活动目录设计(九)
A.1.1.1 Overview
The Asian Zone Administration Model relies on of several layers of administration scope which have to be considered:
-
Whole Asian Zone (Forest Federation) -
-
-
-
Store or other remote locations
The Forest Federation scope of operations cover:
-
The operations required to maintain the DNS records that allow the Active Directory forest to communicate with each other. -
Enforcement of Group Principles and Security Standards.
The Zone Data Center scope of operations cover:
The operations on the resources placed in the Zone Data Center and owned by the Country.
The Country wide service scope of operations cover:
-
The operations required to maintain the Active Directory infrastructure services in the Forest/Domain. -
The administration of the Domain Controllers in the country Forest/Domain. -
The support operations provided to the stores, the remote locations and all users in the Countries.
The Head Office scope of operations cover:
-
The operations on all objects belonging to the Head Office: users, groups. -
The operations on all resources belonging to the Head Office: workstations and member servers.
The Store/remote location scope of operations cover:
-
The operations on the objects belonging to the location whose management has been delegated to a local IT team. -
The operations on the resources belonging to the location whose management has been delegated to a local IT team.
Head Office and Stores use an Organizational Unit hierarchy to place and store the related objects.
The OU hierarchy provides a level of Administrative power similar to a legacy domain attached to a physical site.
-
Store administrators in the OU hierarchy have full administrative rights on all the delegated objects under the Entity OU hierarchy. -
Administrators from the other stores cannot modify the objects in the Store OU hierarchy. -
Store administrators are granted full administrative rights on the workstations and servers they manage.
| | Administration Scope | Operations |
| Forest Federation | 
| DNS root infrastructure configuration Forest Audit Group Principles Application |
| Country Forest/Domain | 
| Site Topology and Replication Schema change Trust relationship creation Active Directory Site creation/deletion DHCP Server authorization & management DNS Management Group Policies Domain Controller Installation, backup/restore Forest Disaster recovery Domain Disaster recovery |
| Head Office Common Services | 
| Helpdesk Support User via remote control Deploy packaged Software Deploy Hotfix, system update Inventory Hardware/Software Create user accounts Create groups Manage group membership |
| Head Office, Stores aka “Entity” local Services | 
| Install a workstation Install non packaged Software Configure user environment Locally support a user Install a member server Configure File/Print Service Local Server administration Desktops and Laptops administration Member Server Backup/Restore |