Home > Active Directory > AD DS Administrative Models

AD DS Administrative Models

Theory is of course no more than that in an IT world, but every now and then there’s a couple of theoretical terms which are very good to remember.
Since I’m working in an Enterprise company, one of the few here ind Denmark, this is especially important for me to remember.

Please notice that this info is all taken from the Microsoft 70-647 Second Edition Training Kit:

In the centralized administration model, IT-related administration is controlled by one group.
In this model, all critical servers are housed in one location, which facilitates central backup
and an appropriate IT staff member being available when a problem occurs.
The centralized administration model is typically used in organizations that have one large
central office with a few branch offices. Delegation is by function rather than by geographical
location, and most tasks are allocated to IT staff.

In the distributed administration model, tasks are delegated to IT in various locations. The
rights to perform administrative tasks can be granted based on geography, department, or
job function. Also, administrative control can be granted for a specific network service such
as DNS or a Dynamic Host Configuration Protocol (DHCP) server. This enables separation of
server and workstation administration without giving nonadministrators the rights to modify
network settings or security. A sound, well-planned delegation structure is essential in the
distributed administration model.
The distributed administration model is commonly used in enterprises that have a number
of large, geographically distributed locations—for example, a multinational organization.
Such organizations typically have several domains or even several forests. Although rights are
delegated to administrative staff on a regional basis, a group of enterprise administrators can
typically perform high-level administrative tasks across domains and across forests.

The mixed administration model uses both centralized and distributed administration. For example,
you could define all security policies and standard server configurations from a central
site but delegate the implementation and management of key servers by physical location.
Administrators can configure servers in their own location but cannot configure servers in
other locations. You can distribute the rights to manage only local user accounts to local
administrators and restricted rights over specific OUs to nonadministrative staff. As with the
distributed administrative model, an enterprise administrators group would have rights in all
locations. This model is used in medium-sized organizations with a few fairly large sites that
are geographically separated but in which the main office wants to keep control of certain
aspects of the operation.

Categories: Active Directory
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: