檢測軍人部署專案參與者Identifying the Deployment Project Participants

適用於:Windows Server 2016、Windows Server 2012 R2、Windows Server 2012Applies To: Windows Server 2016, Windows Server 2012 R2, Windows Server 2012

在 Active Directory Domain 服務 (AD DS) 建立部署專案的第一個步驟是建立設計和部署專案小組負責管理設計階段和階段專案 Active Directory 部署的循環。The first step in establishing a deployment project for Active Directory Domain Service (AD DS) is to establish the design and deployment project teams that will be responsible for managing the design phase and deployment phase of the Active Directory project cycle. 此外,您必須找出的個人和負責使用與維護 directory 部署完畢之後群組。In addition, you must identify the individuals and groups who will be responsible for owning and maintaining the directory after the deployment is completed.

定義特定專案角色Defining project-specific roles

找出的人都是以角色特定專案是重要步驟建立團隊的專案。An important step in establishing the project teams is to identify the individuals who are to hold project-specific roles. 其中包括贊助、 專案設計師,以及專案經理。These include the executive sponsor, the project architect, and the project manager. 執行 Active Directory 部署專案負責這些人。These individuals are responsible for running the Active Directory deployment project.

專案架構和專案經理,您將之後,這些人建立的公司的通訊通道、 組建專案排程,並找出的人都將會開始使用各種不同的擁有者專案團隊的成員。After you appoint the project architect and project manager, these individuals establish channels of communication throughout the organization, build project schedules, and identify the individuals who will be members of the project teams, beginning with the various owners.

贊助Executive sponsor

部署的基礎結構,例如 AD DS 可以影響廣泛的組織。Deploying an infrastructure such as AD DS can have a wide-ranging impact on an organization. 基於這個原因,會有贊助了部署商務值,支援在執行層級,專案及可協助您組織衝突。For this reason, it is important to have an executive sponsor who understands the business value of the deployment, supports the project at the executive level, and can help resolve conflicts across the organization.

專案架構Project architect

Active Directory 部署的每個專案需要專案設計師管理 Active Directory 設計和部署決策程序。Each Active Directory deployment project requires a project architect to manage the Active Directory design and deployment decision-making process. 設計師提供技術的專業,以協助您的設計和部署 AD DS 程序。The architect provides technical expertise to assist with the process of designing and deploying AD DS.

注意

如果您在組織中的不現有人員 directory 設計體驗,您可能想要雇用外顧問是一位專家 Active Directory 設計和部署。If no existing personnel in your organization have directory design experience, you might want to hire an outside consultant who is an expert in Active Directory design and deployment.

Active Directory 專案設計師責任包含下列類型:The responsibilities of the Active Directory project architect include the following:

  • 擁有 Active Directory 設計Owning the Active Directory design

  • 了解及錄製按鍵設計決策理由Understanding and recording the rationale for key design decisions

  • 確認設計符合企業需求的組織Ensuring that the design meets the business needs of the organization

  • 建立共識設計、 部署、 之間作業小組Establishing consensus between design, deployment, and operations teams

  • 了解 AD DS 整合應用程式的需求Understanding the needs of AD DS-integrated applications

Active Directory 的最終設計,必須反映業務務目標和技術決策的組合。The final Active Directory design must reflect a combination of business goals and technical decisions. 因此,專案設計師必須檢視設計決策確保它們配合的業務務目標。Therefore, the project architect must review design decisions to ensure that they align with business goals.

專案經理Project manager

專案經理幫助您透過商務用單位和技術管理群組之間的合作。The project manager facilitates cooperation across business units and between technology management groups. 理想、 Active Directory 部署的專案經理是其他人熟悉的兩個操作原則,IT 群組和部署 AD DS 準備群組的設計需求在組織中的人。Ideally, the Active Directory deployment project manager is someone from within the organization who is familiar with both the operational policies of the IT group and the design requirements for the groups that are preparing to deploy AD DS. 專案經理開頭設計和實作,透過持續監督整個部署專案,並確保專案保持排程與預算。The project manager oversees the entire deployment project, beginning with design and continuing through implementation, and makes sure that the project stays on schedule and within budget. 專案經理責任包含下列類型:The responsibilities of the project manager include the following:

