Certification Zone Order NowLog In
Brown Bag

Learn more about Certification Zone's Brown Bag and how we can help you prepare for the Microsoft certification exams
Click Here!

Big Consultant Company (BCC)

by Richard French

Introduction
Equipment Requirements
Configuration Tasks
  Tasks to Perform
  Big Consultant Company (BCC)
Solutions
  Assigned Task 1
  Assigned Task 2
  Assigned Task 3
  Assigned Task 4
  Assigned Task 5
  Assigned Task 6
  Assigned Task 7
  Assigned Task 8
  Assigned Task 9
  Assigned Task 10
  Assigned Task 11
  Assigned Task 12
  Assigned Task 13
  Assigned Task 14
  Assigned Task 15
  Assigned Task 16
  Assigned Task 17
  Assigned Task 18

Introduction

Windows 2000 Design of Directory Services Infrastructure Certification Exam 70-219 topics and skills covered:

The ability to analyze the business requirements and design a directory service architecture, including:

  • Analyze the existing and planned business models.

  • Analyze the existing and planned organizational structures.

  • Analyze the structure of IT management.

  • Evaluate the company's existing and planned technical environment.

  • Analyze the impact of Active Directory on the existing and planned technical environment.

  • Analyze the business requirements for client computer desktop management.

  • Define the scope of the Active Directory design.

  • Design an Active Directory forest and domain structure.

  • Design an Active Directory naming strategy.

  • Design and plan the structure of organizational units.

  • Plan for the coexistence of Active Directory and other directory services.

  • Design a schema modification policy.

  • Design an Active Directory implementation plan.

  • Desig the placement of operations masters.

  • Design the placement of global catalog servers.

  • Design the placement of domain controllers.

  • Design the placement of DNS, WINS, and DHCP servers.

  • Design an Active Directory site topology.

Equipment Requirements

For this lab, you need pen, paper, and the 70-219 Tutorial.

Configuration Tasks

In this lab, you will perform the following tasks:

Tasks to Perform

Design the Directory Services Infrastructure based on the given business scenario. The following considerations should be taken into account:

  • Analyze the existing and planned business models.

  • Analyze the existing and planned organizational structures.

  • Analyze the structure of IT management

  • Evaluate the company's existing and planned technical environment.

  • Analyze the impact of Active Directory on the existing and planned technical environment.

  • Analyze the business requirements for client computer desktop management.

  • Define the scope of the Active Directory design.

  • Design an Active Directory forest and domain structure.

  • Design an Active Directory naming strategy.

  • Design and plan the structure of organizational units.

  • Plan for the coexistence of Active Directory and other directory services.

  • Design a schema modification policy.

  • Design an Active Directory implementation plan.

  • Design the placement of operations masters.

  • Design the placement of global catalog servers.

  • Design the placement of domain controllers.

  • Design the placement of DNS, WINS, and DHCP servers.

  • Design an Active Directory site topology.

Big Consultant Company (BCC)

Background:

Big Consultant Company is an international company that specializes in developing equipment for ticketing and access control for ski resorts. The company's turnstile-gate technology uses smart-card reading units. These units can unobtrusively access information from smart cards to authenticate users. The units can also add or subtract values from the cards.

For example, the unit can track the number of times a user skies a particular ski run. The units can read the cards from a distance, so users can simply pass by the units with the cards. Monetary amounts can also be added to or subtracted from the smart-card accounts, so that the card can be used to purchase items.

Big Consultant Company now wants to expand its scope and serve the informational needs of ski facilities and all of its customers.

The company recently acquired a large amount of investment money. It will use this money to support an aggressive project to make itself a premier information service provider to the most prestigious ski resorts in the world.

The purpose of this project is to build the large membership of individuals who have common interests and active lifestyles and provide them with new and unique services.

Big Consultant Company will customize its services to meet specific needs by independently promoting each resort. However, BCC will also provide a benefit known as the Passport that any member can use at any resort served by the BCC infrastructure.

The Passport will provide many services to the members. BCC also intends to use its membership list to promote products.

Problem Statement:

Big Consultant Company currently has only one type of turnstile smart-card tracking equipment located at ski resorts. The company must acquire the technical expertise to develop a new IT system that will support its new mission. It has concluded that Windows 2000 and Active Directory will be important components of its success.

Big Consultant Company plans to implement its goals in three phases.

