Active Directory and DNS Design Implementation

Solution Description:
CLT will be hosting their infrastructure on Microsoft Hyper-v virtualization stack. The virtual infrastructure servers will host Microsoft Exchange Server, Microsoft Active Directory, Microsoft System Center Orchestrator, File Server, CLT Application Servers, and Microsoft SQL Servers etc.
CLT has 3 Production VLANs and 1 Client VLAN configured on Cisco hardware, each VLAN is configured on Cisco switches 3750 series, a dedicated patch panel separates Management switches and Clients / Servers. A Fabric interconnect provides management interface which is layered between Layer 3 switch and Cisco UCS Blade servers.
Each of the VLAN has mix of Unix and Microsoft Servers. Most Microsoft servers are virtualized and staged on Microsoft Hyper-v with appropriate VLAN tags configured for communication between servers and Storage arrays.
CLT is engaging SKV, a Microsoft Premier Consulting firm to perform DNS Designing and Configuration which involves configuring DNS servers in three Active Directory Domains and establish communication across the DNS servers.



Detail Design Document is attached below

Active Directory and DNS Design



Restructuring DNS Infrastructure

Solution Description:

HYDRA DNS infrastructure has potential security issues which provide external entities to gain control over the infrastructure and access the application data or the servers. AVA performed critical analysis of HYDRA infrastructure and produced the report which requires infrastructure should be redesigned.

HYDRA organization hosts their infrastructure in New South Wales. There are 2 major sites connected with high speed networks, the infrastructure is hosted on Microsoft infrastructure servers. The Headquarters is in Sydney followed by Secondary site in Melbourne.

HYDRA existing Microsoft infrastructure is operational on Windows Server 2008 R2 with single Active Directory Forest and having multiple domain controllers configured across the physical sites. HYDRA existing environment has critical Security issues with respect to their Domain Naming System and require redesigning their Domain Naming System and ensure HYDRA security policies are met. HYDRA is engaging AVA, a Microsoft Premier Consulting firm to perform the DNS restructuring which involves placing the DNS servers in DMZ zone and route the internal DNZ server requests to DMZ DNS server instead of public ISP servers.


Detailed design can be found from the below link


Download Document:

Restructuring DNS Infrastructure


Domain Restructuring – Designing RODC


This document will describe design decision to implement Read Only Domain Controller in the existing Active Directory Forest. The infrastructure is assumed to have the fully operational Active Directory forest which is hosted on Microsoft Hybrid cloud infrastructure.



For complete solution , please download the file below

Download File:

Domain Restructuring-RODC Placement

Installing Stand Alone Root CA – Server 2012


Depending on the CA hierarchy to be designed, this article focus on the steps required to install offline root CA on Windows Server 2012. Following are the assumptions

a)      Server will not be joined to the Active Directory domain

b)      Root CA is configured as Offline

c)      CAPolicy.inf is created under C:\windows and configured as per the CA hierarchy

d)     Networking and Storage considerations are considered

e)      Provision of User accounts are done ( local administrator permissions are configured accordingly )


Download File

Installing Stand Alone Root CA Server 2012

Cannot Rename Computer Name or Unjoin Computer – Certificate Services 2012


Careful consideration should be made before installing Certificate Services on the Windows Server 2012. A proper CA hierarchy should be design along with Naming standards, CA names cannot be more than 64 characters in length. Naming convention rules which applied to Server 2008 R2 still holds good for Server 2012 such as



a) Names cannot contain special characters

b) Chinese / Arabic … supports 37 character long

c) Server Name becomes the Common Name for CA .

d) CN of the certificate should not be configured with FQDN

e) After installation of Certificate Services on Server 2012, Administrators cannot change the Server name or Unjoin the computer from domain. the only way to change the server name / unjoin from domain is to uninstall the Certificate Services.





To Unjoin / Change Computer Name:

1) On CA Server  Navigate to Server Manager

2) Click Manage option located at top right corner of Server Manager , select Remove Roles and Features

3) Select CA Server from Server Pool and on Server Roles window, Uncheck Active Directory Certificate Service and click Remove Features

4) Restart the CA Server and administrators now will be able to Rename and Unjoin activities.