  • 提供基本專案,例如 「 排程和預算計劃Providing basic project planning such as scheduling and budgeting

  • 在 Active Directory 設計和部署專案駕駛進度Driving progress on the Active Directory design and deployment project

  • 確保的適當的每個人都參與每個部分的設計程序Ensuring that the appropriate individuals are involved in each part of the design process

  • 做為 Active Directory 部署專案連絡人單點Serving as single point of contact for the Active Directory deployment project

  • 建立設計、 部署及作業團隊間通訊Establishing communication between design, deployment, and operations teams

  • 建立及維護贊助整個部署專案與通訊Establishing and maintaining communication with the executive sponsor throughout the deployment project

建立者和系統管理員Establishing owners and administrators

在 Active Directory 部署專案中,擁有者的人保持負責管理以確定該部署工作完成和規格需求組織該 Active Directory 設計。In an Active Directory deployment project, individuals who are owners are held accountable by management to make sure that deployment tasks are completed and that Active Directory design specifications meet the needs of the organization. 擁有者不一定進行存取,或直接操作 directory 基礎結構。Owners do not necessarily have access to or manipulate the directory infrastructure directly. 系統管理員是負責完成所需的部署工作人員。Administrators are the individuals responsible for completing the required deployment tasks. 系統管理員可以網路存取及管理 directory 和其基礎結構所需的權限。Administrators have the network access and permissions necessary to manipulate the directory and its infrastructure.

擁有者的角色是策略與管理。The role of the owner is strategic and managerial. 擁有者負責通訊的系統管理員所需的例如建立新的網域控制站樹系的 Active Directory 設計實作的工作。Owners are responsible for communicating to administrators the tasks required for the implementation of the Active Directory design such as the creation of new domain controllers within the forest. 將設計實作設計規格網路上的系統管理員負責。The administrators are responsible for implementing the design on the network according to the design specifications.

大型的組織中其他人填滿擁有者和系統管理員角色。不過,某些組織小,相同個人可能會做為擁有者和系統管理員。In large organizations, different individuals fill owner and administrator roles; however, in some small organizations, the same individual might act as both the owner and the administrator.

服務與資料擁有者Service and data owners

管理日常 AD DS 包含兩種類型的擁有者:Managing AD DS on a daily basis involves two types of owners:

  • 負責計劃與長期維護 Active Directory 基礎結構和確保 directory 會繼續運作,且會保留 [建立服務層級合約中的目標服務擁有者Service owners who are responsible for planning and long-term maintenance of the Active Directory infrastructure and for ensuring that the directory continues to function and that the goals established in service level agreements are maintained

  • 負責的資訊儲存在 directory 維護資料擁有者。Data owners who are responsible for the maintenance of the information stored in the directory. 這包括使用者電腦 account 管理及管理本機資源,例如成員伺服器及工作站。This includes user and computer account management and management of local resources such as member servers and workstations.

請務必,讓他們可以參與度設計程序的早期辨識 Active Directory 服務,資料擁有者。It is important to identify the Active Directory service and data owners early so that they can participate in as much of the design process as possible. 因為服務和資料擁有負責長期維護 directory 部署專案完成後,請務必提供有關組織需要輸入,以及熟悉方式與原因特定設計的決策這些人的。Because the service and data owners are responsible for the long-term maintenance of the directory after the deployment project is finished, it is important for these individuals to provide input regarding organizational needs and to be familiar with how and why certain design decisions are made. 服務擁有者包括樹系擁有者、 Active Directory Domain 命名系統 (DNS) 擁有者,以及拓撲擁有者的網站。Service owners include the forest owner, the Active Directory Domain Naming System (DNS) owner, and the site topology owner. 資料擁有者包含單位 (組織單位) 擁有者。Data owners include organizational unit (OU) owners.