Phase 1 will occur during the next 12 months. During this phase, the company will build the member Web site. During this phase, the company will also install at one resort location a resort IT employee IT system that will be integrated with the member Web site. The company will test this system, and then install the system at five additional resorts. The goal is to have the global member IT system and six resort IT systems operational within 12 months.

Phase 2 will occur during the following year. During phase 2, BCC plans to add 14 more resort locations and achieve a total membership of more than one million.

Phase 3 will occur during the following year. During this phase, the company plans to double the number of resort locations and members. Big Consultant Company intends to gain recognition in the market by using the newest technologies.

The company is willing to take risks if the ideas are feasible and will provide services that will promote customer loyalty and company recognition.

Business Goals:

Members will be able to purchase tickets for ski lifts and reserve rental equipment from their home computers or at the resorts. Individual user details will be stored so that ski sizes, the quality of equipment, and other details need to be entered only once.

When customers arrive at the resort, they will not need to wait. All equipment will be prepared and stored in a locker. Provisions will also be made for the storage and transport of customer-owned equipment to any resort served by BCC.

Big Consultant Company does not want its customers to have to wait for any services at any ski resort. Customers will also be able to purchase tickets for ski lifts online from kiosks. As a part of a membership, BCC will issue smart cards attached to stretchable cords. At the ski resorts, members will be able to use cards to open their lockers. They will also use the cards to gain access to ski lifts and to make restaurant reservations.

Members who are staying at resorts will use cards as keys to their rooms and will not need to register with the resort. Points will also be accumulated for purchased services. These points will earn gifts and awards. Members using the smart card to purchase at the ski lodge or store will enjoy discounts.

Three membership classifications will be available: Premier, Active Skier, and Standard. Higher membership levels will receive increased discounts.

Members will also have voice mail and e-mail services. Computers for the services will be located in each room and at many locations in the lodge and on the slopes.

When members pass the ski lift turnstile, it will make a sound if they have any new e-mail or voice mail messages. At the top of the lift, they can retrieve their messages. This service will provide a convenient way for members to locate other skiers and communicate with them. Additionally, family and friends at home who know a member's account ID will be able to send e-mail or voice mail to that member.

Reports of the current ski lift usage will be broadcast on the Web sites and on displays in the lodges. Resorts will have the option of instituting a premium classification for access to the lifts. Members in the classification will never need to wait to get on the lifts.

Members who share account IDs will be able to add the IDs to their family lists or friend list. This will make it convenient for members of a household to make reservations for the entire family, or for individuals to see which friends are skiing on any given day.

Members will be eligible for the discount packages, and will be able to use their smart cards at any of the resorts served by BCC. Members will also have the ability to add medical information to their cards. All ski patrol team members will have wireless smart-card readers.

Envisioned IT Environment:

Big Consultant Company will design and construct the global services to support two interrelated components. One component will be for members, and the other component will be for resorts.

Members will be able to access the member component from the Internet or any resort. The resort component will be used to support each resort and its unique internal business and employee needs.

The company headquarters is located in Vale, Colorado. The headquarters employs 65 people. The company has installed a high-speed connection to its IT center in San Jose, California. The IT center is connected to the Internet by means of 45-Mbps DS-3 lines.

BCC does not intend to create a separate employee domain. The Big Consultant Company phase one design includes the implementation of the member systems and the resort employee systems at the following locations:

  • Austria

  • California

  • Canada

  • Colorado

  • Switzerland

  • Vermont

New members will be able to enroll for BCC services at each resort. They will also be able to complete application forms on the Internet. The member will be affiliated with one resort, but will be able to use services at all other resorts.

The LANs at the resort will be upgraded to the highest feasible bandwidth. Each resort will have a connection to the Internet. The connection speeds will vary depending upon available services. Each resort will have a Virtual Private Network tunnel to the servers located in San Jose.

During phase 2, Big Consultant Company will open a European office to manage the resorts in Europe. As the company grows during phase 3, it is anticipated that BCC will have businesses and IT management centers in each country in which participating resorts are located.

Interviews:

BCC Chief Information Officer (CIO):

There are two major components of our plan: members and resorts. These components will be constructed at the same time. The members component will provide services to the skiers. The resort component will provide services to the resort businesses and employees.

Active Directory will be crucial to both components of the plan. The schema for the directory serving the members will need to be modified so that the new functionality will be supported. For development and security, the server hosting the member schema master will be located at our headquarters in Vale.

Members accessing BCC services from any resort will have the same functionality. To achieve the fastest response time, all logon requests must avoid using a WAN line. Even if the members travel from one resort to another, their logon processes will be performed locally and will not require WAN transmission.

