how do i go about implementing a design based on this requirement Active Directo

Question

how do i go about implementing a design based on this requirement Active Directory Design . You are concerned about sensitive data store in this location. You want to deploy a highly developed OU structure to implement security policies uniformly through GPO automatically at all domains, OU, and workstations. At this location Windows Server 2016 is required providing the following AD features: • Use BitLocker encryption technology for devices (server and Work station) disc space and volume. • Enables a BitLocker system on a wired network to automatically unlock the system volume during boot (on capable Windows Server 2016 networks), reducing internal help desk call volumes for lost PINs. • Create group policies settings to enforce that either Used Disk Space Only or Full Encryption is used when BitLocker is enabled on a drive. • Enable BranchCache in Windows Server 2016 for substantial performance, manageability, scalability, and availability improvements • Implement Cache Encryption to store encrypted data by default. This allows you to ensure data security without using drive encryption technologies. • Implement Failover cluster services • Implement File classification infrastructure feature to provide automatic classification process. • IP Address Management (IPAM) is an entirely new feature in Windows Server 2016 that provides highly customizable administrative and monitoring capabilities for the IP address infrastructure on a corporate network. • Smart cards and their associated personal identification numbers (PINs) are an increasingly popular, reliable, and cost-effective form of two-factor authentication. With the right controls in place, a user must have the smart card and know the PIN to gain access to network resources. • Implement Windows Deployment Services to enables you to remotely deploy Windows operating systems. You can use it to set up new computers by using a network-based installation. Deliverables Deliverables • Create Active directory infrastructure to include recommended features • Create OU level for users and devices in their respective OU • Create Global, Universal, Local group.. Each global group will contain all users in the corresponding department. Membership in the universal group is restrictive and membership can be assigned on the basis of least privileged principle. (For design purpose, you can assume that WTC as a Single Forest with multiple domains). • Create appropriate GPO and GPO policies and determine where they will be applied.

Explanation / Answer

hi..

Introduction
With the Active Directory service of Windows® 2000, organizations can simplify user and resource management while creating a scalable, secure, and manageable infrastructure for deploying additional important and emerging technologies.
To help shorten planning cycles and ensure successful deployments Microsoft is publishing a series of scenario-based guides that provide prescriptive, task-based, and solution-oriented guidance.
The Best Practice Active Directory Design for Managing Windows Networks and its companion guide, Best Practice Active Directory Deployment for Managing Windows Networks, are part of this series. These guides provide a structured approach to designing and deploying Active Directory. Without this structured approach, implementing Active Directory in your organization can take longer than expected.
These guides encapsulate planning and deployment expertise from Microsoft's product team with lessons learned from customers who have already designed and deployed Active Directory in their organizations.

Active Directory for Windows Network Management
This guide focuses on providing best practice–based guidance for deploying Active Directory for the purpose of managing networks comprised of Windows clients, Windows servers and Windows-compatible applications and devices. This guide will refer to this as the network operating system (NOS) management role. Benefits of deploying Active Directory in a NOS management role include:
Centralized management of very large Windows networks (Active Directory is designed to support millions of objects).
The ability to eliminate resource domains, including the hardware and administration they entail.
Policy-based desktop lockdown and software distribution.
The ability to delegate administrative control over resources where appropriate.
Simplified location and use of shared resources.

Because Active Directory is best deployed as a corporate-wide infrastructure, the design team will likely involve many people in your organization. This guide will make it clear what types of representatives are needed at various stages of the project. Project teams must gain the buy-in of these representatives for the design decisions that affect their part of the organization. For example, deploying Active Directory in most companies requires integration with an existing DNS infrastructure. The people who manage these systems will be critical to the success of the project. At the same time, it is important to keep teams as small as possible to make decisions easier to reach.
It is very important to note that deploying Active Directory in a Windows network management role should be driven at the corporate level — not at the departmental level. If you are a departmental administrator and want to deploy Active Directory, you should contact your corporate IT administrator for assistance. Failure to do so may make it difficult to join your departmental deployment to a corporate-level Active Directory deployment in the future.

thanks

Related Questions

Navigate

• Browse (All)
• Browse H
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.