服務及資料的系統管理員Service and data administrators

操作 AD ds 包含兩種類型的系統管理員: 管理員和管理員資料服務。The operation of AD DS involves two types of administrators: service administrators and data administrators. 服務管理員實作原則的決策服務擁有者和處理維護 directory 服務和基礎結構相關聯的日常工作。Service administrators implement policy decisions made by service owners and handle the day-to-day tasks associated with maintaining the directory service and infrastructure. 這包括管理裝載 directory 服務,管理其他網路服務,例如所需的 AD DS 控制樹系設定,並確保 directory 都可使用 DNS 網域控制站。This includes managing the domain controllers that are hosting the directory service, managing other network services such as DNS that are required for AD DS, controlling the configuration of forest-wide settings, and ensuring that the directory is always available.

服務系統管理員負責也完成初始 Windows Server 2008 Active Directory 部署程序完成之後所需執行 Active Directory 部署工作。Service administrators are also responsible for completing ongoing Active Directory deployment tasks that are required after the initial Windows Server 2008 Active Directory deployment process is complete. 例如 directory 增加需求,為中服務系統管理員建立其他網域控制站和建立或視移除之間網域信任。For example, as demands on the directory increase, service administrators create additional domain controllers and establish or remove trusts between domains, as needed. 基於這個原因,Active Directory 部署小組需要包括服務系統管理員。For this reason, the Active Directory deployment team needs to include service administrators.

您必須小心指派給受信任的人員在組織中的服務的系統管理員角色。You must be careful to assign service administrator roles only to trusted individuals in the organization. 這些人可以修改網域控制站系統檔案,因為它們可以變更 AD DS 的行為。Because these individuals have the ability to modify the system files on domain controllers, they can change the behavior of AD DS. 您必須先確定您在組織中的服務系統管理員,是熟悉操作的人而安全性原則,會在您的網路上的位置,並人員了解需要執行的原則。You must ensure that the service administrators in your organization are individuals who are familiar with the operational and security policies that are in place on your network and who understand the need to enforce those policies.

資料的系統管理員的使用者網域中有義務維護資料儲存在 AD DS,例如帳號使用者和群組和維護成員,他們網域的電腦都。Data administrators are users within a domain who are responsible both for maintaining data that is stored in AD DS such as user and group accounts and for maintaining computers that are members of their domain. 資料管理員控制 directory 物件的子集並無法安裝或 directory 服務設定所控制。Data administrators control subsets of objects within the directory and have no control over the installation or configuration of the directory service.

預設不提供資料的系統管理員帳號。Data administrator accounts are not provided by default. 設計團隊判斷要組織管理的資源將會如何之後,網域擁有必須建立資料系統管理員帳號,並委派它們根據設定的系統管理員的責任物件的適當權限。After the design team determines how resources are to be managed for the organization, domain owners must create data administrator accounts and delegate them the appropriate permissions based on the set of objects for which the administrators are to be responsible.

最好數量服務確保基礎結構繼續運作所需的最低號碼組織中的系統管理員。It is best to limit the number of service administrators in your organization to the minimum number required to ensure that the infrastructure continues to function. 大部分的系統管理工作資料系統管理員可以完成。The majority of administrative work can be completed by data administrators. 服務管理員需要設定,因為有義務維護 directory 和支援的基礎結構多少寬技術。Service administrators require a much wider skill set because they are responsible for maintaining the directory and the infrastructure that supports it. 資料的系統管理員只需要管理其部分 directory 所需的技能。Data administrators only require the skills necessary to manage their portion of the directory. 將這種方式工作指派導致節省成本組織,因為只有少數系統管理員必須訓練運作及維護整個 directory 和其基礎結構。Dividing work assignments in this way results in cost savings for the organization because only a small number of administrators need to be trained to operate and maintain the entire directory and its infrastructure.

例如,服務系統管理員必須了解如何新增至樹系的網域。For example, a service administrator needs to understand how to add a domain to a forest. 這包括安裝的軟體来轉換的網域控制站伺服器以及管理 DNS 環境,使網域控制站可以自動接手合併 Active Directory 環境中。This includes how to install the software to convert a server into a domain controller and how to manipulate the DNS environment so that the domain controller can be merged seamlessly into the Active Directory environment. 了解如何管理他們所負責新帳號建立新的員工在他們部門例如的特定資料只需要資料系統管理員。A data administrator only needs to know how to manage the specific data that they are responsible for such as the creation of new user accounts for new employees in their department.

