Introduction to Active Directory Planning and Design

Published: February 25, 2008


Active Directory controls the core security of the Microsoft Windows® network environment. The directory service is responsible for authenticating user and computer accounts within the Active Directory infrastructure. In addition, the directory service provides a mechanism for centralized, delegated administration of resources within the forest.

To develop and implement a successful design of Active Directory, numerous questions must be answered and many decisions and strategies must be determined. Considerations for performance, security, manageability, scalability, and many other criteria must be addressed if the design is to be successful.

The purpose of this guide is to assist designers in the decision-making process by providing a clear and concise path for designing the Active Directory infrastructure, given the relative context. This guide relies on best practices and real-world experience to offer considerations and alternatives at each point in the design.

This guide, when used in conjunction with product documentation, will help companies confidently plan an Active Directory implementation. The appendix includes a sample job aid for recording the decisions made during the design process.


To limit the scope of material in this guide, the following assumptions have been made:

  • The decision to implement Active Directory has already been made. This guide does not address the business or technical case to make a directory choice.
  • This design is for use in a production environment. It is expected that a test environment will also be created to mirror the production environment in configuration.
  • The reader has familiarity with the Microsoft infrastructure and directory services. This guide does not attempt to educate the reader on the features and capabilities of Microsoft products. The product documentation covers that information.


Please direct questions and comments about this guide to

This accelerator is part of a larger series of tools and guidance from Solution Accelerators.


Get the IPD Active Directory Domain Services

Solution Accelerators Notifications

Sign up to learn about updates and new releases


Send us your comments or suggestions