Here are the key features of a read-only domain controller (RODC):
- Stores a read-only copy of the Active Directory database
- Provides authentication services for domain users and computers
- Caches user passwords and credentials to enable offline logons
- Supports delegation of administrative permissions to local administrators
- Enhances security by preventing direct database writes from untrusted networks
- Reduces costs by deploying lightweight domain controllers in branch offices
BETA COURSEWARE. EXPIRES 4/11/2008
Implementing Active Directory® Domain Services 1-17
RODC Password Replication Policy
Key Points
The RODC password replication policy determines which user passwords are
cached on the
This document provides an overview of a training module that introduces managing a Windows Server 2008 environment. It covers server roles, Active Directory, and administrative tools for Windows Server 2008. The module contains 4 lessons that discuss server roles, an overview of Active Directory including domains and forests, Windows Server 2008 administrative tools, and using Remote Desktop for administration. It concludes with a lab on administering Windows Server 2008.
This document provides an overview of administering Active Directory using snap-ins and the Microsoft Management Console. It describes the major Active Directory snap-ins, how to locate them, and how to perform basic administration tasks like creating and modifying objects using the Active Directory Users and Computers snap-in. It also covers installing the Remote Server Administration Tools to administer Active Directory from non-domain controllers.
This document introduces Active Directory Domain Services (AD DS) and discusses key concepts related to identity and access management. It explains that AD DS provides identity and access solutions for enterprises by storing user and system identity information, authenticating identities, and authorizing access to resources. The document outlines the authentication process and how access tokens and security descriptors are used to determine authorization. It positions Active Directory as centralizing the identity store to create a trusted domain model that solves management issues in a workgroup configuration.
This document provides an overview of Active Directory design and security concepts in Windows Server 2008. It discusses organizing users and computers into organizational units and how to delegate control to other users. The document also covers forests, trees, domains and the components of an Active Directory site, including domain controllers and replication. It provides information on permissions, access control lists, and inheritance as they relate to Active Directory security.
Active Directory is a database that stores information about a network's users, computers, groups, and other network resources. It allows for centralized management of these resources.
A domain controller is a server that responds to authentication requests on the Windows domain. It authenticates users' credentials when they log into the domain network.
Lightweight Directory Access Protocol (LDAP) is an open standard protocol that Active Directory supports to make user and resource information widely accessible for management and querying across the network.
This document contains training notes for the MCITP Windows Server 2008 Active Directory 70-640 exam. It covers several topics in multiple lectures, including:
- The basics of Active Directory, domains, forests, and domain controllers
- Installing Active Directory on two domain controllers and configuring replication
- Remote desktop configuration on client and server sides
- Active Directory objects like users, groups, and organizational units and how to create them
The notes provide information on key Active Directory concepts and step-by-step instructions for common administrative tasks to help prepare for the 70-640 exam.
This document provides an overview of Windows Server 2008. It describes the editions of Windows Server 2008, including Standard, Enterprise, and Datacenter editions. It explains how to install the Enterprise edition, covering the system requirements and 5 step installation process. It introduces Server Manager, the new console for managing server roles and features. It describes key server roles like Active Directory Domain Services, DHCP Server, and DNS Server. It also outlines some protection and security tools available in Windows Server 2008 like BitLocker, EFS, and NAP. Finally, it lists some command line tools that can be used to manage roles, features, and tasks.
Releasing this document for generic access which was previously released to certain companies. This document focuses deployment for the Active Directory within a 2000 user-based organization with the messaging services; including the monitoring and configuration management services with System Center Components.
This document provides an overview of a training module that introduces managing a Windows Server 2008 environment. It covers server roles, Active Directory, and administrative tools for Windows Server 2008. The module contains 4 lessons that discuss server roles, an overview of Active Directory including domains and forests, Windows Server 2008 administrative tools, and using Remote Desktop for administration. It concludes with a lab on administering Windows Server 2008.
This document provides an overview of administering Active Directory using snap-ins and the Microsoft Management Console. It describes the major Active Directory snap-ins, how to locate them, and how to perform basic administration tasks like creating and modifying objects using the Active Directory Users and Computers snap-in. It also covers installing the Remote Server Administration Tools to administer Active Directory from non-domain controllers.
This document introduces Active Directory Domain Services (AD DS) and discusses key concepts related to identity and access management. It explains that AD DS provides identity and access solutions for enterprises by storing user and system identity information, authenticating identities, and authorizing access to resources. The document outlines the authentication process and how access tokens and security descriptors are used to determine authorization. It positions Active Directory as centralizing the identity store to create a trusted domain model that solves management issues in a workgroup configuration.
This document provides an overview of Active Directory design and security concepts in Windows Server 2008. It discusses organizing users and computers into organizational units and how to delegate control to other users. The document also covers forests, trees, domains and the components of an Active Directory site, including domain controllers and replication. It provides information on permissions, access control lists, and inheritance as they relate to Active Directory security.
Active Directory is a database that stores information about a network's users, computers, groups, and other network resources. It allows for centralized management of these resources.
A domain controller is a server that responds to authentication requests on the Windows domain. It authenticates users' credentials when they log into the domain network.
Lightweight Directory Access Protocol (LDAP) is an open standard protocol that Active Directory supports to make user and resource information widely accessible for management and querying across the network.
This document contains training notes for the MCITP Windows Server 2008 Active Directory 70-640 exam. It covers several topics in multiple lectures, including:
- The basics of Active Directory, domains, forests, and domain controllers
- Installing Active Directory on two domain controllers and configuring replication
- Remote desktop configuration on client and server sides
- Active Directory objects like users, groups, and organizational units and how to create them
The notes provide information on key Active Directory concepts and step-by-step instructions for common administrative tasks to help prepare for the 70-640 exam.
This document provides an overview of Windows Server 2008. It describes the editions of Windows Server 2008, including Standard, Enterprise, and Datacenter editions. It explains how to install the Enterprise edition, covering the system requirements and 5 step installation process. It introduces Server Manager, the new console for managing server roles and features. It describes key server roles like Active Directory Domain Services, DHCP Server, and DNS Server. It also outlines some protection and security tools available in Windows Server 2008 like BitLocker, EFS, and NAP. Finally, it lists some command line tools that can be used to manage roles, features, and tasks.
Releasing this document for generic access which was previously released to certain companies. This document focuses deployment for the Active Directory within a 2000 user-based organization with the messaging services; including the monitoring and configuration management services with System Center Components.
เอกสาร แนวทาง การอินติเกรท Mac OS X เข้ากับ ระบบ Active Directory อย่างไร Bes...Tũi Wichets
เอกสาร แนวทาง การเชื่อมโยง Mac OS X เข้ากับระบบ Active Directory อย่างไร
Best Practices How to Integrating Mac OS X with Active Directory Technical White Paper
Windows Server 2008 Active Directory Guidewebhostingguy
This document provides guidance for planning and designing an Active Directory infrastructure in Windows Server 2008. It outlines key decisions regarding the forest, domains, organizational units, domain controllers, sites and replication. The guidance aims to clarify the planning process and relate design options to business needs and technical considerations like performance, scalability and security.
The document provides an overview of Active Directory Domain Services (ADDS). It discusses the key components and concepts of ADDS including physical/logical blocks, folders created during installation, protocols used, partitions, forest/tree/domain structure, objects, replication, roles, trusts, and the process for installing and configuring ADDS. The installation process involves adding the AD DS role, selecting features, promoting the server, and configuring options including DNS, database paths, and sysvol folder.
Windows Server 2008 (Active Directory Yenilikleri)ÇözümPARK
- Windows Server 2008 includes several new features for Active Directory including Read-Only Domain Controllers (RODC), fine-grained password policies, enhanced auditing capabilities, and restartable AD DS.
- RODCs allow read-only domain controllers in branch offices for authentication without replicating passwords or making changes to the domain.
- Fine-grained password policies allow different password settings to be applied to different groups of users.
- Auditing capabilities provide more detailed auditing of directory service changes.
Windows Server 2008 Active Directory ComponentsTũi Wichets
Active Directory Lightweight Directory Services (AD LDS) provides directory services for directory-enabled applications without requiring Active Directory domains or forests. Active Directory Federation Services (AD FS) enables single sign-on for authenticating users to access multiple web applications. Active Directory Rights Management Services (AD RMS) protects digital information from unauthorized use both online and offline within and outside an organization using AD RMS-enabled applications.
This document provides an overview of user and group account types and management in Active Directory. It discusses the three types of user accounts - local, domain, and built-in - and explains how domain accounts are stored centrally and replicated across domains. It also outlines the different types of groups - security, distribution, domain local, global, and universal - and how they can be nested to simplify permission assignments using the AGUDLP strategy. Finally, it lists several methods for automating user and group creation in Active Directory.
Active Directory Introduction
Active Directory Basics
Components of Active Directory
Active Directory hierarchical structure.
Active Directory Database.
Flexible Single Master Operations (FSMO)Role
Active Directory Services.
Some useful Tool
The document provides information about fundamentals of Windows Server 2008-R2 including chapters on installation of Server 2008, planning storage solutions, Active Directory, creating users and groups, FSMO roles, DHCP server, and child domain controllers. The key points discussed are the minimum hardware requirements for Server 2008, different storage technologies and RAID levels, components of Active Directory like objects and domains, commands for creating users and groups, roles of FSMO components, advantages of additional domain controllers, and concepts related to DHCP servers like scopes, address pools, and reservations.
Active Directory is Microsoft's directory service that allows centralized management of user access and policies. It provides a single location for user information and authentication. Using Active Directory provides benefits such as simpler administration, security, scalability, and standardization. Active Directory can integrate with other Microsoft services like Exchange, SharePoint, and Lync to enable single sign-on and easy profile management across services. Windows Server Active Directory also supports identity and access management in the cloud and hybrid environments through integration with Azure Active Directory. It allows extending on-premises Active Directory to the cloud and provides single sign-on for cloud applications.