部署 AD DS 需要協調與許多不同群組的網路基礎結構參與間通訊。Deploying AD DS requires coordination and communication between many different groups involved in the operation of the network infrastructure. 這些群組應該將服務,資料負責表示不同群組的設計和部署程序期間擁有者。These groups should appoint service and data owners who are responsible for representing the various groups during the design and deployment process.

部署專案完成之後,這些服務和資料擁有繼續負責的部分受其群組的基礎結構。Once the deployment project is complete, these service and data owners continue to be responsible for the portion of the infrastructure managed by their group. 在 Active Directory 環境中,這些擁有者是樹系擁有者、 AD DS 擁有者 DNS、 網站拓撲擁有者和組織單位擁有者。In an Active Directory environment, these owners are the forest owner, the DNS for AD DS owner, the site topology owner, and the OU owner. 這些服務和資料擁有的角色所述的下列各節。The roles of these service and data owners are explained in the following sections.

樹系擁有者Forest owner

樹系擁有者通常是誰負責 Active Directory 部署程序,而且人員最終負責部署完成之後維持樹系的服務傳遞組織中的資深資訊技術 (IT) 經理。The forest owner is typically a senior information technology (IT) manager in the organization who is responsible for the Active Directory deployment process and who is ultimately accountable for maintaining service delivery within the forest after the deployment is complete. 樹系擁有者指派個人填入的擁有權角色檢測軍人負責的人員在組織中可以提供所需資訊網路基礎結構和管理的需求。The forest owner assigns individuals to fill the other ownership roles by identifying key personnel within the organization who are able to contribute necessary information about network infrastructure and administrative needs. 樹系擁有者負責下列動作:The forest owner is responsible for the following:

  • 建立樹森林根網域的部署Deployment of the forest root domain to create the forest

  • 每個來建立所需的樹系的網域網域中的第一個網域控制站的部署Deployment of the first domain controller in each domain to create the domains required for the forest

  • 服務之子-森林所有網域中的系統管理員群組成員資格Memberships of the service administrator groups in all domains of the forest

  • 建立組織單位結構每個網域森林中的設計的Creation of the design of the OU structure for each domain in the forest

  • 委派給組織單位擁有者系統管理員權限Delegation of administrative authority to OU owners

  • 變更架構Changes to the schema

  • 樹系設定的變更Changes to forest-wide configuration settings

  • 實作的特定群組原則原則設定,包括網域使用者 account 原則,例如精細的密碼,以及 account 鎖定原則Implementation of certain Group Policy policy settings, including domain user account policies such as fine-grained password and account lockout policy

  • 商務用原則設定可套用至網域控制站Business policy settings that apply to domain controllers

  • 任何其他網域層級會套用群組原則設定Any other Group Policy settings that are applied at the domain level

樹系的擁有者授權單位上整個樹系。The forest owner has authority over the entire forest. 負責森林擁有者的群組原則和商務原則設定,並選擇服務的系統管理員的人。It is the forest owner's responsibility to set Group Policy and business policies and to select the individuals who are service administrators. 樹系擁有者為服務擁有者。The forest owner is a service owner.

DNS AD DS 擁有者DNS for AD DS owner

AD DS 擁有者 DNS 是深入瞭解現有的 DNS 基礎結構和組織的現有命名空間已經的人。The DNS for AD DS owner is an individual who has a thorough understanding of the existing DNS infrastructure and the existing namespace of the organization.

AD DS 擁有者 DNS 負責下列動作:The DNS for AD DS owner is responsible for the following:

  • 做為生意設計團隊之間目前擁有 DNS 基礎結構 IT 群組Serving as a liaison between the design team and the IT group that currently owns the DNS infrastructure

  • 提供協助您建立新的 Active Directory 命名空間以組織相關現有的 DNS 名稱區資訊Providing the information about the existing DNS namespace of the organization to assist in the creation of the new Active Directory namespace

  • 使用 deployment 團隊確認設計團隊的規格部署新的基礎結構 DNS 時,正常運作Working with the deployment team to make sure that the new DNS infrastructure is deployed according to the specifications of the design team and that it is working properly

  • 管理適用於 AD DS 基礎結構,包括的 DNS 伺服器服務和 DNS 資料 DNSManaging the DNS for AD DS infrastructure, including the DNS Server service and DNS data

AD DS 擁有者 DNS 是服務擁有者。The DNS for AD DS owner is a service owner.

