Finding Additional Resources for Windows Server 2008 Active Directory Logical Structure Design
Applies To: Windows Server 2008, Windows Server 2008 R2, Windows Server 2012
You can find the following documentation about Active Directory Domain Services (AD DS) on the Windows Server 2003 and Windows Server 2008 TechCenter Web sites:
For more information about designing the site topology, see Designing the Site Topology for Windows Server 2008 AD DS.
For worksheets to assist you in documenting the proposed forest, domain, Domain Name System (DNS) infrastructure, and organizational unit (OU) design, download Job_Aids_Designing_and_Deploying_Directory_and_Security_Services.zip from Job Aids for Windows Server 2003 Deployment Kit (https://go.microsoft.com/fwlink/?LinkID=102558).
For more information about delegated authentication and constrained delegation, see Delegating authentication (https://go.microsoft.com/fwlink/?LinkID=106614).
For more information about configuring firewalls for use with AD DS, see Active Directory in Networks Segmented by Firewalls (https://go.microsoft.com/fwlink/?LinkId=37928).
For more information about upgrading Active Directory domains to Windows Server 2008, see Upgrading Active Directory Domains to Windows Server 2008 and Windows Server 2008 R2 AD DS Domains.
For more information about restructuring AD DS domains within and between forests, see Active Directory Migration Tool version 3.1 Migration Guide (https://go.microsoft.com/fwlink/?LinkId=93678).
For more information about deploying a forest root domain, see Deploying a Windows Server 2008 Forest Root Domain.
For more information about deploying DNS, see Deploying Domain Name System (DNS) (https://go.microsoft.com/fwlink/?LinkId=93656).
For more information about the DNS hierarchy and name resolution process, see the DNS Technical Reference (https://go.microsoft.com/fwlink/?LinkId=106636). For more information about how DNS supports AD DS, see the DNS Support for Active Directory Technical Reference (https://go.microsoft.com/fwlink/?LinkId=106660).
For more information about WINS, see the WINS Technical Reference (https://go.microsoft.com/fwlink/?LinkId=106661).
For more information about creating a disjoint namespace, see Create a Disjoint Namespace (https://go.microsoft.com/fwlink/?LinkID=106638).
For more information about setting Service Principal Names (SPNs), see Service Logons Fail Due to Incorrectly Set SPNs (https://go.microsoft.com/fwlink/?LinkId=102304).
For more information about how to delegate permissions to modify SPNs to subordinate administrators, see Delegating Authority to Modify SPNs (https://go.microsoft.com/fwlink/?LinkID=106639).
For more information about domain controller certificate requirements, see article 321051 in the Microsoft Knowledge Base (https://go.microsoft.com/fwlink/?LinkId=102307).
For more information about Lightweight Directory Access Protocol (LDAP) over Secure Sockets Layer (SSL) (LDAPS) authentication and a related update for Windows Server 2003, see article 932834 in the Microsoft Knowledge Base (https://go.microsoft.com/fwlink/?LinkId=102308).
For more information about Group Policy infrastructure, see Designing a Group Policy Infrastructure (https://go.microsoft.com/fwlink/?LinkID=106655).
For more information about read-only domain controllers (RODCs), see AD DS: Read-Only Domain Controllers (https://go.microsoft.com/fwlink/?LinkID=106616).
For more information about fine-grained password and account lockout policies, see the Step-by-Step Guide for Fine-Grained Password and Account Lockout Policy Configuration (https://go.microsoft.com/fwlink/?LinkID=91477).
For more information about naming conventions in AD DS, see article 909264 in the Microsoft Knowledge Base (https://go.microsoft.com/fwlink/?LinkID=106629).