Active Directory requires DNS to be installed and configured properly. The Active Directory Installation Wizard guides administrators through installing a new forest, domain, or child domain. Post-installation tasks include verifying DNS records and zones are created correctly and aging and scavenging are configured. Trust relationships allow communication between domains and forests and can be established manually as shortcut, external, cross-forest, or realm trusts.
This document provides an overview of server management in Windows Server 2008, including primary management tools, initial configuration tasks, alternative management tools, and technical background information. It discusses tools like Server Manager Console, Windows PowerShell, and Remote Management. It also covers managing Server Core installations, centralized application access with Terminal Services, and using a Terminal Services Gateway.
This document provides an overview of file systems, permissions, and sharing in Windows Server 2008. It describes the FAT and NTFS file systems, features like disk quotas and shadow copies in NTFS, and how to secure access to files using share and NTFS permissions. It also covers configuring and managing file sharing, default shares, and storage management tools.
Active Directory is a directory service that uses a "tree" concept to manage network resources and services like users, printers, servers, databases, groups, computers, and security policies. It identifies resources on a network and makes them accessible. Active Directory requires DNS for name resolution and uses domain controllers, domain and forest functional levels, trusts, and the schema to define its structure and functionality.
This course is designed for IT professionals who need training on Microsoft Windows 2003 and 2008 networks in order to obtain certifications like MCITP and MCTS. It will cover topics like Active Directory, DNS, DHCP, IIS and other server technologies. Students will learn how to design, implement and support Windows networks through lectures from experienced engineers and hands-on labs and demos.
The document discusses Active Directory Domain Services (AD DS) and identity management. It introduces Active Directory components like domains, forests, domain controllers, organizational units and sites. It describes how Active Directory stores identity information and enables authentication, authorization and access control. It also discusses Active Directory replication and functional levels.
This document discusses various Group Policy settings in Windows Server 2008 including account policies, password policies, audit policies, folder redirection, offline files, disk quotas, and group policy refresh settings. It provides details on configuring fine-grained password policies, local security policies, and audit policy settings. Folder redirection and offline files are complementary settings that allow access to network files when offline. Disk quotas limit user storage amounts. Group policies refresh periodically and can be forced to refresh immediately.
This document provides guidance on designing the logical structure of Active Directory. It discusses designing forests, domains, and organizational units (OUs) to simplify management, optimize performance, and delegate administration appropriately. The key steps are:
1. Identify project teams and assign roles like executive sponsor, architect and manager.
2. Design forests based on autonomy and isolation needs. Common models are organizational, resource and restricted access forests.
3. Design domains considering models like single or regional domains.
4. Integrate Active Directory with the existing DNS infrastructure.
5. Design OUs to delegate control over resources to appropriate administrators.
Creating a naming standards document will help plan a consistent Active Directory environment that is easier to manage. Securing user accounts involves implementing a strong password policy and potentially introducing smart cards. Administrative tasks should be performed using standard user accounts and Run as administrator to elevate privileges temporarily. The OU structure should reflect business needs and allow delegation of administration. Permissions can be delegated using the Delegation of Control Wizard and verified or removed in object properties. Moving objects between OUs and containers within a domain uses the Move menu, drag-and-drop, or dsmove command.
The document discusses the key components and structures of Active Directory, including partitions, domains, sites, domain controllers, functional levels, and roles. It describes the schema, configuration, and domain partitions that make up the Active Directory database. It also explains trust relationships, trees, and forests in an Active Directory implementation.
Windows Server 2012 Managing Active Directory DomainNapoleon NV
This document provides an overview of a Microsoft course module on managing Active Directory Domain Services objects. It covers topics like managing user accounts, group accounts, and computer accounts. It also discusses delegating administration and tools for managing AD DS objects like Active Directory Users and Computers. Demonstrations are provided on managing user accounts, groups, and delegating administrative control. Exercises in the lab section involve delegating administration for a branch office, creating and configuring user accounts, and managing computer objects in AD DS.
步驟一、註冊biubon帳號
Step 1, registration biubon account
步驟二、進入行動網站,進行樣版修改
Step 2, into the mobile website for templates to modify
步驟三、行動網站名稱及選擇樣版
Step 3, mobile website template name and select
步驟四、新增或修改模組功能
Step 4, add or modify the module function
步驟五、詳細設定(以基本幻燈片模組為例)
Step 5, detailed settings (for example the basic slide module)
步驟六、儲存並產生QR CODE
Step 6, save and generate QR CODE
步驟七、下載Yes!biubon 我的行動最愛+
Step 7, download Yes! Biubon my favorite+
步驟八、立即登入biubon帳號
Step 8, login biubon account now
This document provides a summary of common Unix commands organized into the following sections: files, file manipulation, directories, processes, users, managing files, printing, and miscellaneous commands. It lists commands and provides a brief description and syntax for each. The document also covers topics like I/O redirection, pipes, grep searching, C-shell features, variables, job control, and control keys.
เอกสาร แนวทาง การอินติเกรท Mac OS X เข้ากับ ระบบ Active Directory อย่างไร Bes...Tũi Wichets
เอกสาร แนวทาง การเชื่อมโยง Mac OS X เข้ากับระบบ Active Directory อย่างไร
Best Practices How to Integrating Mac OS X with Active Directory Technical White Paper
Windows Server 2008 Active Directory Guidewebhostingguy
This document provides guidance for planning and designing an Active Directory infrastructure in Windows Server 2008. It outlines key decisions regarding the forest, domains, organizational units, domain controllers, sites and replication. The guidance aims to clarify the planning process and relate design options to business needs and technical considerations like performance, scalability and security.
The document provides an overview of Active Directory Domain Services (ADDS). It discusses the key components and concepts of ADDS including physical/logical blocks, folders created during installation, protocols used, partitions, forest/tree/domain structure, objects, replication, roles, trusts, and the process for installing and configuring ADDS. The installation process involves adding the AD DS role, selecting features, promoting the server, and configuring options including DNS, database paths, and sysvol folder.
Windows Server 2008 (Active Directory Yenilikleri)ÇözümPARK
- Windows Server 2008 includes several new features for Active Directory including Read-Only Domain Controllers (RODC), fine-grained password policies, enhanced auditing capabilities, and restartable AD DS.
- RODCs allow read-only domain controllers in branch offices for authentication without replicating passwords or making changes to the domain.
- Fine-grained password policies allow different password settings to be applied to different groups of users.
- Auditing capabilities provide more detailed auditing of directory service changes.
Windows Server 2008 Active Directory ComponentsTũi Wichets
Active Directory Lightweight Directory Services (AD LDS) provides directory services for directory-enabled applications without requiring Active Directory domains or forests. Active Directory Federation Services (AD FS) enables single sign-on for authenticating users to access multiple web applications. Active Directory Rights Management Services (AD RMS) protects digital information from unauthorized use both online and offline within and outside an organization using AD RMS-enabled applications.
This document provides an overview of user and group account types and management in Active Directory. It discusses the three types of user accounts - local, domain, and built-in - and explains how domain accounts are stored centrally and replicated across domains. It also outlines the different types of groups - security, distribution, domain local, global, and universal - and how they can be nested to simplify permission assignments using the AGUDLP strategy. Finally, it lists several methods for automating user and group creation in Active Directory.
Active Directory Introduction
Active Directory Basics
Components of Active Directory
Active Directory hierarchical structure.
Active Directory Database.
Flexible Single Master Operations (FSMO)Role
Active Directory Services.
Some useful Tool
The document provides information about fundamentals of Windows Server 2008-R2 including chapters on installation of Server 2008, planning storage solutions, Active Directory, creating users and groups, FSMO roles, DHCP server, and child domain controllers. The key points discussed are the minimum hardware requirements for Server 2008, different storage technologies and RAID levels, components of Active Directory like objects and domains, commands for creating users and groups, roles of FSMO components, advantages of additional domain controllers, and concepts related to DHCP servers like scopes, address pools, and reservations.
Active Directory is Microsoft's directory service that allows centralized management of user access and policies. It provides a single location for user information and authentication. Using Active Directory provides benefits such as simpler administration, security, scalability, and standardization. Active Directory can integrate with other Microsoft services like Exchange, SharePoint, and Lync to enable single sign-on and easy profile management across services. Windows Server Active Directory also supports identity and access management in the cloud and hybrid environments through integration with Azure Active Directory. It allows extending on-premises Active Directory to the cloud and provides single sign-on for cloud applications.
Active Directory requires DNS to be installed and configured properly. The Active Directory Installation Wizard guides administrators through installing a new forest, domain, or child domain. Post-installation tasks include verifying DNS records and zones are created correctly and aging and scavenging are configured. Trust relationships allow communication between domains and forests and can be established manually as shortcut, external, cross-forest, or realm trusts.
This document provides an overview of server management in Windows Server 2008, including primary management tools, initial configuration tasks, alternative management tools, and technical background information. It discusses tools like Server Manager Console, Windows PowerShell, and Remote Management. It also covers managing Server Core installations, centralized application access with Terminal Services, and using a Terminal Services Gateway.
This document provides an overview of file systems, permissions, and sharing in Windows Server 2008. It describes the FAT and NTFS file systems, features like disk quotas and shadow copies in NTFS, and how to secure access to files using share and NTFS permissions. It also covers configuring and managing file sharing, default shares, and storage management tools.
Active Directory is a directory service that uses a "tree" concept to manage network resources and services like users, printers, servers, databases, groups, computers, and security policies. It identifies resources on a network and makes them accessible. Active Directory requires DNS for name resolution and uses domain controllers, domain and forest functional levels, trusts, and the schema to define its structure and functionality.