網站拓撲擁有者Site topology owner

網站拓撲擁有者為熟悉實際句字的結構組織網路,包括個人子網路、 路由器和連接透過保守型連結網路區域的對應。The site topology owner is familiar with the physical structure of the organization network, including mapping of individual subnets, routers, and network areas that are connected by means of slow links. 擁有者的網站拓撲負責下列動作:The site topology owner is responsible for the following:

  • 了解拓撲實體網路,以及其如何影響 AD DSUnderstanding the physical network topology and how it affects AD DS

  • 了解如何在 Active Directory 部署會影響網路Understanding how the Active Directory deployment will impact the network

  • 判斷要建立的 Active Directory 邏輯網站Determining the Active Directory logical sites that need to be created

  • 子網路新增時,更新網站物件的網域控制站修改,或移除Updating site objects for domain controllers when a subnet is added, modified, or removed

  • 建立網站連結、 網站連結橋接器,並手動連接物件Creating site links, site link bridges, and manual connection objects

網站拓撲擁有者為服務擁有者。The site topology owner is a service owner.

組織單位擁有者OU owner

組織單位擁有者負責管理 directory 中儲存資料。The OU owner is responsible for managing data stored in the directory. 此個人必須熟悉操作,並在網路上的安全性原則。This individual needs to be familiar with the operational and security policies that are in place on the network. 組織單位擁有者只能執行這些工作,有服務系統管理員,委派給他們,他們只能執行這些工作 Ou 指派給上。OU owners can perform only those tasks that have been delegated to them by the service administrators, and they can perform only those tasks on the OUs to which they are assigned. 可能會指派給該組織單位擁有者的工作如下:Tasks that might be assigned to the OU owner include the following:

  • 執行他們指派組織單位所有 account 管理工作Performing all account management tasks within their assigned OU

  • 工作站和他們指派組織單位成員成員伺服器管理Managing workstations and member servers that are members of their assigned OU

  • 委派他們指派組織單位在本機系統管理員權限Delegating authority to local administrators within their assigned OU

組織單位擁有者為資料擁有者。The OU owner is a data owner.

建置專案小組Building project teams

Active Directory 專案團隊會暫時負責完成 Active Directory 設計和部署工作群組。Active Directory project teams are temporary groups that are responsible for completing Active Directory design and deployment tasks. Active Directory 部署專案完成時,擁有者假設負責 directory,並可以遣散團隊的專案。When the Active Directory deployment project is complete, the owners assume responsibility for the directory, and the project teams can disband.

專案團隊的大小,而有所不同組織的大小。The size of the project teams varies according to the size of the organization. 小型組織,可以責任團隊的專案的實體鍵盤保護蓋並參與部署的多個階段一個人。In small organizations, a single person can cover multiple areas of responsibility on a project team and be involved in more than one phase of the deployment. 大型的組織可能需要較大的小組,以不同的個人或甚至不同的小組涵蓋的責任的不同領域工作。Large organizations might require larger teams with different individuals or even different teams covering the different areas of responsibility. 只要指派所有區域的責任,且符合組織的設計目的不是重要團隊的大小。The size of the teams is not important as long as all areas of responsibility are assigned, and the design goals of the organization are met.

找出潛在的樹系擁有者Identifying potential forest owners

找出您組織中的群組擁有及網路上的使用者提供 directory 服務所需的資源的控制項。Identify the groups within your organization that own and control the resources necessary to provide directory services to users on the network. 這些群組視為潛在的樹系擁有者。These groups are considered potential forest owners.

分開的服務,資料管理 AD DS 可以讓 IT 群組 (或群組) 的組織管理 directory 服務時,每個群組中的本機系統管理員管理自己的群組所屬的資料的基礎結構。The separation of service and data administration in AD DS makes it possible for the infrastructure IT group (or groups) of an organization to manage the directory service while local administrators in each group manage the data that belongs to their own groups. 潛在的樹系擁有擁有所需的授權單位上部署及支援 AD DS 網路基礎結構。Potential forest owners have the required authority over the network infrastructure to deploy and support AD DS.

