You can download the solution to the following question for free. For further assistance in Computer Network assignments please check our offerings in Accounting assignment solutions. Our subject-matter experts provide online assignment help to Accounting students from across the world and deliver plagiarism free solution with free Grammarly report with every solution.
(ExpertAssignmentHelp does not recommend anyone to use this sample as their own work.)
ATE Consult Pte Ltd is a small consultancy firm located in Charlestown. ATE Consult's IT resources span a number of Windows 7 machines and a Windows Server 2008 server. You are hired as the IT consultant to design the Active Directory logical structure for ATE Consult.
The following requirements are given to you with respect to ATE Consult:
– There are four major categories of users: Consultants, Clients, Administration staff and IT Support staff
– All users should be able to logon to ATE Consult's resources except the physical server machine hosting the domain. Only IT Support staff and Domain Administrators can log onto the server locally.
– For security reasons, all users must use complex passwords (i.e at least 8 characters) when logging on the network.
– Create appropriate user groups to provide access to resources of different users groups.
– All users except the IT Support staff and Domain Administrators should be displayed a logon message when they login to ATE Consult network. The message should display 'As an user of ATE Consult's ICT resources, you agree to abide by ATE Consult's Computer
Use and Communication policies'.
– Shared folders are maintained in the file server. Two folders 'Consultant Resources' and 'AdminResources' needs to be maintained where Consultants and Administration staff members have read and write access to the folders respectively. Also, the shared folders must be mapped as network drives to be easily accessible for users when they log in.
– The IT Support Staff are able to manage user accounts and reset passwords for Consultants, Clients and Administration Staff.
ATE Consult will use a Windows Server 2008 R2 NOS for its primary DC. Design an Active Directory logical structure to support the above requirements. Illustrate your design using an appropriate diagram and also provide explanation of how your design meets each of the requirements stated above.
Review your requirements with our FREE Assignment Understanding Brief and avoid last minute chaos.
We provide you services from PhD experts from well known universities across the globe.
No more plagiarism worries. We give you a FREE Grammarly report with every assignment.
Our experts work round the clock to provide you with solutions before the scheduled deadline.
The following assumptions have been assumed for the purpose of this assignment:
• ATE Consult PTE Ltd has its operations only in Charlestown and they do not have any operations in any other country
• The IT Support Staff has been divided into 3 groups:
• IT Staff Grp-1: this group manages the user accounts and groups for all the employees of the company. It includes creating an account, maintaining it and resetting the password on user request.
• IT Staff Grp-2: This group has a task of managing the servers, volumes and network printers.
• Domain Administrators: This group contains a few members from the IT Support Staff. The members of this group are super-users for the domain. They have an administrative Access to all the User Accounts and Network resources.
What is an Active Directory Server
Active Directory (AD) is a directory service implemented by Microsoft for Windows domain networks. It provides a logical and a consistent database that stores the configuration information about the network and all network based resources – users, computers, files, printers, applications, shares etc. It plays an extremely important role in managing these network resources efficiently. It helps in defining the universal policies for all the resources in the domain from one secure, centralized location
It also plays an important role in securely authenticating the network users and resources prior to giving them access to these resources and manage the identities and relationships between them. (California Institute of Technology). When a computer joins a domain, the security settings as well as the domain configurations are pushed onto the new computer with the help of an Active Directory Server. (Wikipedia). On the other hand, when a user logs into a computer that is part of a Windows domain, he is authenticated at the Active Directory server and depending upon his authorization level, access privileges of the users are decided. Active Directory makes use of Lightweight Directory Access Protocol (LDAP) to implement the directory services and Kerberos Authentication Protocol for verifying the user's identity.
Active Directory Logical Structure
The logical structure of an Active Directory consists of mainly 4 components, namely – Forests, Trees, Domains and Organizational Units. Each of these 4 components has their specific functions which are defined here below:
An organizational unit (OU) is a collection of various objects being used in the domain – user accounts, groups, computers, printers, shared folders, and other OUs. It acts like a container for these objects and is used to organize/ administer these objects within a domain.Assigning Group Policy settings or delegating an administrative authority over sets of users, groups, and resources.
Access Control over an OU and the objects within it is determined by the access control lists (ACLs) designed for an OU and the associated objects in the OU (Microsoft (Technet-Article #727030))
The following screenshot shows the OU's created for different user categories belonging to a Corporation – Users belonging to the Accounts Department, Sales Department, Security Departments etc
Note: An organizational unit can contain objects belonging to its domain only and CANNOT contain objects from other domains.
Active Directory Domains
Active Directory Domains contain one or more organizational units arranged hierarchically. These OU's within a domain represent the logical structures within your organization and acts as a container for networked computers and other components like printers, servers and other network resources.
Domains are organized into parent-child relationships to form a hierarchy. A parent domain is the domain directly superior in the hierarchy to one or more subordinate, or child, domains. A child domain also can be the parent of one or more child domains.
A domain has its own security policy and defined security relationships with the other domains. These security policies and security trust-relationships are binding on all the objects within a domain.
