PlayUKlottery.com - win up to 42 million Pounds
Lesson 2: Establishing the Root Domain

Cover
LOC Page
About This Book
Chapter and Appendix Overview
Getting Started
The Microsoft Certified Professional Program
Technical Support
Chapter 1 -- The Microsoft Windows 2000 Platform
Lesson 1: Overview of the Windows 2000 Platform
Lesson 2: Windows 2000 Professional
Lesson 3: Windows 2000 Server
Lesson 4: Windows 2000 Advanced Server and Windows 2000 Datacenter Server
Review
Chapter 2 -- Installing Windows 2000
Lesson 1: Preparing to Install
Lesson 2: Installing Windows 2000 from a CD-ROM
Lesson 3: Installing Windows 2000 over the Network
Lesson 4: Troubleshooting Windows 2000 Setup
Review
Chapter 3 -- Configuring the DNS Service
Lesson 1: Understanding DNS
Lesson 2: Resolving Names
Lesson 3: Installing the DNS Service
Lesson 4: Configuring the DNS Service
Lesson 5: Configuring a DNS Client
Lesson 6: Troubleshooting the DNS Service
Review
Chapter 4 -- Implementing Active Directory Directory Services
Lesson 1: Introduction to Active Directory Directory Services
Lesson 2: Active Directory Structure and Site Replication
Lesson 3: Active Directory Concepts
Lesson 4: Introduction to Planning
Lesson 5: Installing Active Directory Directory Services
Lesson 6: Configuring Active Directory Replication
Review
Chapter 5 -- Administering Active Directory Directory Services
Lesson 1: Creating Organizational Units
Lesson 2: Creating User and Computer Accounts
Lesson 3: Managing Groups
Lesson 4: Controlling Access to Active Directory Objects
Review
Chapter 6 -- Managing Desktop Environments with Group Policy
Lesson 1: Understanding Group Policy
Lesson 2: Applying Group Policy
Lesson 3: Configuring Group Policy
Review
Chapter 7 -- Managing Software by Using Group Policy
Lesson 1: Introducing the Software Installation and Maintenance Technology
Lesson 2: Deploying Software
Lesson 3: Upgrading Software
Lesson 4: Managing Software
Review
Chapter 8 -- Managing File Resources
Lesson 1: Sharing and Publishing File Resources
Lesson 2: Administering Shared Folders by Using Dfs
Lesson 3: Using NTFS Special Access Permissions
Lesson 4: Managing Disk Quotas on NTFS Volumes
Lesson 5: Increasing Security with EFS
Lesson 6: Using Disk Defragmenter
Review
Chapter 9 -- Configuring Remote Access
Lesson 1: Understanding the New Authentication Protocols in Windows 2000
Lesson 2: Configuring Inbound Connections
Lesson 3: Configuring Outbound Connections
Lesson 4: Examining Remote Access Policies
Lesson 5: Creating a Remote Access Policy
Review
Chapter 10 -- Supporting DHCP and WINS
Lesson 1: New DHCP Functionality
Lesson 2: New WINS Functionality
Review
Chapter 11 -- Managing Disks
Lesson 1: Introduction to Disk Management
Lesson 2: Common Disk Management Tasks
Review
Chapter 12 -- Implementing Disaster Protection
Lesson 1: Using Fault-Tolerant Volumes
Lesson 2: Using Advanced Startup Options
Lesson 3: Using the Recovery Console
Lesson 4: Using the Backup Utility
Lesson 5: Performing an Emergency Repair
Review
Chapter 13 -- Upgrading a Network to Windows 2000
Lesson 1: Planning a Network Upgrade
Lesson 2: Establishing the Root Domain
Lesson 3: Upgrading Domain Controllers and Member Servers
Lesson 4: Upgrading Client Operating Systems
Review
Chapter 14 -- Using Remote Installation Services
Lesson 1: Performing Remote Installations
Lesson 2: Creating Distribution Servers
Review
Appendix A -- Questions and Answers
Appendix B -- Creating Setup Disks
About This Electronic Book
About Microsoft Press


[Previous] [Next]

Lesson 2: Establishing the Root Domain

The root domain in Active Directory directory services is the top branch of the enterprise namespace. Other domains in the tree are subdomains below the root domain. All other domains refer to the root domain as the root of the enterprise. If you fail to plan and establish the root domain correctly, you can compromise your network structure from the beginning. For example, if you use the incorrect root name, all child domains will inherit this incorrect name as part of their name.

