Assessing Your Environment

Now that you have spent time considering the scope of Active Directory and all the areas of the organization that it affects, the next step is to assess your organization's computing environment. Next you will look at the areas of IS that the Active Directory design affects or is affected by.

Network Assessment

Active Directory is a distributed service, meaning that few functions are provided by only one DC. Most Active Directory services are provided by most, if not all, the DCs. The nature of this type of service is that clients need to communicate with DCs for Active Directory services, and DCs need to communicate with other DCs for changes to Active Directory database or environment. Therefore, the network is a critical component to a functioning Active Directory. If client access to a DC, domain name system (DNS) server, or GC server is hindered, Active Directory services can fail. If DCs are unable to replicate domain information between them, domain services can become unpredictable. In either case, for Active Directory to provide full functionality as expected, the network that supports Active Directory must be understood so that your Active Directory can be designed to accommodate its limitations.

The networking services representative on the Active Directory team should be able to provide a WAN topology as well as LAN topologies where appropriate. The WAN topology should be translated into the available bandwidth and throughput between physical locations.

For example, Wadeware utilizes a frame relay network to connect all their North American locations (see Figure 7.3).

In this example, you can see that each location in North America is connected to the frame relay network, but that Permanent Virtual Circuits (PVCs) are defined between each location and New York. This means that if a person in Miami sends a message to a user in Los Angeles, the bits must travel from Miami through the frame relay network to New York, and then they are routed back through the frame relay network in Los Angeles. This is not necessarily a bad design, but it should be understood when designing your Active Directory architecture. This is because clients communicate with DCs, and DCs communicate with other DCs. How these hosts communicate is dependent on the Active Directory design. Understanding the route that bits take between hosts helps to design the optimal Active Directory site design.

Wadeware's European division has outsourced their European network, as seen in Figure 7.4.

In this example, each location has an access rate and a committed information rate (CIR). Although the access rate to each location is 128Kbps, the CIR is only 64Kbps. The networking services representative should know that the frame relay rules in Europe are different from those in the United States and that supporting speeds over the CIR in Europe is not only costly, it is undependable because the carrier regularly drops packets over the CIR. This causes the router to resend the packet, just adding to the problem. Armed with this information, Active Directory can be designed in Europe with this limitation in mind. Moreover, the Active Directory team can also use this knowledge to lobby for a higher CIR in Europe.

Therefore, when assessing your network, you should be armed with the following information:

• WAN topology map, including logical circuits, access rates, and CIRs if appropriate

• List of physical locations, the number of users, the number of workstations, and LAN and WAN usage characteristics

• Available bandwidth between physical locations during both business and non-business hours

• Internet connectivity, including firewall information, DNS authority, and usage statistics

• Future WAN/LAN enhancements, such as Asynchronous Transfer Mode (ATM)

• Remote user connectivity strategy

• Common communication paths, such as routine messaging paths and workgroups that span physical locations

• Directory enabled devices, such as routers, switches, PBXs, Voice gateways, or IP phones

This information is used to determine where Active Directory site lines are drawn, where DC and other Active Directory services are located in relation to clients, whether there are any areas of the WAN that could increase bandwidth, and possibly how many domains are necessary.

Workstation Assessment

Workstation assessment is part of the Windows 2000 deployment, especially if Windows 2000 is to be deployed on the desktop. It's also important for the Active Directory planning process to know how many and where, desktops exist the applications they run, their attrition schedule, and their construction (how much RAM they have, what class and speed CPU they use, the amount of available disk space, and what operating system they are running).

This information is used to assess the number and placement of domain services. It is also used to assess how well Group Policy Objects (GPOs) can be applied to individual workstations.

User Assessment

One of the most difficult assessments required is the assessment of your users. Many projects that implement services to be used by users avoid asking the question: What type of users do you have? This is because, typically, there is no easy answer. To simplify this task, it becomes necessary to look at the organization as a whole. Is yours a high-tech company or a call-center outsourcing company? Each has a different typical-user profile. Each of these users has different requirements and expectations.

If your organization is not so easily generalized, try to break it down by department. Is there a research and development department full of engineers? Is there a sales and order-entry department? Each of these departments also has different expectations and requirements. That's not to say that the order-entry department would automatically have fewer expectations than the research and development department. On the contrary, order-entry users who work with their computers constantly throughout the day might have more rigorous demands than those of research and development users.

Evaluate your organization and categorize users in one of three classes: heavy, medium, or light users. After these categories are defined, group users at each location into one of these three classes. With this information, you are better able to determine the amount of domain resources required at each location.

Politics and Religion

The final analysis is at a more pragmatic level. What is the political climate surrounding the Windows 2000 and Active Directory project? Active Directory is beginning to approach the turf of other legacy system, especially UNIX. As Windows NT grew up in the enterprise from a simple workgroup file-server to what it is now, providing full-fledged enterprise services, other congregations of operating system loyalists have drawn lines in the sand, stating "Windows NT, knock yourself out providing file services to your workgroups, but don't cross the line into the enterprise arena." For many organizations, the first battle was fought and won by Microsoft Exchange, which became the first client/server system to achieve true enterprise-level presence with high levels of functionality and a low cost of ownership. However, this just backed the legacy system loyalists further into their corner, re-enforcing their resolve. They didn't see Exchange coming, but this time they are ready. The expected beachhead will be over which system hosts DNS, but that will just be the first battle of the war.

Anyway, make sure you're aware of how your Windows 2000 and Active Directory project is being received throughout the organization. Arm yourself with knowledge of the issues surrounding coexistence, such as the dependencies of Active Directory on DNS and why one implementation is better than another, before you go into battle. Make sure that you placate if necessary; choose your battles wisely.