This course is designed for IT professionals who need training on Microsoft Windows 2003 and 2008 networks in order to obtain certifications like MCITP and MCTS. It will cover topics like Active Directory, DNS, DHCP, IIS and other server technologies. Students will learn how to design, implement and support Windows networks through lectures from experienced engineers and hands-on labs and demos.
The document discusses Active Directory Domain Services (AD DS) and identity management. It introduces Active Directory components like domains, forests, domain controllers, organizational units and sites. It describes how Active Directory stores identity information and enables authentication, authorization and access control. It also discusses Active Directory replication and functional levels.
This document discusses various Group Policy settings in Windows Server 2008 including account policies, password policies, audit policies, folder redirection, offline files, disk quotas, and group policy refresh settings. It provides details on configuring fine-grained password policies, local security policies, and audit policy settings. Folder redirection and offline files are complementary settings that allow access to network files when offline. Disk quotas limit user storage amounts. Group policies refresh periodically and can be forced to refresh immediately.
This document provides guidance on designing the logical structure of Active Directory. It discusses designing forests, domains, and organizational units (OUs) to simplify management, optimize performance, and delegate administration appropriately. The key steps are:
1. Identify project teams and assign roles like executive sponsor, architect and manager.
2. Design forests based on autonomy and isolation needs. Common models are organizational, resource and restricted access forests.
3. Design domains considering models like single or regional domains.
4. Integrate Active Directory with the existing DNS infrastructure.
5. Design OUs to delegate control over resources to appropriate administrators.
Creating a naming standards document will help plan a consistent Active Directory environment that is easier to manage. Securing user accounts involves implementing a strong password policy and potentially introducing smart cards. Administrative tasks should be performed using standard user accounts and Run as administrator to elevate privileges temporarily. The OU structure should reflect business needs and allow delegation of administration. Permissions can be delegated using the Delegation of Control Wizard and verified or removed in object properties. Moving objects between OUs and containers within a domain uses the Move menu, drag-and-drop, or dsmove command.
The document discusses the key components and structures of Active Directory, including partitions, domains, sites, domain controllers, functional levels, and roles. It describes the schema, configuration, and domain partitions that make up the Active Directory database. It also explains trust relationships, trees, and forests in an Active Directory implementation.
Windows Server 2012 Managing Active Directory DomainNapoleon NV
This document provides an overview of a Microsoft course module on managing Active Directory Domain Services objects. It covers topics like managing user accounts, group accounts, and computer accounts. It also discusses delegating administration and tools for managing AD DS objects like Active Directory Users and Computers. Demonstrations are provided on managing user accounts, groups, and delegating administrative control. Exercises in the lab section involve delegating administration for a branch office, creating and configuring user accounts, and managing computer objects in AD DS.
步驟一、註冊biubon帳號
Step 1, registration biubon account
步驟二、進入行動網站,進行樣版修改
Step 2, into the mobile website for templates to modify
步驟三、行動網站名稱及選擇樣版
Step 3, mobile website template name and select
步驟四、新增或修改模組功能
Step 4, add or modify the module function
步驟五、詳細設定(以基本幻燈片模組為例)
Step 5, detailed settings (for example the basic slide module)
步驟六、儲存並產生QR CODE
Step 6, save and generate QR CODE
步驟七、下載Yes!biubon 我的行動最愛+
Step 7, download Yes! Biubon my favorite+
步驟八、立即登入biubon帳號
Step 8, login biubon account now
This document provides a summary of common Unix commands organized into the following sections: files, file manipulation, directories, processes, users, managing files, printing, and miscellaneous commands. It lists commands and provides a brief description and syntax for each. The document also covers topics like I/O redirection, pipes, grep searching, C-shell features, variables, job control, and control keys.
6419 a configuring, managing and maintaining windows server 2008 serversbestip
This 5-day instructor-led course teaches students how to configure, manage, and maintain Windows Server 2008 servers. The course combines lessons from other Windows Server 2008 courses and covers administrative tools, Active Directory, Group Policy, security, storage, and backup/recovery. At the end of the course students will be able to perform tasks like configure user and computer accounts, manage access permissions, configure Group Policy, implement security policies, and monitor and maintain Windows servers. The course consists of 9 modules that cover these topics through lessons and hands-on labs.
Here we are trying to develop, discuss, and evaluate object-oriented model of Dhaka university library system that, will handle:
The bookkeeping aspects of a library.
Administration system of the library.
User browsing facilities and circulating.
Acquisition of books, manuscript, journals.
This document provides an overview of sharing files in Windows 7. It discusses networking basics, sharing folders, enabling file and printer sharing. It also covers managing permissions for shared files and folders using NTFS and encrypting files and drives using EFS and BitLocker. The document includes demonstrations for configuring sharing settings, encrypting files with EFS, and encrypting drives with BitLocker. It aims to teach users how to share data with others on a network and manage permissions and encryption for files and folders in Windows 7.
This document discusses file and folder management in Windows XP. It covers topics such as file types, attributes, permissions, sharing folders, offline files, and synchronization. NTFS permissions and shared folder permissions are combined, with the most restrictive set of permissions determining a user's effective access. Offline files allow access to shared network resources even when offline, and synchronize changes automatically or through a synchronization manager. The chapter also discusses file compression, encryption, disk quotas and troubleshooting common folder and file issues.
This document discusses configuring and managing permissions in the NTFS file system. It defines key terms like access control lists (ACLs), access control entries (ACEs), and security identifiers (SIDs). It describes how NTFS permissions work, including how they are stored, inherited, and how effective permissions are determined. It also provides examples of using CACLS.exe to view and modify permissions and discusses best practices for planning and assigning NTFS permissions.
This document discusses managing user accounts and security policies in Windows XP. It explains how to create and modify local user accounts and groups. It also covers configuring security settings through local security policy, including password policy, account lockout policy, auditing settings, and assigning user rights. Roaming user profiles that synchronize across multiple computers are also described. Troubleshooting common password and logon issues is addressed.
IT109 Microsoft Windows 7 Operating Systems Unit 01blusmurfydot1
IT109 is an introductory course on desktop operating systems that has replaced IT103 and switched its focus from Windows XP to Windows 7. It is a required course for associates degrees in information technology. The course covers operating system concepts over the first two weeks and introduces topics like hardware, software, memory and storage management, interrupts, and the structure of common operating systems. It examines open source operating systems like Linux and explores components of modern computer systems like multi-core processors and computer clusters.
IT109 Microsoft Operating Systems Unit 05 lesson 06blusmurfydot1
This document discusses managing permissions in Windows and configuring printing. It covers NTFS and share permissions, the Windows permission architecture including ACLs and ACEs, and standard and special NTFS permissions. It also discusses sharing files and folders using Homegroups, public folders, and any folder sharing. The document concludes with an overview of the Windows printing architecture including adding local and shared printers.
This document provides an overview of Active Directory Domain Services (AD DS) and instructions for installing domain controllers. It covers the following key points:
- AD DS has both logical components like domains, forests and organizational units, as well as physical components like domain controllers and global catalog servers.
- A domain controller authenticates users, authorizes access, and holds a copy of the domain database. At least two domain controllers are recommended for availability.
- Domain controllers use Kerberos authentication and the global catalog stores partial attributes for objects across forests to enable cross-forest queries.
- Installing a domain controller can be done from Server Manager, on Server Core, by upgrading an existing controller, or using install
The document provides an overview of new features and roles in Windows Server 2008 and 2008 R2 compared to Windows Server 2003. Some key points:
- Windows Server 2008 introduced virtualization capabilities like Hyper-V and new roles like Read-Only Domain Controllers (RODC) to improve security.
- Server Core installation provides a minimal environment optimized for specific server roles like DNS or file services to reduce maintenance and attacks.
- New features in 2008 R2 include Active Directory Recycle Bin, PowerShell 2.0, and administrative tools.
- RODCs allow domain controllers to be deployed in less secure locations read-only, improving authentication speeds and access to resources from branches.
Active Directory is a directory service that stores information about users, groups, and computers on a network. Domain controllers host Active Directory and perform identity and access management. Administrators can create and manage user accounts locally or through a centralized Active Directory. User accounts must be properly planned, created, maintained, and secured to manage network access.
This two-day training workshop will cover Active Directory Domain Services (AD DS) in Windows Server 2012. It will provide an introduction to AD DS and its importance. Attendees will learn how to deploy, configure, manage and maintain an AD DS environment, including managing user and service accounts, implementing Group Policy infrastructure, and configuring sites and replication. Hands-on labs are included to reinforce the topics. The training is suitable for all IT personnel working with Windows Server 2012.
This document provides an overview of a Microsoft course on implementing distributed Active Directory Domain Services deployments. It covers:
- Deploying multiple domains and forests to meet organizational needs like security isolation, incompatible schemas, or multinational requirements.
- Configuring trusts between domains and forests, including transitive parent-child trusts within a forest and selective two-way trusts between forests.
- Upgrading existing AD DS environments to Windows Server 2012 R2 through in-place upgrades or introducing new domain controllers.
- Migrating user and group accounts between forests while maintaining access through SID history during inter-forest migrations.
The document includes demonstrations and exercises on implementing child domains, configuring forest
Upgrading from WinS 2008/2008 R2 to WinS 2012iTawy Community
- Why Upgrade to Windows Server 2012?
