury; be sure to read this
information carefully.
See Also contains references to other sources of information.
Security Alert highlights information you need to know to maximize security in your work
environment.
Exam Tip flags information you should know before taking the certification exam.
!
xxiv About This Book
Notational Conventions
The following conventions are used throughout this book.
■ Italic in syntax statements indicates placeholders for variable information. Italic is
also used for book titles.

■ Names of files and folders appear in title caps, except when you are to type them
directly. Unless otherwise indicated, you can use all lowercase letters when you
type a file name in a dialog box or at a command prompt.
■ File name extensions appear in all lowercase.
■ Acronyms appear in ALL UPPERCASE.
■ Bold type represents entries that you might type at a command prompt or in ini-
tialization files.
Getting Started
This training kit provides many chances for you to practice the design concepts it
teaches. The practices throughout this book are guided design activities and do not
require you to work on a computer. However, if you plan to use the evaluation soft-
ware, you can use this section to prepare the computer environment.
Hardware Requirements
The test computer must have the following minimum configuration. All hardware
should be on the Microsoft Server 2003 Hardware Compatibility List and should meet
the requirements listed at
sysreqs/. The following requirements apply to Windows Server 2003 Enterprise Edition.
■ Minimum CPU: 133 MHz for x86-based computers (733 MHz recommended)
and 733 MHz for Itanium-based computers
■ Minimum RAM: 128 MB (256 MB recommended)
■ Disk space for setup: 1.5 GB for x86-based computers and 2.0 GB for Itanium-
based computers
Software Requirements
A 180-day evaluation edition of Windows Server 2003, Enterprise Edition, is included
on the CD-ROM.
About This Book xxv
Caution The 180-day evaluation edition provided with this training kit is not the full retail
product and is provided only for the purposes of training and evaluation. Microsoft Technical
Support does not support these evaluation editions. For additional support information
regarding this book and the CD-ROMs (including answers to commonly asked questions about

installation and use), visit the Microsoft Press Technical Support Web site at http://
mspress.microsoft.com/mspress/support/. You can also e-mail or
send a letter to Microsoft Press, Attention: Microsoft Press Technical Support, One Microsoft
Way, Redmond, WA 98502-6399.
Setup Instructions
Set up your computer according to the manufacturer’s instructions. The following items
are included in the Windows Server 2003 Evaluation Kit:
■ Windows Server 2003, Enterprise Edition, CD-ROM
■ Windows Server 2003 Resource CD-ROM
■ A unique Product Key (required for installation)
■ Links to additional Web-based documentation
After you install Windows Server 2003 evaluation software, you have 14 days to acti-
vate the product. If you do not activate the product within 14 days of installation, you
will not be able to continue your evaluation until you activate it. None of your data will
be lost.
The Readiness Review Suite
The CD-ROM includes a practice test made up of 300 sample exam questions. Use
these tools to reinforce your learning and to identify any areas in which you need to
gain more experience before taking the exam.
 To install the practice test
1. Insert the Supplemental CD-ROM into your CD-ROM drive.
Note If AutoRun is disabled on your machine, refer to the Readme.txt file on the CD-ROM.
2. Click Readiness Review Suite on the user interface menu.
The eBook
The CD-ROM includes an electronic version of the Training Kit. The eBook is in porta-
ble document format (PDF) and can be viewed using Adobe Acrobat Reader.