Local resort employees will be able to update the member records only for members registered at their resort. Requests for changes to records of the members of other resorts must be sent to BCC staff. Consequently, it needs to be easy to move a member user object from one resort to another.

In case of server failure, a fault-tolerant design will be implemented at each resort so that local service will continue to run even if a server fails. We must avoid performing directory replication during times of peak usage.

Servers at the IT center will include one domain controller that has a global catalog and one domain controller that has the infrastructure operations master. Both the member and resort network must support wired and wireless devices. These devices can be connected and automatically assigned IP addresses.

For security, other applications must be able to access the devices by means of their DNS names. To help each resort automate its internal operations, we will provide a turnkey system that integrates Active Directory and advanced Windows 2000 functionality into each location. The design will ensure that employee information for one resort will not be visible to the other.

Resort Manager:

The design for the BCC resort infrastructure will provide some great services to employees at my resort. Our employees will access the system for services that include e-mail, human resources information, training and safety programs, the purchase of supplies, equipment inventory and maintenance, and staff scheduling.

Employees will be able to access the system from a variety of client computers and kiosks. The kiosks will be computers that run Windows 2000 Professional and have touch-screen displays. Both smart-card authentication and password authentication will be used for employee security authentication. Specific employees will be assigned the responsibility of issuing smart cards and updating member records.

Our resorts typically employ people in the following positions: ski lift operator, ski patrol member, maintenance worker, kitchen worker, restaurant worker, front desk attendant, business administration specialist, equipment specialist, instructor, emergency staff member, marketing specialist, and manager.

Each position will have specific access privileges. We also want to customize desktop settings for each position. The resort is organized into five departments: hotel, restaurant, operations, maintenance, and business administration.

Because each resort is independently owned and managed, each resort will want to be able to add applications that might uniquely change the directory schema. In addition, the resorts do not want any external companies or any other resort to have the authority to change user permissions for their employees. Nor do we need to have our internal domain replicated by means of our WAN line.

Our e-mail addresses need to be unique for each resort. Currently each resort has its own Web site. Each resort Web site is registered under its own domain. The DNS services for our top-level DNS domain will continue to be managed by our external Web presence provider. We do not want our internal Active Directory to remain on our external DNS server. The home page of our resort's Web site will include a variety of information related to our resort.

We will provide a link from our Web site for members who want to update their records. This link will take our members to a member Web site that is hosted by BigConsultantCompany.com.

Solutions

Note about all proposed Solutions: As with all task-based labs in this series, the following is only one of what could be many solutions to accomplish the assigned tasks.

Note about design labs: The design labs in this series closely follow the "look-and-feel" of the Microsoft design exams: a business scenario is presented containing interviews of key personnel, and the current and proposed network structure is described. It is your job to propose a solution, based on all the available data. This solution should address all the Assigned Tasks.

These labs are only conceptual because the potential large amount of hardware required for implementation of the proposed solution. If a situation arises that a specific procedure needs to be followed, it will be presented in the solution along with screen captures if appropriate.

Note about this lab: In the scenario, it is mentioned that the Windows 2000 implementation will be in "three phases". Since details are lacking for Phases 2 and 3, this solution applies only to Phase 1 of the project.

Assigned Task 1

Analyze the existing and planned business models.

Since the existing technical environment is not mentioned in the scenario, it is impossible to compare to the envisioned. The planned business model consists of a complete Windows 2000 solution that will encompass both the members and the resort domains.

Assigned Task 2

Analyze the existing and planned organizational structures.

Since Active Directory was not implemented before the upgrade project began, no organizational structure existed. A common implementation of Organizational Units (OUs) would be a design based on Geographic/Organizational boundaries. In this case, however, each site will be a separate forest. So, a top-level OU structure based on location does not make sense. The scenario mentions that "Each position will have specific access privileges. We also want to customize desktop settings for each position. The resort is organized into five departments: hotel, restaurant, operations, maintenance, and business administration." As a result, top-level OUs should be created based on departmental boundaries: hotel, restaurant, operations, maintenance, and business administration.

Assigned Task 3

Analyze the structure of IT management.

The company's IT center is located in Vale, Colorado. However, at each resort location some employees will perform updating of member records. Although it is mentioned that these employees will do some account management duties, it is not clear who will take the day-to-day management duties of Windows 2000 (and all its components) at each of the resorts.

Assigned Task 4

Evaluate the company's existing and planned technical environment.