After you have planned your network upgrade, the first step in upgrading your network to Windows 2000 is to establish the root domain. There are two options for establishing the root domain:

  • Migrate an existing Windows NT 4.0 domain to a Windows 2000 root domain.

  • Create a new Windows 2000 root domain.

The option you use depends on the domain model you use in your existing Windows NT 4.0 network.

After this lesson, you will be able to

  • Determine whether to migrate an existing domain to a root domain or to create a new root domain for a Windows 2000 network.

Estimated lesson time: 10 minutes

Migrating an Existing Domain to a New Root Domain

You upgrade an existing domain to serve as the new root domain when your existing Windows NT 4.0 network uses one of these two domain models:

  • Single domain model

  • Single master domain model

In these two models, user accounts and global groups are created in a single domain, called the master domain. In the single master domain model, only computer accounts and resources are created in the resource domains. The resource domains trust the master domain.

Upgrading the Master Domain

When you upgrade the master domain to Active Directory directory services first, it forms the root of a new domain tree. In the single master domain model, you then upgrade the resource domains to become child domains of the root domain.

Migrating Objects to Active Directory Directory Services

The following objects migrate from Windows NT to Active Directory directory services during an upgrade:

  • User accounts migrate to the users container.

  • Computer accounts migrate to the computers container.

  • Global groups migrate to the users container.

  • Local groups migrate to the users container.

  • Built-in groups migrate to the built-in container.

  • Permissions for the NTFS file system files, printers, and local groups.

Creating Organizational Units

In Windows NT 4.0, administrators used domains to manage users and delegate administrative control. In Windows 2000, administrators use OUs to organize computers and users, delegate authority, and manage group policy.

Your OU structure can model your organizational, geopolitical, or administrative structure. Combine objects into a logical hierarchy of OUs that represent either of the following for your company:

  • Organizational model. This model is based on departmental or geographical boundaries. For example, company A is organized into departments and has a research department, a development department, and a sales department. In this company, the administrators use different computer settings and deploy different applications for each department. You would create a Research OU, a Development OU, and a Sales OU, and you would place users and computers into these OUs as relevant. You would then use group policy to administer these settings and distribute applications.

  • Administrative model. This model is based on which administrators are responsible for managing specific users and resources across the network. For example, company B uses separate IS managers for each location in the company. The IS managers in each location manage the users and computers in that location. You would create organizational units for each location and move the users and computers into these OUs. You would then delegate administrative control of those OUs to the appropriate IS managers.

To improve management and administration of users and computers in your company, examine your organizational structure, and then create OUs in the upgraded master domain to meet your business requirements.

Creating a New Root Domain

You create a new root domain for your Windows 2000 network when your existing Windows NT 4.0 network uses one of the following two domain models:

  • Multiple master domain model

  • Complete trust model

With these models, more than one domain contains user accounts and global groups. Therefore, you must establish a new root domain, and then upgrade the master domains to be children of this new root domain.

You can also upgrade these domain models to a forest with multiple disjointed namespaces. However, this would only be a viable option in an organization with many separate companies that had little need for intercommunication.

NOTE
You must have two or more domain controllers in the root domain of your organization. If you only have one domain controller in the root domain of your organization and that domain controller fails after you migrate other child domains, you cannot run the Active Directory Installation wizard again to create a new domain controller for the root domain. In case of a failure such as this, you would have to restore the domain controller from backup or re-create your entire Active Directory structure.

Lesson Summary

The root domain in Active Directory directory services is the top branch of the enterprise namespace. All other domains in the tree are subdomains below the root domain and refer to the root domain as the root of the enterprise. If you fail to plan and establish the root domain correctly, you can compromise your network structure from the beginning.

After you have planned your network upgrade, the first step in upgrading your network to Windows 2000 is to establish the root domain. You can migrate an existing Windows NT 4.0 domain to a Windows 2000 root domain, or you can create a new Windows 2000 root domain. You upgrade an existing domain to serve as the new root domain when your existing Windows NT 4.0 network uses the single domain model or the single master domain model.

You create a new root domain for your Windows 2000 network when your existing Windows NT 4.0 network uses either the multiple master domain model or the complete trust model. With these models, more than one domain contains user accounts and global groups. Therefore, you must establish a new root domain, and then upgrade the master domains to be children of this new root domain.