It is a collection of domains having a common namespace, security trust relationships and are arranged in a hierarchical structure. The domains within a tree have a PARENT-CHILD relationship that guarantees an inherent trust among all the trees in the tree structure.
The following figure illustrates the Domain Tree structure for the ATE Consult Company. Assuming that the company has its operations in 2 cities each in – India, Australia, and UK. Hence the PARENT-CHILD Relationship is defined in the following table:
All domains that have a common root domain are said to form a contiguous namespace (that is, in a single tree). These domains have contiguous DNS domain names that are formed in the following way: The domain name of the child domain appears at the left, separated from the name of its parent domain to its right by a period. (Microsoft (Technet-Article #727030))
Hence, the Root Domain – ATEConsulting.com is sub-divided into 3 different PARENT DOMAINS
In the UK, the company has its operations in LONDON and BRISTOL cities, and hence their CHILD DOMAINS are defined as:
Similarly, Assuming that in India, the company has operations in PUNE and DELHI, the CHILD DOMAINS are defined as:
These child domains may be added due to many reasons, a few of those being:
• Discretely managing different organizations or providing unit identities
• Enforcing different security boundaries and password policies for different child domains.
• Better handling of a very large number of managed objects
• Decentralizing domain administration
NOTE: The parent-child relationship between domains in a domain tree is a naming relationship and a trust relationship only. Administrators in a parent domain are NOT automatically administrators of a child domain, and policies set in a parent domain DO NOT automatically apply to child domains. This implies Decentralized Domain Administration.
Active Directory Forests
A collection of two or more domain trees that share a number of common attributes – Schemas, Configurations, etc. but do not share the same namespace. A forest acts like a reference point between trees, and does not have its own name.
A Domain Forest may have different domain names or namespaces that may belong to different geographical boundaries. Domains within a forest share two-way transitive trust relationships that are established using the Microsoft version of Kerberos Authentication Method.
A typical example to illustrate this concept is that the (.com) Top Level DNS Domain Name is a Domain Forest that has different namespaces –
Namespace for Google : www.google.com,
Namespace for Company ABC: www.abc.com etc.
Similarly, another Top Level Domain (.edu) is a domain forest that has namespaces of the type – www.stratford.edu, www.abc.edu etc. The Following figure depicts a Domain Forest in a simple way.
NOTE: The main difference between an Active Directory Forest and an Active Directory Domain is that each forest has a security boundary that ensures that No administrators from outside the forest can gain an unauthorized access to information in the forest unless he is authorized by the administrators within the forest.
By contrast a domain does not have a security boundary. It implies that an administrator from one domain can easily gain an unauthorized access to another domain and access the data in their domain. (Active-Director-Logical-Structure)
A trust relationship is like a logical link that is established between the root domains of each domain tree having different namespaces. It implies that users in one domain are recognized by a domain controller in the other domain and hence access the resources in the other domain. However, the access to these resources can be controlled with the help of Access Control List configured by the domain administrator. Trust Relationship can be established between domains belonging to same or different Active Directory Forest.
The following scenario illustrates this concept in a simple manner. This is just an assumption to explain this concept
ATE Consulting has its Head Quarters and 2 Corporate Offices in different geographical locations and hence have different Domain Name Spaces –
Since the company's major operations are being handled in the headquarters, the root domains for the other domains (related to the Corporate Offices) – Corp1.ATEConsulting.com and Corp2.ATEConsulting.com have a transitive trust relationship with the root domain (HQ.ATEConsulting.com). This establishes trust across all the domain trees in the forest
Briefing the Components of AD Logical Structure
Forests Logical boundary for multiple trees
Trees Logical boundary for multiple domains
Domains Logical boundaries for objects
Organisational Units Like any other folder in Control of Active Directory
Objects user, computer, User Groups, printer etc
Sample Active Directory Logical Structure
Benefits of AD Logical Structure
• Logical Structure provides a consolidated domain structure and reduces administration costs.
• Logical Structure provides more network security as it restricts the access to resources to only the authorised Organisation Groups (OU).
• Logical structure simplifies the network management by administration, configuration and control of the network.
Designing Active Directory Logical Structure for ATEConsult Pte
Analysing the Requirements
The requirements stated in the scenario are analysed and identified them to be Configurational Requirements or Design Requirements.
Configurational Requirements are taken into consideration while configuring the ADS Server and
Design Requirements are taken into consideration while designing the ADS Logical Structure.
# Requirement Configurational Design
1 4 major categories of users having appropriate user groups
2 All users should be able to logon to ATE Consult's resources
3 Only IT Support staff & Domain Administrators can log onto server locally
4 All users must use complex passwords when logging on the network.
5 Configuration of a Customized Logon Banner
6 Two shared folders to be created for consultants and Administration Staff on the File Server
7 Consultants and Administration staff members have Read/Write access to folders respectively
8 Shared folders must be mapped as network drives to be easily accessible for users when they log in
9 IT Support Staff can manage user accounts and reset passwords for Consultants, Clients and Administration Staff
Top Level Active Directory Logical Structure for ATEConsulting
Low Level (Detailed) Active Directory Logical Structure for ATEConsulting