After you have at least one Windows 2000 Server up and running, you can get started with Active Directory. You’ll need to do a bit of planning first. The best way to get started is to take an inventory of all the hardware and map out the physical network connections.
If all the network administration tasks are handled from one location, this process can be relatively simple. If you are configuring an Active Directory that spans multiple physical locations across WAN links, it will get quite complex.
Every Windows 2000 domain and its Active Directory can consist of millions of objects. Instead of adding new domains for each location, you should consider breaking down a single large domain into Organizational Units (OU), which are covered in detail later in this chapter.
There are a few cases where multiple domains would be a better solution. If two locations have different Internet domain names, they’ll probably want to keep their identities separate on the private portions of their networks, too.
If you have slow WAN connections between physical locations or very strict security requirements in a certain location, you probably ...