The design and analysis elements in this Windows 2000 exam make sure you understand how to map out a directory service.
Is the increased difficulty of the
new exams—especially the design tests—a good thing or
a bad thing? It’s good if you’ve worked hard for your
title, spent years plying your craft, and want to stand
out in the crowd, because that’s the kind of background
you’ll need to get through the exams. It’s bad if you
believe you need the MCSE certification to get your first
job in the industry; if that’s the case, you might want
to rethink your strategy—this exam is tough. You must
pass one of the design exams (70-219, reviewed here, 70-220,
or 70-221) as a core requirement of the Windows 2000 MCSE
Why the big challenge? Isn’t this just
another test? Almost anything can be taught; however,
it’s much more difficult to impart analysis and design
skills than it is to teach how to perform a concrete task,
such as creating a user.
Services Design (70-219)
Rating: “A well designed, fair,
and fairly difficult exam. You need to
understand how to design and integrate
the various components of Active Directory
based on a set of business and technical
Designing a Microsoft Windows 2000 Directory
Number of questions:
5 testlets, each with 3 to 13 associated
questions for a total of 44 questions
on beta; fewer on live exam.
220 minutes for beta; less for live
Expected to go live in July 2000.
Who should take
it? This exam can either be used
as a core or an elective exam for the
Windows 2000 MCSE certification. Passing
it makes you an MCP.
For existing Windows NT
- 1560: Updating Support Skills from
NT 4.0 to Win2K; 5 days.
- 1561: Designing a Win2K Directory
Services Infrastructure;5 days.
For new MCSE candidates:
- 2151: Win2K Network & OS Essentials;
- 2152: Supporting Win2K Pro; 5 days.
- 2153: Supporting a Network Infrastructure;
- 2154: Implementing and Administering
Directory Services; 5 days.
- 1561: Designing a Directory Services
Infrastructure; 3 days.
I also recommend
the following course: 2010: Designing
a Win2K Migration Strategy; 2 days.
The Case Study
This is one of the first MCSE exams
to use the new case-study-based exam items. These new
items present you with a very large amount of information
along with several test questions. The case study and
its associated test questions are called a testlet.
Each case study consists of interviews
with personnel within an organization on various topics,
such as workflow, business needs, and technical needs,
as well as background information, a problem statement,
and any additional information required. Reading one is
like reviewing a thorough set of notes from a client meeting.
The combined information presented
in a case study often consists of 1,000-2,000 words or
more. To give you a comparison, this article has about
2,300 words in it.
Tip: Your primary focus
in taking a test that includes this type of question should
be reading comprehension, reading comprehension, and even
more reading comprehension.
Don’t skip any of the information in
the case study; the information you skip might give you
the answer to one of the questions based on the case study.
Tip: Notice the All tab.
When this tab is selected, the entire case study is presented
in a single scrolling dialog box. I find this option to
be extremely useful when trying to find specific information
to answer a question after I’ve read the case study.
Once you read through the case study
a couple of times, you’re ready to move on to the questions
that are based on it. Several types of questions might
be used in the exam you take: multiple choice; drag and
drop; a new type of question called a create tree in which
you drag and drop items from the left side of the screen
on the appropriate node of the tree in the right pane;
and another new type called a build list and reorder,
where you drag the appropriate subtasks from the list
at the left side of the screen to the list on the right
and put them in the order needed to perform a given task.
Analyzing Business Requirements
Now you’re ready to apply your skills
to the information, by analyzing the company’s business
models, its information and communication flow, and so
on. Although you need to be able to convert the information
fed to you through the case study into business requirements,
it’s more important for you to determine how the various
business requirements presented apply to the design and
implementation of directory services.
Tip: Pay special attention
to the current and desired IT management and administrative
structure of the business—it will have a huge impact on
various parts of the directory services design.
At first glance, all of this business
stuff might not seem to apply much to directory services,
but in fact it does. How a business is organized, who
it does business with, and how it does business—all have
a huge effect on networking, administration, and directory
services. Remember, the network is there to support the
business, not the other way around!
Analyzing Technical Requirements
Analyzing Technical Requirements is
another new objective type for the MCSE exams, although
it has some similarity to the Windows NT 4.0 planning
objectives. There are three main areas that fall under
this heading: evaluating the existing and planned technical
environment, analyzing the impact of Active Directory
on the existing and planned technical environment, and
analyzing the business requirements for client computer
Evaluating the company’s existing and planned technical
environment consists of looking into several areas, including
geographic location of work sites, performance requirements,
available network bandwidth, and security. In each of
the aforementioned areas you have to keep three things
in mind: What does the client currently have, what do
they plan to add, and what are their stated requirements?
Then you have to analyze all three of those items together
and determine if the organization’s requirements are going
to be met, and if not, what should be done or added to
meet the requirements.
Keep a close watch over the existing
DNS environment and DNS requirements. Consider whether
the organization needs to upgrade or completely replace
its DNS infrastructure. Remember that Bind, the Unix DNS
service, supports SRV records and dynamic updates in both
of its two most recent versions, 8.12, and 8.2, and can
be used to support a Windows 2000 Active Directory environment.