- Operating System Hardware and Disk Space Requirements
- Supported Windows Clients and Servers
- Supported In-Place Upgrade Paths
- Functional Levels, Operation Master Roles, Active Directory Considerations
- Migration Tools for Windows Server 2012
- Hyper-V and Virtual Machines Considerations
- Summary
Technical Report_Sercer 2012 R2 - Adeeb RajaAdeeb Raja
This technical training report provides guidance on installing and configuring Windows Server 2012 R2. It discusses the key features of Windows Server 2012 R2 including the installation options, user interface, Task Manager, IP Address Management, Active Directory, Hyper-V, ReFS, and IIS 8.0. It then covers installing Windows Server 2012 R2, configuring the local server, adding roles and features, managing Active Directory users and computers, and configuring Group Policy management. The report also provides information on using Hyper-V including virtual hard disks, storage quality of service, live migrations, and creating virtual machines. Finally, it discusses domain joining Windows 7 Ultimate to an Active Directory domain.
Reply 1 neededThere are a couple of options available when upg.docxsodhi3
Reply 1 needed
There are a couple of options available when upgrading from Server 2008 (R2) to Server 2012. The first and easiest option is a clean install. In this option, data must first be backed up as this will delete the previous OS and install the new version. The second option is a standard upgrade. This option preserves all the server roles currently in place as well as the hardware being used. (Microsoft, n.d).
Some limitations to consider when upgrading are as follows:
-Windows Server 2012 only supports 64-bit hardware
-Upgrade from one language to another is not supported
-Upgrading to certain editions are dependent on the previous OS you are running.
-Some roles that are previously installed may not work properly and may need additional upgrades.
I would recommend a clean install to avoid any issues that may develop during or after an in-place upgrade. I think that it would be more difficult to troubleshoot a standard upgrade failure than a clean install. Clean install may also alleviate the issues of previous application not working properly and may solve any current issues the server maybe experiencing.
Reference:
Microsoft. (n.d). Windows Server Installation and Upgrade. Retrieved from:
https://technet.microsoft.com/en-us/windowsserver/dn527667.aspx
Reply 2 needed
Server Core is good for a very large enterprise environment. In this kind of environment, where hundreds of servers are employed, it is not ideal for the administrator to go to the individual server and manage them locally. Most of these configurations would be run through scripts and remote administrator tools, therefore, server core should be utilized.
Some roles that I would install are active directory which handles network management of users data and security. Another would be Hyper-V which consolidates multiple servers into one single system. Other roles that could be used with server core includes DNS, DHCP, File Services, Print Services, Streaming Media Services, Web Server. (Microsoft, n.d).
There are several advantages of using Server Core. One advantage would be security. Since server core has less services running on it, there are fewer possible of malicious attacks. It has greater stability since it requires less processes and services fewer things can go wrong. It also has a smaller footprint and requires fewer resources such as RAM as compared to using a full GUI. The disadvantages of Server Core is it has a steep learning curve and is limited to nine server roles
Reference:
Microsoft. (n.d). Why is Server Core Useful? Retrieved from: https://msdn.microsoft.com/en-us/library/dd184076.aspx
Reply 1 needed
When migrating from Windows Server 2008 to Windows Server 2012, the system requirements remain unchanged. Some features such as virtual domain controller cloning require that the PDC emulator run Windows Server 2012 and a computer running Windows Server 2012 with the Hyper-V role installed. Here are some big issues to keep in mind ...
Active Directory Domain Services (AD DS) is an identity and access management solution that stores information about users and groups, authenticates identities using Kerberos authentication, and controls access. It consists of an Active Directory data store, domain controllers that perform authentication and other services, domains, forests, trees, and functional levels. Installing AD DS requires permissions, network configuration, server requirements, and following the installation process which can be done in advanced mode or from installation media. Domain controller roles include global catalog servers and operations masters, and time synchronization is provided by the PDC emulator and Windows Time service.
Installation and Adminstration of AD_MVP PadmanQuek Lilian
This document provides an overview of new features and enhancements to Active Directory Domain Services in Windows Server 2008 R2. It discusses the new Active Directory Administrative Center and Windows PowerShell module for automating AD tasks. New features like the AD Recycle Bin, Best Practices Analyzer, offline domain join, and managed service accounts are demonstrated. The presentation aims to help administrators use and implement the improved management capabilities in Windows Server 2008 R2 AD DS.
The document describes new features in Active Directory for Windows Server 2008 R2, including PowerShell cmdlets for administration, the Active Directory Administrative Center, Best Practice Analyzer, the Recycle Bin, Managed Service Accounts, Offline Domain Join, Authentication Assurance, health monitoring and management packs. It provides details on each feature and how they improve on limitations of past implementations.
This document discusses upgrading an existing Active Directory environment from Windows Server 2003 to Windows Server 2008 R2, including new features in Windows Server 2008 R2, server version requirements, installation options, recommended upgrade scenarios to address, and considerations for time configuration, network ports, Kerberos encryption changes, and other known issues.
Windows Server Infrastructure Upgrade and Redesign at ELearning. .docxadolphoyonker
Windows Server Infrastructure Upgrade and Redesign at ELearning.
Overview
ELearning is an educational software developer that provides software and cloud computing solutions to private and public educational institutions throughout North America and Europe. The organization currently has four major offices located in Vienna, Virginia, San Jose, California and Dublin, Ireland. A sales team of more than a hundred work across the United States and Europe, primarily from their own homes. ELearning has experienced a combination of growth and disaster in the last 3 years and plans to add an additional 130+ employees, including opening a new office in Austin Texas in the next 6 months. To meet these growth challenges, ELearning is in the process of upgrading the network environment from the current ad hoc design, comprised of Windows 2003, 2008 and *NIX systems, to Windows 2012 R2 Active Directory. Steps have already been taken to improve the network infrastructure. The Vienna Virginia location has replaced all 2008 Domain Controllers with Windows 2012 Servers. However, the San Jose and Dublin locations are still running a single Windows 2008 Domain Controller at each site. Currently all server and workstation IP addresses are statically assigned. DNS is hosted on an older generation UNIX server that has been hacked several times due to faulty security. Remote users currently connect via VPN, which has caused numerous security incidents due to missing antivirus software, outdated AV signatures and missing OS patches on workstations and laptops.
Although the Austin location has not officially opened there are six users currently deployed to that location. There are currently no domain controllers or qualified personal to support them at this location. This site needs to be incorporated into the ELearning Active Directory ASAP. Austin users must be able to authenticate and access ELearning Active Directory services. ELearning has recently acquired another company EduTech Inc. The existing EduTech Active Directory Domain needs to be integrated into the existing ELearning Active Directory forest. The ELearning data center is located at the Vienna and Dublin locations. This is where ELearning hosts and maintains its cloud computing services. Due to increased demand for its cloud services ELearning has experienced difficulty getting servers and services deployed in time due to the lack of an efficient and cost-effective deployment process. The current Active Directory is a single domain. It is up to you finish the network design and improve the server infrastructure.
Current Physical Locations
Current Logical Design
Required Proposal Responses
Executive Overview – Provide an executive overview for Infrastructure proposal. How will your proposal help ELearning? What are the key aspects of your design? Why should ELearning select your proposal over your competitors’ proposals?
Develop a Windows Deployment Design and plan an automated clie.
This document provides an overview of a Microsoft Official Course on deploying and managing Windows Server 2012. The course contains 5 lessons: 1) an overview of Windows Server 2012, 2) installing Windows Server 2012, 3) post-installation configuration, 4) Windows Server 2012 management, and 5) an introduction to Windows PowerShell. It describes the objectives and topics that will be covered in each lesson, including Windows Server editions, roles, features, installation methods, domain joining, and using Windows PowerShell for administration.
This document provides an overview of Module 4 which covers implementing distributed Active Directory Domain Services deployments. It includes 3 lessons: an overview of distributed AD DS deployments; deploying a distributed AD DS environment; and configuring AD DS trusts. The lessons discuss topics such as AD DS components, domain and forest boundaries, reasons for multiple domains/forests, integrating on-premises AD DS with cloud services, upgrading and migrating AD DS, and configuring different types of trusts within and between forests.
Windows Server Infrastructure Upgrade and Redesign at ELearningrosacrosdale
Windows Server Infrastructure Upgrade and Redesign at ELearning
Overview
ELearning is an educational software developer that provides software and cloud computing solutions to private and public educational institutions throughout North America and Europe. The organization currently has three major offices located in Vienna, Virginia; San Jose, California; and Dublin, Ireland. A sales team of more than a hundred work across the United States and Europe, primarily from their own homes. ELearning has experienced a combination of growth and disaster in the last 3 years and plans to add an additional 130+ employees, including opening a new office in Austin, Texas in the next 6 months. To meet these growth challenges, ELearning is in the process of upgrading the network environment from the current ad hoc design, comprised of Windows 2003, 2008 and *NIX systems, to Windows 2012 R2 Active Directory. Steps have already been taken to improve the network infrastructure. The Vienna, Virginia location has replaced all 2008 Domain Controllers with Windows 2012 Servers. However, the San Jose and Dublin locations are still running a single Windows 2008 Domain Controller at each site. Currently all server and workstation IP addresses are statically assigned. DNS is hosted on an older generation UNIX server that has been hacked several times due to faulty security. Remote users currently connect via VPN, which has caused numerous security incidents due to missing antivirus software, outdated AV signatures and missing OS patches on workstations and laptops.
Although the Austin location has not officially opened, there are six users currently deployed to that location. There are currently no domain controllers or qualified personal to support them at this location. This site needs to be incorporated into the ELearning Active Directory as soon as possible. Austin users must be able to authenticate and access ELearning Active Directory services. ELearning has recently acquired another company EduTech, Inc. The existing EduTech Active Directory Domain needs to be integrated into the existing ELearning Active Directory forest. The ELearning data center is located at the Vienna and Dublin locations. This is where ELearning hosts and maintains its cloud computing services. Since there increased demand for its cloud services ELearning has experienced difficulty getting servers and services deployed in time due to the lack of an efficient and cost-effective deployment process. The current Active Directory is a single domain. It is up to you finish the network design and improve the server infrastructure.
