Plan to incorporate Nesting Strategies for Fantasy Games network
Site replication topology
How DNS integrates with Active Directory
If you install Active Directory on any server, you encourage the server to the task of a domain monitor for a respective domain. When finishing this process, you are reminded to make specific a DNS domain identity for the domain of Active Directory for which you are entering and encouraging the server. If in the cause of this process, an authoritative DNS server for the domain that you made specific either cannot be traced on the network or is not compatible with the DNS dynamic update policy, you are reminded with the alternative to install a DNS server. This alternative is given since a DNS server is needed to trace this server or other domain monitors for elements of an Active Directory domain. Once Active Directory is installed, you have two alternatives for keeping and replicating your zones when working with the DNS server at the new domain monitor.
For Universal Groups, the nesting guidelines are as follows:
Users get into Global Groups, Global groups to Universal Groups, Universal Groups to Domain Local Groups, and Domain Local groups are listed on the Access Control List of the source.
Domain Local group is a scope intended to consist of Global Groups and Universal Groups though it can as well contain user accounts and other Domain Local Groups. It can only be seen and used on controllers if domain is under mixed mode. Global Groups is a scope intended to keep user accounts and other Global groups. User accounts can only be contained if domain is under mixed mode. Universal Groups is a scope intended to keep Global Groups from multiple domains i.e. they help group groups in multi-domain enterprise. However, it is not usable as Security Groups if domain is under mixed mode. Since this Group gives permissions similar to the administrator’s, it is not suitable to be used in Fantasy Games network for their network.
Security Groups has a distinct feature in that a Security Identifier (SID) is assigned to it from the AD. SID promotes the function of the group so that it can be used to assign and control resource accessibility. Absence if SID in Distributed Groups accounts for its limited capability. Distribution Groups are intended for emails, and not for assignment of access rights to resources.
Fantasy Games network needs to incorporate Local Groups, Global Groups and Universal Groups in the AD. The most important consideration is to allow growth of network and lessen the permission count.
Every organizational would consist of shared resource together with its individual resources. Having identified the need of resources, they are then placed on domain local groups. Global Groups having equivalent need of resources would be placed in the suitable Domain Local Groups and would have same access rights as Domain Local Group.
References
Hunter, L. E., & Allen, R. (2008). Active Directory Cookbook. UK: O'Reilly Media, Inc.
Price, J. A., Price, B., & Fenstermacher, S. (2008). Mastering Active Directory for Windows Server 2008. Australia: John Wiley & Sons.
Suhanovs, D. (2003). MCSE Windows Server 2003 Active Directory Infrastructure Study Guide (Exam 70-294). New York: McGraw-Hill Professional.