Direct Inward Dialing: +1 408 916 9393
Active Directory is the core of the IT infrastructure and the primary step to build a sound cybersecurity posture and stay compliant. To create the right infrastructure, it's important to follow some basic steps to avoid issues with configuration and security.
Keeping your Active Directory as simple as possible will help improve overall efficiency and will make the troubleshooting process easier. Designing a domain for every department may look desirable but it is generally recommended to run fewer effective domains. An alternative to creating domains for every department is to use organizational units (OU).
It is a good practice to have domain controllers running on dedicated servers (physical or virtual). Adding multiple roles to a domain controller can affect the performance, reduce security, and cause complications during backup and recovery of the server.
Most organizations start out with a carefully arranged Active Directory architecture. However, with time, Active Directory can grow rather complicated. To avoid this, it is prudent to plan in advance for eventual Active Directory growth. Even though it's hard to predict exactly how Active Directory will grow, some governance practices can be defined to dictate the structure that will be used when it does.
Sticking to standard naming formats for AD objects will make troubleshooting much easier. Define a naming convention before building your infrastructure, users, clients, servers, devices, groups, and shares in the network.
Having a migration strategy in place is an integral part of your overall design plan to counter any possible failure. This involves studying the current or proposed configuration details and categorizing the aspects of the domain that will be migrated.
The primary responsibility of the domain controllers is to authenticate and validate user access to the network. To ensure that services are not interrupted, it is critical to deploy a sufficient number of domain controllers.
Large networks often require multiple Active Directory sites. The site topology should mirror the network topology. The parts of the network that are connected should be placed within a single site.
Organizations usually have multiple domain controllers as a backup mechanism in case one of the domain controllers fails. However, this redundancy is often bypassed by server virtualization. Sometimes, organizations place all their virtualized domain controllers onto a single virtualization host server. So if that host server fails, all the domain controllers will be affected, too.
Besides planning the Active Directory structure upfront, a good management plan should also be in place. Who will administrator Active Directory? Will the responsibilities be divided according to the domain or an OU? These types of management decisions must be made before actually setting up domain controllers.
Active Directory is designed to be flexible, and it is possible to perform major restructuring of it without downtime or data loss. However, on some occasions, a restructuring process has resulted in some Active Directory objects being corrupted, especially when moving objects between domain controllers running differing versions of Windows Server.
An important attribute of the Active Directory domain controllers is their memory space. It's recommended to set aside twice as much memory as the AD database size on the disk. With sufficient memory, the Active Directory server is far less dependent on disk access and performance is immensely improved with faster, problem-free authentication of users.
ADManager Plus is an integrated AD, Exchange Server, Microsoft 365, Skype for Business (Lync), and Google Workspace management and reporting solution. This tool allows you to securely delegate OU- and group-based AD tasks to help desk technicians. It also offers customizable workflows to help you streamline and monitor the execution of AD tasks, and automate critical tasks and routines.