Current Physical Locations
Current Logical Design
Required Proposal Responses
Executive Overview – Provide an executive overview for your Infrastructure proposal. How will your proposal help ELearning? What are the key aspects of your design? Why should ELearning select your proposal over your competitors’ proposals?
Develop a Windows Deployment Design a ...
This document provides an overview of the topics that will be covered in a two-day Microsoft Virtual Academy course on installing and configuring Windows Server 2012. Day one will cover deploying and managing Windows Server 2012, Active Directory Domain Services, networking, and DNS. Day two will cover local storage, file and print services, Group Policy, server virtualization, and security. The document also introduces the two presenters, Rick Claus and Ed Liberman, and provides expectations and objectives for the course.
This document provides information about setting up a computer server using Windows Server 2008 R2. It begins with learning objectives about defining computer server setup and learning how to configure Windows Server 2008 R2. It then discusses the differences between Windows Server 2008 and Windows Server 2008 R2, including new features introduced in each version. Finally, it outlines the 8 steps for setting up Windows Server 2008 R2, such as booting the server, selecting the operating system, allocating disk space, and configuring Windows Server.
Directory Synchronization Single Sign-On in Office 365InnoTech
Directory synchronization and single sign-on in Office 365 allows organizations to synchronize their on-premises Active Directory with Office 365 and implement single sign-on for user authentication. The key steps include activating directory synchronization in the Office 365 admin center, preparing Active Directory, installing the directory synchronization tool, and configuring single sign-on using AD FS for federated authentication. This provides a single set of credentials for users to access both on-premises and Office 365 resources.
Similar to Material modulo04 asf6501(6425-a_01) (20)
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-EfficiencyScyllaDB
Freshworks creates AI-boosted business software that helps employees work more efficiently and effectively. Managing data across multiple RDBMS and NoSQL databases was already a challenge at their current scale. To prepare for 10X growth, they knew it was time to rethink their database strategy. Learn how they architected a solution that would simplify scaling while keeping costs under control.
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc
How does your privacy program stack up against your peers? What challenges are privacy teams tackling and prioritizing in 2024?
In the fifth annual Global Privacy Benchmarks Survey, we asked over 1,800 global privacy professionals and business executives to share their perspectives on the current state of privacy inside and outside of their organizations. This year’s report focused on emerging areas of importance for privacy and compliance professionals, including considerations and implications of Artificial Intelligence (AI) technologies, building brand trust, and different approaches for achieving higher privacy competence scores.
See how organizational priorities and strategic approaches to data security and privacy are evolving around the globe.
This webinar will review:
- The top 10 privacy insights from the fifth annual Global Privacy Benchmarks Survey
- The top challenges for privacy leaders, practitioners, and organizations in 2024
- Key themes to consider in developing and maintaining your privacy program
GraphRAG for Life Science to increase LLM accuracyTomaz Bratanic
GraphRAG for life science domain, where you retriever information from biomedical knowledge graphs using LLMs to increase the accuracy and performance of generated answers
Introduction of Cybersecurity with OSS at Code Europe 2024Hiroshi SHIBATA
I develop the Ruby programming language, RubyGems, and Bundler, which are package managers for Ruby. Today, I will introduce how to enhance the security of your application using open-source software (OSS) examples from Ruby and RubyGems.
The first topic is CVE (Common Vulnerabilities and Exposures). I have published CVEs many times. But what exactly is a CVE? I'll provide a basic understanding of CVEs and explain how to detect and handle vulnerabilities in OSS.
Next, let's discuss package managers. Package managers play a critical role in the OSS ecosystem. I'll explain how to manage library dependencies in your application.
I'll share insights into how the Ruby and RubyGems core team works to keep our ecosystem safe. By the end of this talk, you'll have a better understanding of how to safeguard your code.
For the full video of this presentation, please visit: https://www.edge-ai-vision.com/2024/06/temporal-event-neural-networks-a-more-efficient-alternative-to-the-transformer-a-presentation-from-brainchip/
Chris Jones, Director of Product Management at BrainChip , presents the “Temporal Event Neural Networks: A More Efficient Alternative to the Transformer” tutorial at the May 2024 Embedded Vision Summit.
The expansion of AI services necessitates enhanced computational capabilities on edge devices. Temporal Event Neural Networks (TENNs), developed by BrainChip, represent a novel and highly efficient state-space network. TENNs demonstrate exceptional proficiency in handling multi-dimensional streaming data, facilitating advancements in object detection, action recognition, speech enhancement and language model/sequence generation. Through the utilization of polynomial-based continuous convolutions, TENNs streamline models, expedite training processes and significantly diminish memory requirements, achieving notable reductions of up to 50x in parameters and 5,000x in energy consumption compared to prevailing methodologies like transformers.
Integration with BrainChip’s Akida neuromorphic hardware IP further enhances TENNs’ capabilities, enabling the realization of highly capable, portable and passively cooled edge devices. This presentation delves into the technical innovations underlying TENNs, presents real-world benchmarks, and elucidates how this cutting-edge approach is positioned to revolutionize edge AI across diverse applications.
Fueling AI with Great Data with Airbyte WebinarZilliz
This talk will focus on how to collect data from a variety of sources, leveraging this data for RAG and other GenAI use cases, and finally charting your course to productionalization.
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...alexjohnson7307
Predictive maintenance is a proactive approach that anticipates equipment failures before they happen. At the forefront of this innovative strategy is Artificial Intelligence (AI), which brings unprecedented precision and efficiency. AI in predictive maintenance is transforming industries by reducing downtime, minimizing costs, and enhancing productivity.
FREE A4 Cyber Security Awareness Posters-Social Engineering part 3Data Hops
Free A4 downloadable and printable Cyber Security, Social Engineering Safety and security Training Posters . Promote security awareness in the home or workplace. Lock them Out From training providers datahops.com
This presentation provides valuable insights into effective cost-saving techniques on AWS. Learn how to optimize your AWS resources by rightsizing, increasing elasticity, picking the right storage class, and choosing the best pricing model. Additionally, discover essential governance mechanisms to ensure continuous cost efficiency. Whether you are new to AWS or an experienced user, this presentation provides clear and practical tips to help you reduce your cloud costs and get the most out of your budget.
Ivanti’s Patch Tuesday breakdown goes beyond patching your applications and brings you the intelligence and guidance needed to prioritize where to focus your attention first. Catch early analysis on our Ivanti blog, then join industry expert Chris Goettl for the Patch Tuesday Webinar Event. There we’ll do a deep dive into each of the bulletins and give guidance on the risks associated with the newly-identified vulnerabilities.
Taking AI to the Next Level in Manufacturing.pdfssuserfac0301
Read Taking AI to the Next Level in Manufacturing to gain insights on AI adoption in the manufacturing industry, such as:
1. How quickly AI is being implemented in manufacturing.
2. Which barriers stand in the way of AI adoption.
3. How data quality and governance form the backbone of AI.
4. Organizational processes and structures that may inhibit effective AI adoption.
6. Ideas and approaches to help build your organization's AI strategy.
A Comprehensive Guide to DeFi Development Services in 2024Intelisync
DeFi represents a paradigm shift in the financial industry. Instead of relying on traditional, centralized institutions like banks, DeFi leverages blockchain technology to create a decentralized network of financial services. This means that financial transactions can occur directly between parties, without intermediaries, using smart contracts on platforms like Ethereum.
In 2024, we are witnessing an explosion of new DeFi projects and protocols, each pushing the boundaries of what’s possible in finance.
In summary, DeFi in 2024 is not just a trend; it’s a revolution that democratizes finance, enhances security and transparency, and fosters continuous innovation. As we proceed through this presentation, we'll explore the various components and services of DeFi in detail, shedding light on how they are transforming the financial landscape.
At Intelisync, we specialize in providing comprehensive DeFi development services tailored to meet the unique needs of our clients. From smart contract development to dApp creation and security audits, we ensure that your DeFi project is built with innovation, security, and scalability in mind. Trust Intelisync to guide you through the intricate landscape of decentralized finance and unlock the full potential of blockchain technology.
Ready to take your DeFi project to the next level? Partner with Intelisync for expert DeFi development services today!
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on integration of Salesforce with Bonterra Impact Management.
Interested in deploying an integration with Salesforce for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
In the realm of cybersecurity, offensive security practices act as a critical shield. By simulating real-world attacks in a controlled environment, these techniques expose vulnerabilities before malicious actors can exploit them. This proactive approach allows manufacturers to identify and fix weaknesses, significantly enhancing system security.
This presentation delves into the development of a system designed to mimic Galileo's Open Service signal using software-defined radio (SDR) technology. We'll begin with a foundational overview of both Global Navigation Satellite Systems (GNSS) and the intricacies of digital signal processing.
The presentation culminates in a live demonstration. We'll showcase the manipulation of Galileo's Open Service pilot signal, simulating an attack on various software and hardware systems. This practical demonstration serves to highlight the potential consequences of unaddressed vulnerabilities, emphasizing the importance of offensive security practices in safeguarding critical infrastructure.
Generating privacy-protected synthetic data using Secludy and MilvusZilliz
During this demo, the founders of Secludy will demonstrate how their system utilizes Milvus to store and manipulate embeddings for generating privacy-protected synthetic data. Their approach not only maintains the confidentiality of the original data but also enhances the utility and scalability of LLMs under privacy constraints. Attendees, including machine learning engineers, data scientists, and data managers, will witness first-hand how Secludy's integration with Milvus empowers organizations to harness the power of LLMs securely and efficiently.
