Standards simplify administration and provide consistency in design. Active Directory works well with standardization because of the container structure of its overall design. Enterprise-wide standardization extends beyond the overall internal structure of Active Directory. Forest-wide standardization affects the top-most container and all of its contents. Domain-wide standardization affects a single domain within Active Directory and all of its contents including OUs and possibly sites. Every item within AD is considered a container or an object. Each item within the Active Directory provides for simplified administration by following naming standardization and also by following a standardized structure.

The forest is the top-most container within Active Directory, and consequently the seat of administrative control. The degree of control needed within an AD design will determine whether a single forest should be implemented or whether a design will require multiple forests.

The number of domains required within an Active Directory design is affected by the available bandwidth between locations and the number of users in the overall environment, amongst other factors. Domain naming and the domain hierarchy are made available through a standardized naming system based on the naming system provided by the Domain Name Service (DNS). Not all designs are based entirely on a clean-slate approach. Three design approaches are available for the domain design and implementation strategy in-place upgrade, restructuring and a migration to a pristine environment.

Windows Server 2003 supports three different authentication mechanisms: LM (the weakest and supported by older Windows 9 x clients), NTLM (version 1 supported...