Now that we have assessed the environment and considered the various design options available to us, it is time to choose the appropriate designs for each component.

We start with naming standards. Before we progress to design components, we must first decide which components are to have standardized naming strategies, whether those strategies extend across all forests, and what the naming conventions should be.

Next we move on to the top level the forest or forests. We must first decide how many forests are required, their names, and whether they are to be located on a protected internal network or within a DMZ. Then we discuss the number, naming, and hierarchy of domains within each forest and the level of collaboration required between forests as well as between domains in the same forest. This includes the use of trusts to facilitate and optimize collaboration between domains and forests.

Different authentication protocols and standards are used by Windows 2000 and Active Directory from those used by Windows NT. We discuss the client requirements and how to implement a design that allows for co-existence of multiple clients types while providing a secure environment.

Next we discuss the organizational unit (OU) model design and how to select the appropriate model for your organization, based on the requirements of delegation and Group Policy.

This leads nicely to the subject of Group Policy itself how first you should decide what GPOs can do for you, how they should be managed through delegation, where they need to...