Tip: Keep in mind that Unix
DNS implementations have been around much longer than
NT and Windows 2000, and many large organizations will
simply be unwilling to change their DNS environment from
Unix to Windows 2000.
Also ensure that you understand the
company’s current NT 4.0 domain structure, its current
organization, and any business and technical needs that
will affect the implementation of Active Directory.
Tip: If you don’t understand
NT 4.0 domains and trust relationships, it’s time to learn
them. You’ll never fully grasp Active Directory design
in a mixed environment unless you do.
Designing a Directory Service Architecture
Ah, now we get to the meat of the topic.
This set of objectives covers everything you can think
of, including designing a forest and domain structure,
planning an organizational unit (OU) structure, designing
a schema modification policy, designing an Active Directory
implementation plan, and planning for coexistence with
other directory services (can you say NetWare and Banyan
When you consider designing a directory
service, watch closely for anything that will influence
the layout of the forest and domain structure. Things
to look for that will affect this include the company’s
current and planned business structure, acquisition plans,
administrative requirements, and business interactions
with other organizations.
Tip: If an organization
consists of several business units that each do business
under a different company name, and the organization doesn’t
plan to change this practice, you’re probably looking
at a multi-domain design. (Companies have egos too.)
When considering the OU structure for
an organization, keep in mind centralized vs. decentralized
administration, departmental structure, geographical structure,
and business needs. For example, if most administration
is handled at a departmental level, the OU design will
probably need to follow the departmental design of the
organization, and the department’s network administrator
will probably need to be the delegated administrative
authority for the OU. On the other hand, if most administration
is handled on a location-by-location basis, the OU design
will probably need to follow the company’s geographical
Keep in mind the various things that
might cause you to have to extend the schema. These include
installing an application that requires extending the
schema, and storing information in Active Directory that
isn’t supported by a current object class. For example,
if the organization’s human resources department needs
to store the name and phone number for each employee’s
preferred physician in Active Directory, the schema would
have to be extended to support this.
When looking at an Active Directory
implementation plan, don’t forget that most domain designs
will involve upgrading NT 4.0 domains. Be sure you know
how NT 4.0 domains are organized, with some domains containing
user accounts (account domains), and other domains containing
mostly computer accounts. Be very clear on how upgrades
are performed and how user accounts and computer accounts
can be migrated to a new domain structure.
Tip: The PDC of an NT 4.0
domain must be the first domain controller in the domain
upgraded to Windows 2000.
Many large networks use other network
operating systems such as NetWare and Banyan Vines. Make
sure you understand what the organization under consideration
wants to do with these servers, and how long they’ll continue
to be used. Also be sure you know what protocols are required
to support these NOSs.
Tip: Older versions of NetWare
require the NWLink IPX/SPX/NetBIOS Compatible Transport
Protocol. The most recent version of NetWare uses TCP/IP.
Designing Service Locations
If you want to implement Active Directory
effectively on a large network, you have to place various
servers appropriately to ensure quick response and to
limit traffic across WAN links. Of course, since this
is important in the real world, there are several objectives
on this subject. The objectives cover the placement of
operations masters, global catalog servers, domain controllers,
and DNS servers.
Placing operations masters is fairly
straightforward. Normally, you want to place the operations
masters near the administrators who manage them and, of
course, near the other domain controllers they affect.
Keep in mind that there’s only one of each operations
master in each domain, except the Schema Master and the
Domain Naming Master, of which there’s only one of each
in a forest.
Tip: The Infrastructure
Master shouldn’t be placed on a domain controller that
also functions as a global catalog server. If you need
to place both the Infrastructure Master and a global catalog
server in a site, you should place at least two domain
controllers in that site.
Global catalog servers are used during
the logon process, so there should normally be at least
one global catalog server in each site. Large sites may
require more than one global catalog server.
Domain controllers are used for logging
on and are also often accessed when connecting to network
resources. For this reason, at least one domain controller
should be located at each site. If a network has only
one site, it should probably have at least two domain
controllers for fault-tolerance purposes.
DNS servers are used extensively by
all computers on the network. Again, there should normally
be at least one DNS server located in each site. A site’s
DNS server doesn’t necessarily need to have every zone
that the organization uses on it, but it should have the
zone or zones that are heavily used within the site in
which the DNS server is located. If DNS replication needs
to be optimized, consider using Active Directory integrated
|Check out the following
Microsoft Web sites for more information
about this exam:
Also, to learn more about Active Directory
design, be sure to read chapters 9 and
10 in the Microsoft Windows 2000
Server Deployment Planning Guide
(one of the books in the Windows
2000 Server Resource Kit, an essential
reference for anyone working with Windows
Hard but Appropriate
This exam is fairly hard because you
have to read a lot of information in the case study and
then apply that information to associated test questions.
However, this is as close as a computerized test can come
to the real world of consulting design. When you pass
this test, you can consider yourself among an elite group
of highly qualified IT professionals in this subject area.