Benefits and Use Cases for Microsoft Active Directory

Objectives 

Scalability and Extensibility: With organizational requirements, an application may need to be extended for its support. This is where AD stands prolific. With the increasing IT resources, Active Directory can be functionality gets extended to manage 100 to 1000s of computers in a domain.

Comprehensive Network Management : Windows Active Directory is superb in terms of managing network related tasks. The Group Policy function of AD allows the system administrator to configure tough security policies to manage network resources. Windows Active Directory is designed to help management large networks in an easiest and time-saving manner. While using it to manage organizational resources, you can create as many user groups, computer groups, etc. in it to reduce the number of domains.

Full support for long queries: With AD, you do not need to know which resource is available at which server. In order words, you do not need to go in depth of topology know-how. You have to type your query to get and manage the relevant information.

Effective Organization of IT Resources: Windows Active Directory offers a place for flawless and systematic organization of organization’s IT resources, which means less hard work but prolific output.

Benefits

  • Single Sign On to all in house applications.
  • Prevention against unauthorized installation of software that might infringe licensing and/or copyright laws.
  • Centralized License management.
  • Remote software installation allowing for more timely software upgrades, patches, and updates.
  • Protecting unauthorized usage of internet bandwidth.
  • Ability to share data within departments via controlled departmental shares.
  • Preventing access of unauthorized external devices, e.g., usb drives, hard drives, etc.
  • Access to shared central network disk storage.
  • Easier and managed access to network services (printers, file servers, etc.).
  • Remote software installation allowing for more timely software upgrades, patches, and updates.

Prerequisites for Active Directory implementation

The below are the prerequisites for the Active Directory, DHCP and Windows Server Update Services (WSUS) implementation

  • 2 Mbps of Internet and Intranet connectivity (MPLS, VPN etc)
  • 2 nos 1 gbps network connectivity for all the Active Directory servers
  • Firewall policies for AD traffics
  • Antivirus license for all the AD servers
  • User contact details
  • Policies that needed to be implemented on AD users after the discussion with the customer itself.
  • Backup policies needed to be planed for AD servers after the discussion with the customer itself.
  • The OS of the client computers should be Windows (7, 8.1, 10) & MAC. For linux clients or servers additional services installation are required.
  • Print server for direct printing could only be possible if there was a network printer.
  • The existing VLAN may need to be reassign if group wise GPO implemented.
  • For WAN users FTP will be reachable with respective user permission.
  • If any client computer is already having local data, then please keep back up before joining in newly implemented AD domain.

Scope of work for Active Directory server

This scope of work is applicable for the Main Domain Controller (DC) server, the Additional Domain Controller (ADC) server. Only the in-house endpoint devices are part of this scope.

 The Hardware Part

  • Server hardware installation and mounting if required.
  • Server hardware RAID configuration.
  • Logical drive creation (RAID Level).
  • Server firmware update.
  • Installation Test
  • Power on Test
  • System Handover

Windows server

  • Conduct site check with customer designated personnel if required.
  • Product Unpack and Inspection
  • Unpack and inspect for damage (setup media and license copy if any).

Server Operating System installation

  • Windows Server installation.
  • Server Disk partitioning.
  • IP Address assigning.
  • Apply latest OS security & service patches.
  • Drivers update.

Installation and configuration of Active Directory Roles and Features

  • Creating Domain Controller
  • Domain member server setup for 3 nos ADC
  • Install & configure Domain controller role
  • Creating and configuring DNS
  • Creating and configuring DHCP
  • Creating and configuring File Server
  • Define DHCP scope
  • Creating new domain Group.
  • User creation
  • LDAP configuration and integration with existing UTM
  • Configuring user base authentication of local data
  • Configuring user base authentication of external storage / media drive.
  • Installation and Configuration of FTP site.

The output after implementing Active Directory, DHCP & WSUS

  • Single sign on.
  • Protecting unauthorized usage of internet bandwidth.
  • Prevention against unauthorized installation of software.
  • Preventing access of unauthorized external devices, e.g., usb drives, hard drives, etc.
  • Access to shared central network disk storage.
  • Ability to share data within departments via controlled departmental shares.
  • Easier and managed access to network services (printers, file servers, etc.).
  • Automatic IP fetching for WIFI users.
  • Remote software installation allowing for more timely software upgrades, patches, and updates.
  • Centralized license management.
  • Automatic security patch management.
  • Cost effectiveness in terms of cutting down on number of processes required to serve our entire corporate user base. Decreasing redundant processes allows for gaining time and saving resources, e.g., manpower, infrastructure and material resources, etc. This gain translates for superior quality of service which can be extended to each of our users.

Consideration

  • Configuration & testing of servers at Kolkata location.
  • Availability of user computer for attaching to AD Domain.
  • Finalization of Policy to be implemented before implementation.
  • Link availability & speed.

Use Case

  • Domain name- One forest can be used with multiple sub domains. Every in-house application server can be accessed using a sub domain name (IP based access is not mandatory) thus creating a simplified access to all domain resources.
  • Single email for multiple users- A unique identification is required for every user. AD creates a unique user id to identify every user and control their activities using group policy.
  • User profile migration- To stream line AD migration process, all user data (Desktop, Documents, Downloads) and outlook data file (ost, pst etc.) can be put onto different drive on the hdd. Local and Domain profile user can use the same outlook data file.
  • Remote user domain access- Remote users can access the local domain contents using the public IP mapped with domain controller.
  • Centralized backup- All user backup can be controlled and scheduled from centralized location in AD environment.
  • File, folder and printer distribution- Centralized file, folder and printer distribution simplifies resource management in AD environment.
Tags: ,