Designing and Setting Up Your Domain Structure

Developing your network design also involves planning the location of Terminal Services within your proposed Windows 2000 infrastructure. There are three principal domain structure alternatives that apply to a Terminal Services installation:

Use no domain structure.    Without a domain architecture, users need separate accounts on every Windows 2000 server running Terminal Services. This limits scalability and makes it more difficult to administer groups of users.

Implement Windows 2000 Terminal Services in the existing Windows NT 4.0 domain environment.    This allows you to take advantage of the new features available in Windows 2000 Terminal Services without affecting the production environment. However, keep in mind that the existing Security Account Manager (SAM) limitations of the Windows NT 4.0 domain model will apply using this approach. Administrators have the option of adding Terminal Services–specific attributes to users' accounts. This adds a small amount of information, typically 1 KB or less, to a user's entry in the domain SAM database.

Leverage the Windows 2000 Active Directory infrastructure.    This option takes full advantage of Active Directory. It leverages the ability to host thousands of users in its database. It also gives you the option of applying Group Policy to control the user experience when connected to Terminal Services.

When you define your Active Directory structure, it is recommended that you place your Terminal servers in a separate organizational unit (OU), separate from other computers and without users. A Terminal Services OU only needs to contain Terminal Services computers, no other user or non-Terminal Services machine objects. Just as you are likely to manage your laptops in a manner different from your client computers, you will also manage your Terminal servers differently.