The existing technical environment is not mentioned in the scenario. The planned technical environment is a turnkey implementation of Windows 2000 at each of the six resort locations, the San Jose IT center, and corporate headquarters in Vale.

VPN access was mentioned in the scenario, a remote access server will have to be installed at the IT center in San Jose in order to allow each of the resorts to VPN to it.

Smart-cards where mentioned in the scenario that would affect both the members and resorts domain. Since smart-cards will be used, in conjunction with passwords, for employee authentication, the EAP-TLS authentication protocol will have to be installed on the resort computers along with the corresponding hardware on the client computers and kiosk machines that the employees will have access to. The kiosk computers will also have touch-screen displays.

Regarding the members, smart-cards will be used for a variety of services that will be offered to the members. Smart-card readers will need to be set up, not only at the members' computers, but at a variety of locations throughout the resort area: the locker areas, ski lifts, lodge rooms (used as a room key), stores and restaurants, etc. All these locations will have to be interconnected to the members' domain using either Gigabit Ethernet or, if the project budget will allow, fiber connections. ("The LANs at the resort will be upgraded to the highest feasible bandwidth.")

Assigned Task 5

Analyze the impact of Active Directory on the existing and planned technical environment.

The existing technical environment at the resorts and at the corporate headquarters is not mentioned in the scenario (no "Existing IT Environment" section appears, only the "Envisioned IT Environment"). Therefore, it is impossible to measure the effect that Active Directory will have on the new environment. However, Active Directory will play a key role in all facets of the project -- member and employee authentication, the timely replication of data between locations, the access to different settings for each employee group, etc.

Assigned Task 6

Analyze the business requirements for client computer desktop management.

The following was stated in the scenario:

"We also want to customize desktop settings for each position. The resort is organized into five departments: hotel, restaurant, operations, maintenance, and business administration."

Therefore, Group Policies that affect users' desktop settings should be applied at the organizational unit (OU) level in the resort domains.

No mention of desktop management is mentioned for members in the members domain.

Due to the nature of the kiosk machines, software may have to be periodically updated. This can be accomplished by a Group Policy Object (GPO) linked to the appropriate OU that has software installation defined.

Assigned Task 7

Define the scope of the Active Directory design.

The scope of the Active Directory design is at all resort and corporate locations. It includes forests at each resort location, a member forest that includes each resort and the Vale corporate location. The Active Directory design also includes sites at each location, site links to the San Jose IT center, and a single-level OU structure in the resort domains.

Assigned Task 8

Design an Active Directory forest and domain structure.

In the scenario, the following statements relate to forest and domain structure:

"The schema for the directory serving the members will need to be modified so that the new functionality will be supported."

"Because each resort is independently owned and managed, each one will want to be able to add applications that might uniquely change the directory schema."

"In addition, the resorts do not want any external companies or any other resort to have the authority to change user permissions for their employees."

"The design will ensure that employee information for one resort will not be visible to the other."

Taking all these into consideration, seven forests need to be created: one at each of the six resorts for the resort employees and a forest anchored at the corporate headquarters in Vale.

Each of the six resort forests will consist of a single domain. The corporate forest will consist of two domains in a single domain tree: the members domain (that would span all six resort locations) and the corporate domain. A single, one-way trust will need to be set up at each resort location where the members domain trusts the resort domain so that resort employees can update members records.

Assigned Task 9

Design an Active Directory naming strategy.

The following is stated in the scenario that pertains to Active Directory naming:

"Currently each resort has its own Web site. Each resort Web site is registered under its own domain. The DNS services for our top-level DNS domain will continue to be managed by our external Web presence provider. We do not want our internal Active Directory to remain on our external DNS server."

In the members domain, BigConsultantCompany.com should be used. This domain will be spread out over all six resort locations and corporate headquarters. At the resorts, the current names should be kept and used as the Active Directory names for the resort domains. Since the DNS services are moving from external to internal servers, keeping the same external name and internal name could be accomplished.

Assigned Task 10

Design and plan the structure of organizational units.

In the resort domain, a simple departmental top-level OU structure is appropriate. The resort is organized into five departments: hotel, restaurant, operations, maintenance, and business administration." As a result, 5 top-level OUs should be created based on departmental boundaries: hotel, restaurant, operations, maintenance, and business administration.

It was stated in the scenario, "the member will be affiliated with one resort, but will be able to use services from any other resort." Therefore, the top-level OU structure for the members domain will be the location of the resort. In this OU would be the members of that resort. All OUs will have to be given the same access to the same resources at all resort locations.