5th LF Energy Power Grid Model Meet-up SlidesDanBrown980551
5th Power Grid Model Meet-up
It is with great pleasure that we extend to you an invitation to the 5th Power Grid Model Meet-up, scheduled for 6th June 2024. This event will adopt a hybrid format, allowing participants to join us either through an online Mircosoft Teams session or in person at TU/e located at Den Dolech 2, Eindhoven, Netherlands. The meet-up will be hosted by Eindhoven University of Technology (TU/e), a research university specializing in engineering science & technology.
Power Grid Model
The global energy transition is placing new and unprecedented demands on Distribution System Operators (DSOs). Alongside upgrades to grid capacity, processes such as digitization, capacity optimization, and congestion management are becoming vital for delivering reliable services.
Power Grid Model is an open source project from Linux Foundation Energy and provides a calculation engine that is increasingly essential for DSOs. It offers a standards-based foundation enabling real-time power systems analysis, simulations of electrical power grids, and sophisticated what-if analysis. In addition, it enables in-depth studies and analysis of the electrical power grid’s behavior and performance. This comprehensive model incorporates essential factors such as power generation capacity, electrical losses, voltage levels, power flows, and system stability.
Power Grid Model is currently being applied in a wide variety of use cases, including grid planning, expansion, reliability, and congestion studies. It can also help in analyzing the impact of renewable energy integration, assessing the effects of disturbances or faults, and developing strategies for grid control and optimization.
What to expect
For the upcoming meetup we are organizing, we have an exciting lineup of activities planned:
-Insightful presentations covering two practical applications of the Power Grid Model.
-An update on the latest advancements in Power Grid -Model technology during the first and second quarters of 2024.
-An interactive brainstorming session to discuss and propose new feature requests.
-An opportunity to connect with fellow Power Grid Model enthusiasts and users.
2. 1-2 6425A: Configuring Windows Server® 2008 Active Directory® Domain Services
Module Overview
Active Directory® Domain Services (AD DS) is installed as a server role in
Windows Server® 2008. You have several choices to make when you install AD DS
and run the Active Directory Installation Wizard. You must choose whether to
create a new domain or add a domain controller to an existing domain. You also
have the option of installing AD DS on a server running Windows Server 2008
Server Core or installing read-only domain controllers. After deploying the domain
controllers, you also must manage special domain controller roles, such as the
global catalog and operations masters.
BETA COURSEWARE. EXPIRES 4/11/2008
3. Implementing Active Directory® Domain Services 1-3
Lesson 1:
Installing Active Directory Domain Services
Windows Server 2008 provides several ways to install and configure Active
Directory Domain Services. This lesson describes the standard AD DS installation,
and then also describes some of the other options that are available when
performing the installation.
BETA COURSEWARE. EXPIRES 4/11/2008
4. 1-4 6425A: Configuring Windows Server® 2008 Active Directory® Domain Services
Requirements for Installing AD DS
Key Points
To install Active Directory Domain Services, the server must meet the following
requirements:
Windows Server 2008 operating system must be is installed. AD DS can only be
installed on the following editions:
• Windows Server 2008, Standard Edition
• Windows Server 2008, Enterprise Edition
• Windows Server 2008, Datacenter edition
Additional Reading
• Active Directory Domain Services Help: Installing Active Directory Domain
Services
• Microsoft Technet article: Requirements for Installing AD DS
BETA COURSEWARE. EXPIRES 4/11/2008
5. Implementing Active Directory® Domain Services 1-5
What Are Domain and Forest Functional Levels?
Key Points
In Windows Server 2008, forest and domain functionality provides a way to enable
forest-wide or domain-wide Active Directory features in your network environment.
Different levels of forest and domain functionality are available, depending on
domain and forest functional level.
Additional Reading
• Active Directory Domain Services Help: Set the domain or forest functional
level
• Microsoft Technet article: Appendix of Functional Level Features
BETA COURSEWARE. EXPIRES 4/11/2008
6. 1-6 6425A: Configuring Windows Server® 2008 Active Directory® Domain Services
AD DS Installation Process
Key Points
To configure a Windows Server 2008 domain controller, you must install the AD
DS server role and run the Active Directory Domain Services Installation wizard.
Do this using one of the following processes:
• Install the Server role by using Server Manager, and then run the installation
wizard by running DCPromo or the installation wizard from Server Manager.
• Run DCPromo from the Run command or a command prompt. This will
install the AD DS server role and then start the installation wizard.
Additional Reading
• Active Directory Domain Services Help: Installing Active Directory Domain
Services
• Microsoft Technet article: Installing a New Windows Server 2008 Forest and
Scenarios for Installing AD DS
BETA COURSEWARE. EXPIRES 4/11/2008
7. Implementing Active Directory® Domain Services 1-7
Advanced Options for Installing AD DS
Key Points
Some of the Active Directory Domain Services Installation Wizard pages appear
only if you select the Use advanced mode installation check box on the Welcome
page of the wizard or by running DCPromo with the /adv switch. If you do not run
the installation wizard in advanced mode, the wizard uses default options that
apply to most configurations.
Question: When would you use the advanced options mode in your organization?
Additional Reading
• Active Directory Domain Services Help: Use advanced mode installation
• Microsoft Technet article: What's New in AD DS Installation and Removal
BETA COURSEWARE. EXPIRES 4/11/2008
8. 1-8 6425A: Configuring Windows Server® 2008 Active Directory® Domain Services
Installing AD DS from Media
Key Points
Before you can use backup media as the source for installing a domain controller,
use Ntdsutil.exe to create the installation media.
Question: Which types of installation media will you use in your organization?
Additional Reading
• Microsoft Technet article: Installing AD DS from Media
BETA COURSEWARE. EXPIRES 4/11/2008
9. Implementing Active Directory® Domain Services 1-9
Demonstration: Verifying the AD DS installation
Question: What steps would you take if you noticed that the domain controller
installation failed?
Additional Reading
• Microsoft Technet article: Verifying an AD DS Installation
• Microsoft Technet article: Verifying Active Directory Installation
BETA COURSEWARE. EXPIRES 4/11/2008
10. 1-10 6425A: Configuring Windows Server® 2008 Active Directory® Domain Services
Upgrading to Windows Server 2008 AD DS
Key Points
To install a new Windows Server 2008 domain controller in an existing Windows
2000 Server or Windows Server 2003 domain, complete the following steps:
• If the domain controller is the first Windows Server 2008 domain controller in
the forest, you must prepare the forest for Windows Server 2008 by extending
the schema on the schema operations master. To extend the schema, run
adprep /forestprep. The adprep tool is located on the Windows Server 2008
installation media.
• If the domain controller is the first Windows Server 2008 domain controller in
a Windows 2000 Server domain, you must first prepare the domain by
running adprep /domainprep /gpprep on the infrastructure master. The
gpprep switch adds inheritable access control entry (ACEs) to the Group
Policy Objects (GPO) that are located in the SYSVOL shared folder and
synchronizes the SYSVOL shared folder among the controllers in the domain.
BETA COURSEWARE. EXPIRES 4/11/2008
11. Implementing Active Directory® Domain Services 1-11
• If the domain controller is the first Windows Server 2008 domain controller in
a Windows Server 2003 domain, you must prepare the domain by running
adprep /domainprep on the infrastructure master.
• After you install a writeable domain controller, you can install an RODC in the
Windows Server 2003 forest. Before doing this, you must prepare the forest by
running adprep /rodcprep. You can run adprep /rodcprep on any computer in
the forest. If the RODC will be a global catalog server, then you must run
adprep /domainprep in all domains in the forest, regardless of whether the
domain runs a Windows Server 2008 domain controller. By running adprep
/domainprep in all domains, the RODC can replicate global catalog data from
all domains in the forest and then advertise as a global catalog server.
Additional Reading
• Active Directory Domain Services Help: Installing Active Directory Domain
Services
• Microsoft Technet article: Installing a New Windows Server 2008 Forest:
• Microsoft Technet article: Scenarios for Installing AD DS
BETA COURSEWARE. EXPIRES 4/11/2008
12. 1-12 6425A: Configuring Windows Server® 2008 Active Directory® Domain Services
Installing AD DS on a Server Core Computer
Key Points
To install AD DS on a Windows Server 2008 computer running Server Core, you
must use an unattended setup. Windows Server 2008 Server Core does not
provide a graphical user interface (GUI) so you cannot run the Active Directory
Domain Services installation wizard.
To perform an unattended install of AD DS, use an answer file and the following
syntax with the Dcpromo command:
Dcpromo /answer[:filename] Where filename is the name of your answer
file.
Additional Reading
• Microsoft Technet article: Appendix of Unattended Installation Parameters
BETA COURSEWARE. EXPIRES 4/11/2008
13. Implementing Active Directory® Domain Services 1-13
Discussion: Common Configuration for AD DS
Key Points
After installing a domain controller, you may need to perform additional tasks in
your environment. You can access checklists for the following common
configurations for AD DS in Server Manager, under Resources and Support.
Additional Reading
• AD DS Help: Common Configurations for Active Directory Domain Services
BETA COURSEWARE. EXPIRES 4/11/2008
14. 1-14 6425A: Configuring Windows Server® 2008 Active Directory® Domain Services
Lesson 2:
Deploying Read-Only Domain
Controllers
One of the important new features in Windows Server 2008 is the option to use
read-only domain controllers (RODCs). RODCs provide all of the functionality that
clients require while providing additional security for domain controllers deployed
in branch offices. When configuring RODCs, you can specify which user account
passwords will be cached on the server and configure delegated administrative
permissions for the domain controller. This lesson describes how to install and
configure RODCs.
BETA COURSEWARE. EXPIRES 4/11/2008
15. Implementing Active Directory® Domain Services 1-15
What Is a Read-Only Domain Controller?