為組織打造基礎結構 IT 群組一個已 IT 群組則通常樹系擁有者,因此,任何未來部署潛在的樹系擁有者。For organizations that have one centralized infrastructure IT group, the IT group is generally the forest owner and, therefore, the potential forest owner for any future deployments. 包含許多組織獨立基礎結構 IT 群組有許多潛在的樹系擁有者。Organizations that include a number of independent infrastructure IT groups have a number of potential forest owners. 如果您的組織已經有 Active Directory 基礎結構就地,任何目前的樹系擁有者也有新部署的潛在的樹系擁有者。If your organization already has an Active Directory infrastructure in place, any current forest owners are also potential forest owners for new deployments.

選取其中一個做為您考慮部署的每個樹系的樹系擁有者潛在的樹系擁有者。Select one of the potential forest owners to act as the forest owner for each forest that you are considering for deployment. 這些潛在的樹系擁有負責處理設計團隊,以判斷他們的樹系將確實部署,或如果替代動作 (例如加入另一個現有的樹系) 是一種更佳的使用可用資源的並仍然符合他們的需求。These potential forest owners are responsible for working with the design team to determine whether or not their forest will actually be deployed or if an alternate course of action (such as joining another existing forest) is a better use of the available resources and still meets their needs. 您在組織中的樹系擁有者 (或擁有者) 的 Active Directory 設計小組的成員。The forest owner (or owners) in your organization are members of the Active Directory design team.

建立設計團隊Establishing a design team

Active Directory 設計團隊負責為收集有關 Active Directory 邏輯結構設計做出所需的所有資訊。The Active Directory design team is responsible for gathering all the information needed to make decisions about the Active Directory logical structure design.

設計團隊責任包含下列類型:The responsibilities of the design team include the following:

  • 判斷多少森林與網域和關聯的樹系之間的網域Determining how many forests and domains are required and what the relationships are between the forests and domains

  • 使用資料擁有者以確認設計符合他們安全性與管理的需求Working with data owners to ensure that the design meets their security and administrative requirements

  • 使用目前的網路系統管理員,以確保目前網路基礎結構支援設計和的設計將不會影響現有部署在網路上的應用程式Working with the current network administrators to ensure that the current network infrastructure supports the design and that the design will not adversely affect existing applications deployed on the network

  • 若要確認設計符合建立的安全性原則組織的安全性群組的人員使用Working with representatives of the security group of the organization to ensure that the design meets established security policies

  • 設計組織單位結構允許適當的保護層級和授權的適當委派給資料擁有者Designing OU structures that permit appropriate levels of protection and the proper delegation of authority to the data owners

  • 使用 deployment 測試設計團隊實驗室環境,確定它是做為計劃和修改設計為所需發生的任何問題的地址Working with the deployment team to test the design in a lab environment to ensure that it functions as planned and modifying the design as needed to address any problems that occur

  • 建立一個網站拓撲設計時防止使用頻寬載符合樹系的複寫需求。Creating a site topology design that meets the replication requirements of the forest while preventing overload of available bandwidth. 設計拓撲網站的相關詳細資訊,請查看設計網站拓撲適用於 Windows Server 2008 AD DSFor more information about designing the site topology, see Designing the Site Topology for Windows Server 2008 AD DS.

  • 使用 deployment 團隊確認設計實作正確Working with the deployment team to ensure that the design is implemented correctly

設計團隊包含下列成員:The design team includes the following members:

  • 潛在的樹系擁有者Potential forest owners

  • 專案架構Project architect

  • 專案經理Project manager

  • 建立及維護網路上的安全性原則負責的人Individuals who are responsible for establishing and maintaining security policies on the network

邏輯結構設計程序期間設計團隊辨識其他擁有者。During the logical structure design process, the design team identifies the other owners. 必須開始這些人,為他們都會參與設計程序。These individuals must start participating in the design process as soon as they are identified. 部署小組交部署專案之後,設計團隊負責作業確認設計實作正確的部署程序。After the deployment project is handed off to the deployment team, the design team is responsible for overseeing the deployment process to ensure that the design is implemented correctly. 設計團隊也會根據意見反應的測試設計變更。The design team also makes changes to the design based on feedback from testing.