No specific detail information was given in the scenario about the possible OU structure contained in the corporate domain.

Assigned Task 11

Plan for the coexistence of Active Directory and other directory services.

There are no other directory services.

Assigned Task 12

Design a schema modification policy.

It is stated in the scenario that

"The schema for the directory serving the members will need to be modified so that the new functionality will be supported."

"Because each resort is independently owned and managed, each one will want to be able to add applications that might uniquely change the directory schema."

This means that the software will modify the schema in both the members forest and in each of the six resort forests. Therefore, both the members and resort domains should have a defined procedure for modifying the schema. A common practice for installation software that modifies the schema is to place the user account that will be used to install the software temporarily in the Schema Admins group in the forest root domain, install the software, and immediately upon successful installation, remove the user from the group. This should be the company-wide policy for both the members and resort domains.

Assigned Task 13

Design an Active Directory implementation plan.

In the scenario, it was stated that the Windows 2000 rollout would be a "turnkey" solution. This means that all Windows 2000 workstations and servers will be pre-configured for their specific task at the specific location that they are to be deployed. All installation and configuration activities will be done off-site. When finished, all workstations, kiosk computers, client computers, and servers will be installed at the same time at the appropriate location.

All domains in all forests can be immediately changed to Native Mode.

Assigned Task 14

Design the placement of operations masters.

The following were stated in the scenario regarding the affect on operations masters placement:

"For development and security, the server hosting the member schema master will be located at our headquarters in Vale."

"To achieve the fastest response time, all logon requests must avoid using a WAN line. Even if the members travel from one resort to another, their logon processes will be performed locally and will not require WAN transmission."

For the members domain, all operations masters will be held on servers at the Vale location. At each resort, for the resort domain, since there will be two Domain Controllers (DCs) in each domain, the five operations masters roles could be split between the two DCs. The only caveat to this would be to have the global catalog server and the infrastructure master role on separate DCs.

Assigned Task 15

Design the placement of global catalog servers.

A global catalog server should be placed at each site.

Assigned Task 16

Design the placement of domain controllers.

In each of the six resort domains, two domain controllers (DCs) will be installed for fault tolerance. At each of the six resort sites, two DCs will be installed that will host the members domain. At the corporate headquarters in Vale, three DCs will be needed: one each for the schema master operations master role, Global Catalog server, and infrastructure operations master role.

Assigned Task 17

Design the placement of DNS, WINS, and DHCP servers.

At each resort site, two DNS and DHCP servers will need to be installed (for fault tolerance). The DHCP servers will distribute addresses not only to all the resort computers, but also to the wireless devices that are mentioned in the scenario.

The DNS servers will host a subdomain of the resort's Internet domain, and use the servers for the BCC.com zone that is integrated into Active Directory. Because each resort's Internet domain name is hosted by an ISP, subdomains must be created for those Internet domains to use in Active Directory. It will also hold a secondary copy of the members domain that will be hosted at the IT center in San Jose.

A DCHP and DNS server will also be installed at the Vale and San Jose locations.

Since NetBIOS name resolution was not mentioned in the scenario, no WINS servers need to be deployed.

Assigned Task 18

Design an Active Directory site topology.

Eight sites will need to be created: one at each of the six resort sites, one at the corporate headquarters in Vale, and one at the IT center in San Jose. The replication among each resort site, the corporate center, and the San Jose IT center should be scheduled during off-shift hours (which depends on the physical location of the resort). No special circumstances exist that would necessitate the scheduled replication to occur at any time other than the default interval.


[SA-70219-LS2-F02]
[2004-07-22-01]

Personal Study Zone
How it Works

Home
Order Now
Study Guides
Brown Bag
About the Site
Meet the Experts
FAQ
Contact Us
Cisco® Certifications
Copyright © Genium Group, Inc. All rights reserved. Terms of Use | Privacy Policy 
Certification Zone is an independent product, not sponsored by, endorsed by, or affiliated with Cisco Systems, Microsoft Corporation, or the Field Certified Professionals Association. Cisco®, Cisco Systems®, CCNA™, CCNP™, CCIE™, CCSI™, and the Cisco Systems logo are trademarks or registered trademarks of Cisco Systems Inc. Microsoft®, Windows®, Windows 2000™, Windows 2003™, MCSA™, and MCSE™ are trademarks or registered trademarks of Microsoft Corporation. FCSA™ and FCSE™ are registered trademarks of the Field Certified Professionals Association.