Key Points
An RODC is a new type of domain controller that Windows Server 2008 supports.
An RODC hosts read-only partitions of the AD DS database. This means that no
changes can ever be made to the database copy that the RODC stores, and all AD
DS replication uses a one-way connection from a domain controller that has a
writeable database copy to the RODC.
Additional Reading
• Microsoft Technet article: AD DS: Read-Only Domain Controllers
BETA COURSEWARE. EXPIRES 4/11/2008
16. 1-16 6425A: Configuring Windows Server® 2008 Active Directory® Domain Services
Read-Only Domain Controller Features
Key Points
See the list on the slide.
Additional Reading
• Microsoft Technet article: AD DS: Read-Only Domain Controllers
• Microsoft Technet article: Step-by-Step Guide for Read-Only Domain
Controller in Windows Server 2008 Beta 3
BETA COURSEWARE. EXPIRES 4/11/2008
17. Implementing Active Directory® Domain Services 1-17
Preparing to Install the RODC
Key Points
Before you can install an RODC, you must prepare the AD DS environment by
completing the following steps:
• Configure the domain and forest functional level
• Plan for Windows Server 2008 domain controller availability
• Prepare the forest and domain
Additional Reading
• AD DS Help: Delegate read-only domain controller installation and
administration
• Microsoft Technet article: AD DS: Read-Only Domain Controllers
• Microsoft Technet article: Step-by-Step Guide for Read-Only Domain
Controller in Windows Server 2008 Beta 3
BETA COURSEWARE. EXPIRES 4/11/2008
18. 1-18 6425A: Configuring Windows Server® 2008 Active Directory® Domain Services
Installing the RODC
Key Points
The RODC installation is almost identical to the installation of AD DS on a domain
controller with a writeable copy of the database. However there are a few extra
steps.
Additional Reading
• AD DS Help: Delegate read-only domain controller installation and
administration
• Microsoft Technet article: Step-by-Step Guide for Read-Only Domain
Controller in Windows Server 2008 Beta 3
BETA COURSEWARE. EXPIRES 4/11/2008
19. Implementing Active Directory® Domain Services 1-19
Delegating the RODC Installation
Key Points
You can delegate the installation of an RODC by performing a two stage
installation.
Question: What are the benefits of delegating an RODC installation?
Additional reading
• AD DS Help: Delegate read-only domain controller installation and
administration
• Microsoft Technet article: AD DS: Read-Only Domain Controllers:
• Microsoft Technet article: Step-by-Step Guide for Read-Only Domain
Controller in Windows Server 2008 Beta 3:
BETA COURSEWARE. EXPIRES 4/11/2008
20. 1-20 6425A: Configuring Windows Server® 2008 Active Directory® Domain Services
What Are Password Replication Policies?
Key Points
When deploy an RODC, you can configure a Password Replication Policy for the
RODC.
The Password Replication Policy acts as an access control list (ACL) that
determines if an RODC is permitted to cache a password.
The Password Replication Policy lists the accounts that you are allowing explicitly
to be cached and those that you are not. The passwords for any accounts are not
actually cached on the RODC until after the first time the user or computer
account is authenticated through the RODC.
Additional Reading
• AD DS Online Help: Specify Password Replication Policy
BETA COURSEWARE. EXPIRES 4/11/2008
21. Implementing Active Directory® Domain Services 1-21
Demonstration: Configuring Administrator Role Separation
and Password Replication Policies
Questions: What is an alternative way to configure administrator role separation
and password replication policies?
Your organization has deployed two RODCs. How would you configure the
password replication policy if you wanted the credentials for all user accounts and
computer accounts except for administrators and executives to be cached on both
RODCs?
Additional Reading
• AD DS Help: Specify Password Replication Policy
BETA COURSEWARE. EXPIRES 4/11/2008
22. 1-22 6425A: Configuring Windows Server® 2008 Active Directory® Domain Services
Lesson 3:
Configuring AD DS Domain Controller
Roles
All domain controllers in a domain are essentially equal, meaning they all contain
the same data and provide the same services. However, you also can assign special
roles to domain controllers to provide additional services or address scenarios in
which only one domain controller should provide services at any given time. This
lesson describes how to configure and manage global catalog servers and
operations masters.
BETA COURSEWARE. EXPIRES 4/11/2008
23. Implementing Active Directory® Domain Services 1-23
What Are Global Catalog Servers?
Key Points
The global catalog is a partial, read-only replica of all domain directory partitions in
a forest. The global catalog is a partial replica because it includes only a limited set
of attributes for each of the forest’s objects. By including only the attributes that are
used the most for searching, the database of a single global catalog server can
represent every object in every domain in the forest.
The global catalog server hosts the global catalog and its domain information.
Active Directory configures the first domain controller automatically in the forest as
a global catalog server. You can add global catalog functionality to other domain
controllers or change the default location of the global catalog to another domain
controller.
Additional Reading
• Microsoft Technet article: Domain Controller Roles
BETA COURSEWARE. EXPIRES 4/11/2008
24. 1-24 6425A: Configuring Windows Server® 2008 Active Directory® Domain Services
Modifying the Global Catalog
Key Points
Sometimes you may want to customize the global catalog server to include
additional attributes. By default, for every object in the forest, the global catalog
server contains an object’s most common attributes. Applications and users can
query these attributes. For example, you can find a user by first name, last name, e-
mail address, or other common properties
Additional Reading
• Microsoft Technet article: Domain Controller Roles (Global Catalog Partial
Attribute Set section)
BETA COURSEWARE. EXPIRES 4/11/2008
25. Implementing Active Directory® Domain Services 1-25
Demonstration: Configuring Global Catalog Servers
Questions: What types of errors or user experiences would lead you to investigate
whether you needed to configure another server as a global catalog server?
What are reasons why you would choose to replicate an attribute to the global
catalog?
Additional Reading
• Microsoft Technet article: To add an attribute to the global catalog
BETA COURSEWARE. EXPIRES 4/11/2008
26. 1-26 6425A: Configuring Windows Server® 2008 Active Directory® Domain Services
What Are Operations Master Roles?
Key Points
Active Directory is designed as a multimaster replication system. However, for
certain directory operations, only a single authoritative server is required. The
domain controllers that perform specific roles are known as operations masters.
The domain controllers that hold operations master roles are designated to
perform specific tasks to ensure consistency and to eliminate the potential for
conflicting entries in the Active Directory database.
Additional Reading
• Microsoft Technet article: To add an attribute to the global catalog
BETA COURSEWARE. EXPIRES 4/11/2008
27. Implementing Active Directory® Domain Services 1-27
Demonstration: Managing Operation Master Roles
Questions: Under what circumstances might you need to seize an operations
master role immediately rather than wait a few hours for a domain controller
currently holding the role to be repaired?
You are deploying the first domain controller in a new domain that will be a new
domain tree in the WoodgroveBank.com forest. What operations master roles will
this server hold by default?
Additional Reading
• Microsoft Technet article: Manage Operations Master Roles
BETA COURSEWARE. EXPIRES 4/11/2008
28. 1-28 6425A: Configuring Windows Server® 2008 Active Directory® Domain Services
How Windows Time Service Works
Key Points
The Windows Time service, also known as W32Time, synchronizes the date and
time for all computers running on a Windows Server 2008 network. The Windows
Time service uses the Network Time Protocol (NTP) to ensure highly accurate time
settings throughout your network. You also can integrate the Windows Time
service with external time sources.
Additional Reading
• Microsoft Technet article: Windows Time Service Technical Reference
• Microsoft Technet article: Configuring a time source for the forest
BETA COURSEWARE. EXPIRES 4/11/2008
29. Implementing Active Directory® Domain Services 1-29
Lab: Implementing Read-Only Domain
Controllers and Managing Domain Controller
Roles
Scenario:
Woodgrove Bank has begun their deployment of Windows Server 2008. The
organization has deployed several domain controllers at the corporate
headquarters and is preparing to deploy domain controllers in several branch
offices. The Enterprise Administrator created a design that requires read-only
domain controllers to be deployed on servers running Windows Server 2008 in all
branch offices. Your task is to deploy a domain controller in a branch office that
meets these requirements.
BETA COURSEWARE. EXPIRES 4/11/2008
30. 1-30 6425A: Configuring Windows Server® 2008 Active Directory® Domain Services
Exercise 1: Evaluating Forest and Server Readiness for
Installing an RODC
Woodgrove Bank has begun their deployment of Windows Server 2008. The
organization has deployed several domain controllers at the corporate
headquarters and is now preparing to deploy domain controllers in several of the
branch offices. The Enterprise Administrator has created a design that requires
read-only domain controllers to be deployed on servers running Windows Server
2008 in all branch offices.
Your task is to deploy a domain controller in a branch office that meets these
requirements
Note: Due to the limitations of the virtual lab environment, you will be installing the
RODC in the same site as the existing domain controllers. In a production
environment, you would complete the same steps even if the RODC was in a
different site.
The main tasks are as follows:
1. Start 6425A-NYC-DC1 and log on as Administrator.
2. Start 6425A-NYC-SVR1 and log on as Administrator.
3. Start 6425A-NYC-SVR1 and log on as Administrator.
4. Verify the forest and domain functional level are compatible with an RODC
deployment.
5. Verify the availability of a writeable domain controller running Windows
Server 2008.
5. Configure the computer account settings for the RODC.
Task 1: Start 6425A-NYC-DC1 and log on as Administrator
• Start 6425A-NYC-DC1 and log on as Administrator using the password
Pa$$w0rd.
BETA COURSEWARE. EXPIRES 4/11/2008
31. Implementing Active Directory® Domain Services 1-31
Task 2: Start 6425A-NYC-DC2 and log on as Administrator
• Start 6425A-NYC-DC2 and log on as Administrator using the password
Pa$$w0rd.