建立部署團隊Establishing a deployment team

Active Directory 部署的小組負責測試及實作 Active Directory 邏輯結構設計。The Active Directory deployment team is responsible for testing and implementing the Active Directory logical structure design. 其中包括下列工作:This involves the following tasks:

  • 建立這些可模擬 production 環境測試環境Establishing a test environment that sufficiently emulates the production environment

  • 利用建議的樹系和網域結構來確認它符合每個角色擁有者的目標實驗室測試設計Testing the design by implementing the proposed forest and domain structure in a lab environment to verify that it meets the goals of each role owner

  • 開發無障礙和測試提出的設計,測試環境中的任何移轉案例Developing and testing any migration scenarios proposed by the design in a lab environment

  • 確認您的每個擁有者登出測試程序以確保測試正確的設計的功能Making sure that each owner signs off on the testing process to ensure that the correct design features are being tested

  • 測試試用的環境中的 deployment 作業Testing the deployment operation in a pilot environment

設計與測試任務完成後,部署小組執行下列工作:When the design and testing tasks are complete, the deployment team performs the following tasks:

  • 建立的樹系和 Active Directory 邏輯結構設計根據網域Creates the forests and domains according to the Active Directory logical structure design

  • 網站做為所需的網站連結物件根據上建立的網站拓撲設計Creates the sites and site link objects as needed based on the site topology design

  • 確保 DNS 基礎結構已支援 AD DS,而且的任何新命名空間已經整合組織的現有命名空間Ensures that the DNS infrastructure is configured to support AD DS and that any new namespaces are integrated into the existing namespace of the organization

Active Directory 部署小組包含下列成員:The Active Directory deployment team includes the following members:

  • 樹系擁有者Forest owner

  • DNS AD DS 擁有者DNS for AD DS owner

  • 網站拓撲擁有者Site topology owner

  • 組織單位擁有者OU owners

部署小組確保作業小組的成員全新的設計熟悉部署階段的運作方式的服務,資料系統管理員使用。The deployment team works with the service and data administrators during the deployment phase to ensure that members of the operations team are familiar with the new design. 這有助於確保轉換的擁有權,在完成部署操作。This helps to ensure a smooth transition of ownership when the deployment operation is completed. 以完成部署程序,負責維護新的 Active Directory 環境會傳遞給作業小組。At the completion of the deployment process, the responsibility for maintaining the new Active Directory environment passes to the operations team.

設計和部署團隊文件Documenting the design and deployment teams

文件名稱,並將參與部署 AD DS 與設計的人的聯絡資訊。Document the names and contact information for the people who will participate in the design and deployment of AD DS. 找出人員將會每個角色設計和部署的團隊負責。Identify who will be responsible for each role on the design and deployment teams. 一開始,此清單會包含潛在的樹系擁有、 專案經理,以及專案設計師。Initially, this list includes the potential forest owners, the project manager, and the project architect. 當您判斷,將部署樹系的數目時,您可能需要額外的樹系建立新設計。When you determine the number of forests that you will deploy, you might need to create new design teams for additional forests. 請注意,您將需要小組成員資格變更,以及當您在各種不同的 Active Directory 擁有者辨識設計程序期間,請更新您的文件。Note that you will need to update your documentation as team memberships change and as you identify the various Active Directory owners during the design process. 協助您在擬設計和部署團隊每個樹系試算表,下載 Job_Aids_Designing_and_Deploying_Directory_and_Security_Services.zip 從工作協助工具的 Windows Server 2003 部署套件 (http://go.microsoft.com/fwlink/?LinkID=102558) 和開放 「 設計和部署小組資訊 」 (DSSLOGI_1.doc)。For a worksheet to assist you in documenting the design and deployment teams for each forest, download Job_Aids_Designing_and_Deploying_Directory_and_Security_Services.zip from Job Aids for Windows Server 2003 Deployment Kit (http://go.microsoft.com/fwlink/?LinkID=102558) and open "Design and Deployment Team Information" (DSSLOGI_1.doc).