Active Directory Domain Prep
1) DHCP and DNS: You need to have a reliable DHCP and DNS server or you can add these to your Domain Controller (DC). If you use them on the DC you will find some extra benefits, like auto updating of DNS and DHCP and vice versa. Plus your DNS can be Active Directory (AD) integrated and secure. I highly recommend you use Microsoft’s DHCP and DNS services. If you have 3rd party services or servers you will need to do a bit of research to find the best way to integrate them with your Domain.
2) The workstations: You need an inventory of the machines. If you have any machine that have (Windows 98/se, Windows 95, Windows ME, Windows 2000, Windows NT (any version) you are going to have to make some decisions because these machines will not support some versions of AD. If you have Windows XP Professional or newer machines you should not have many issues. Next (Windows XP Home, Windows Vista Starter, Windows Vista Home/Premium, Windows 7 Starter, Windows 7 Home/Premium) cannot be added to a domain by design. There are hacks and work arounds but I would not recommend them, you will only be asking for trouble and issues later. (Believe me I have been down this road before)
3) Server Version: If you have all Windows XP Professional or better workstations you can use Windows Server 2008 R2 and AD. This will give you the latest version of AD and the most options. If don’t have newer Workstations then you may want to consider Windows Server 2003 R2 which will give you the backwards compatibly and still support Windows 7 with updates.
After you have done your basic home work above. Then you need to decide how you want to setup AD. Most of the books and best practices will say something like this. Setup your domain as in: CompanyName.local, then break everything up, Finance (accounting, accounts payable, accounts receivable, budget, etc.), IT (desktop support, network support, programming, systems, help desk, telecommunication, etc.) Management, (CEO, President, Vic President, Board Members, Chairman, etc.). However doing this is a nightmare to setup, edit, configure, and maintain. I only recommend setting up a domain like this if you have over 5000 people and you have 10 Server/Domain Admins to keep up with all the work of moving, deleting, renaming, changing, and adding, staff. As well as all aspects of managing them for security, auditing, termination and disciplinary actions. It is best to keep this simple. Don’t use your company name in the domain name, this way if the company gets bought out, sold or goes through a name change you don’t have to live with an incorrect domain name or all the trouble of renaming it. (Renaming is not as big a deal with Windows Server 2008 R2, now-a-days, however if you need to update web pages, stationary, business cards, etc. etc. it can get quite expensive.) Think of a universal name and go with that. This can be any name because it will only be used internal to your company. Next only setup your departments (PERIOD). Say you have Finance, IT, Management, Legal, HR, Internal Services, and Contractors, then just make those groups in AD. You don’t need it to be overly complex. Now you can group your staff into those groups.
Here is a sample:
Finance (Accounting, Accounts Receivable, Accounts Payable, Budget, etc.)
IT (Desktop Support, Network Support, Programming, Systems, Help Desk, Telecommunication, etc.)
Management (CEO, Board Members, Chairman, President, Vic President, etc.)
Legal (Attorneys, Paralegals, Contracts, etc.)
HR (General Staff, Risk, Employee Benefits, Insurance, Health, etc.)
Internal Services (Mail, Duplications, Inter Office, Janitor Services, Maintenance and Repair, etc.)
Contractors (Any and all)
After you have the groups then you can apply restrictions, security, access, shares, printers, etc.
This should give you a good start in figuring out what you need. Once you have that we can move to the next step. -WS