Task 3: Start 6425A-NYC-SVR1 and log on as Administrator
• Start 6425A-NYC-SVR1 and log on as Administrator using the password
Pa$$w0rd.
Task 3: Verify the forest and domain functional level are compatible
with an RODC deployment
1. On NYC-DC1, open Active Directory Users and Computers.
2. Right-click WoodgroveBank.com and verify that the domain functional level
and the forest functional level are set to Windows Server 2003.
Task 4: Verify the availability of a writeable domain controller running
Windows Server 2008
1. In Active Directory Users and Computers, check the properties for NYC-DC1.
2. Verify that the operating system name is Windows Server 2008 Enterprise.
Task 5: Configure the computer account settings for the RODC
1. On NYC-SVR1, open Server Manager.
2. Click Change System Properties, and on the Computer Name tab, change the
computer name to TOR-DC1.
3. Restart the computer.
Result: At the end of this exercise, you will have verified that the domain and the
computer are ready to install an RODC.
BETA COURSEWARE. EXPIRES 4/11/2008
32. 1-32 6425A: Configuring Windows Server® 2008 Active Directory® Domain Services
Exercise 2: Installing and Configuring an RODC
You will install the RODC server role on the Windows Server 2008 computer. To
do this, you will prestage the computer account that the RODC will use. As part of
the prestaging, you will configure an administrative group with permissions to
install the domain controller.
After the installation is complete, you will verify that the installation completed
successfully. You also will configure password-replication policies for users that log
on to the domain controller.
The main tasks are as follows:
1. Pre-stage the computer account for the RODC.
2. Log on to TOR-DC1 as Administrator.
3. Install the RODC using the existing account. Use WoodgroveBankAxel as the
account with credentials to perform the installation.
4. Verify the successful installation of the domain controller.
5. Configure a password replication policy that enables credential caching for all
user accounts in Toronto.
Task 1: Pre-stage the computer account for the RODC
1. On NYC-DC1, open Active Directory Users and Computers.
2. Right-click the Domain Controllers organization unit and click Pre-create
Read-only Domain Controller account.
3. Complete the Active Directory Domain Services Installation Wizard using the
following selections:
a. Use advanced mode installation
b. Use the current credentials.
c. Computer name: TOR-DC1
d. Default site
e. Install only the DNS and RODC options
f. Delegate permission to install the RODC to Axel Delgado
BETA COURSEWARE. EXPIRES 4/11/2008
33. Implementing Active Directory® Domain Services 1-33
Task 2: Log on to TOR-DC1 as Administrator
• Log on as Administrator using the password Pa$$w0rd.
Task 3: Install the RODC using the existing account. Use
WoodgroveBankAxel as the account with credentials to perform the
installation
1. On TOR-DC1, open a command prompt and type dcpromo
/UseExistingAccount:Attach, and then press ENTER:
2. Complete the Active Directory Domain Services Installation Wizard using the
following selections:
a. Use advanced mode installation
b. Provide Axel as the alternative credential
c. Use TOR-DC1 as the computer name
d. Use NYC-DC1.WoodgroveBank.com as the source domain controller
e. Accept the default location for the Database, Log Files, and SYSVOL files.
f. Use Pa$$w0rd as the Directory Services Restore Mode Administrator
Password
3. Reboot the computer when the installation finishes.
Task 4: Verify the successful installation of the domain controller
1. After NYC-SRV1 restarts, log on as Axel with a password of Pa$$w0rd.
2. In Server Manager, verify that Active Directory Domain Services server role is
installed.
3. Verify that all required services are running.
4. In Active Directory Users and Computers, verify that TOR-DC1 is listed in
the Domain Controllers organizational unit.
5. Verify that you do not have permission to add or remove domain objects.
BETA COURSEWARE. EXPIRES 4/11/2008
34. 1-34 6425A: Configuring Windows Server® 2008 Active Directory® Domain Services
6. In Active Directory Sites and Services, verify that TOR-DC1 is listed in the
Servers list for the Default-First-Site-Name.
7. Check the NTDS Settings for TOR-DC1. Confirm that connection objects have
been created.
8. Check the NTDS Settings for NYC-DC1. Confirm that no connection objects
have been created for replication with TOR-DC1.
9. Open Event Viewer. In the Directory Service log, locate and view a message
with an event ID of 1128. This event ID verifies that a replication connection
object has been created between NYC-DC1 and TOR-DC1.
Task 5: Configure a password replication policy that enables credential
caching for all user accounts in Toronto
1. On NYC-DC1, in Active Directory Users and Computers, access the TOR-
DC1 Properties dialog box.
2. Add all of the Toronto groups to the Password replication policy.
Result: At the end of this exercise, you will have installed an RODC and configured
the RODC password replication policy for the RODC.
BETA COURSEWARE. EXPIRES 4/11/2008
35. Implementing Active Directory® Domain Services 1-35
Exercise 3: Configuring AD DS Domain Controller Roles
You will configure the RODC installed in the previous exercise as a global catalog
server. You also will assign operation master roles to an additional domain
controller in the domain.
The main tasks are as follows:
1. Use Active Directory Sites and Services to configure TOR-DC1 as a global
catalog server.
2. Configure NYC-DC2 as the infrastructure master and domain naming master
for the WoodgroveBank.com domain.
3. Add the Department attribute to the global catalog.
4. Shut down all virtual machines.
Task 1: Use Active Directory Sites and Services to configure TOR-DC1
as a global catalog server
1. On NYC-DC1, in Active Directory Sites and Services, locate the TOR-DC1
computer account.
2. Access the NTDS Settings, and select the Global Catalog check box.
Task 2: Configure NYC-DC2 as the infrastructure master and domain
naming master for the WoodgroveBank.com domain
1. On NYC-DC1, in Active Directory Users and Computers, change the
console’s focus to NYC-DC1.WoodgroveBank.com and then click OK.
2. Right-click WoodgroveBank.com, and then click Operations Masters.
Transfer the infrastructure master role to NYC-DC2.WoodgroveBank.com.
3. On NYC-DC2, open Active Directory Domains and Trusts. Access the
Operations Master settings and transfer the domain naming operations
master role to NYC-DC2.
BETA COURSEWARE. EXPIRES 4/11/2008
36. 1-36 6425A: Configuring Windows Server® 2008 Active Directory® Domain Services
Task 3: Add the Department attribute to the global catalog
1. On NYC-DC1, use the regsvr32 schmmgmt.dll to register the Active Directory
Schema snap-in.
2. Create a new MMC and add the Active Directory Schema snap-in.
3. In the Active Directory Schema, access the Department attribute and
configure the attribute to replicate to the Global Catalog.
Task 4: Shut down all virtual machines and discard any changes
Result: At the end of this exercise, you will have configured a global catalog server and
configure AD DS domain controller roles.
BETA COURSEWARE. EXPIRES 4/11/2008
37. Implementing Active Directory® Domain Services 1-37
Module Review and Takeaways
Review Questions
1. You are deploying a domain controller in a branch office. The branch office
does not have a highly secure server room so you are concerned about the
security of the server. What two Windows Server 2008 features can you take
advantage of to enhance the security of the domain controller deployment?
2. You must create a new domain by installing a domain controller in your Active
Directory infrastructure. You are reviewing the inventory list of available
servers for this purpose. Which of the following computers could be used as a
domain controller?
A. Windows Server 2008 Web Edition, NTFS files system, 1 gigabyte (GB)
free hard disk space, TCP/IP.
B. Windows Server 2008 Enterprise Edition, NTFS files system, 500
megabyte (MB) free hard disk space, TCP/IP.
BETA COURSEWARE. EXPIRES 4/11/2008
38. 1-38 6425A: Configuring Windows Server® 2008 Active Directory® Domain Services
C. Windows Server 2008 Server Core Enterprise Edition, NTFS files system,
1GB free hard disk space, TCP/IP.
D. Windows Server 2008 Standard Edition, NTFS files system, 500 MB free
hard disk space, TCP/IP.
3. You are deploying an RODC in branch office. You need to ensure that all users
in the branch office can authenticate even if the WAN connection from the
branch office is not available. Only the users who normally log on in the
branch office should be able to do this? How would you configure the
password replication policy?
4. You need to install a domain controller by using the install from media option.
What steps do you need to take to complete this process?
5. Will you be deploying RODCs in your AD DS environment? Describe the
deployment scenario.
6. You are deploying a domain controller in a branch office. The office has a
WAN connection to the main office that has very little available bandwidth and
is not very reliable. Should you configure the branch office domain controller
as a global catalog server?
Considerations
Keep the following considerations in mind when you are implementing RODCs
and managing domain controller roles:
• You can install the AD DS Server role on all Windows Server 2008 editions
except Windows Server 2008 Web Server Edition.
• Consider installing a RODC on a Windows Server 2008 Server Core computer
to provide additional security for your domain environment.
• To install AD DS on a Server Core computer, you must use an unattended
installation.
• Plan the password replication policies carefully in your organization. If you
enable credential caching for most of the accounts in your domain, you will
increase the impact to your organization if the RODC is compromised. If you
do not enable any credential caching, you increase the impact to the branch
office location if the WAN link to the main office is not available.
BETA COURSEWARE. EXPIRES 4/11/2008
39. Implementing Active Directory® Domain Services 1-39
• In most cases, deploying a global catalog server in a site will improve the logon
experience for users. However, deploying a global catalog in a remote office
also increases the network utilized for replication.
• Operation master roles provide important services on a network but the
services are not usually time critical. Most of the time, if a domain controller
holding an operation master role fails, you do not immediately need to seize
the role to another domain controller if the failed server can be repaired within
a few hours.
BETA COURSEWARE. EXPIRES 4/11/2008