Bandwidth utilization, latency, and the reliability of the Wide Area Network are three major concerns when administering a branch office environment. Windows Server 2008 helps to address these concerns through the following 5 technologies. RODC Since the RODC does not accept changes, writable domain controllers that are replication partners do not have to pull changes from the RODC. This reduces the workload of bridgehead servers in the main site and the effort required to monitor replication. RODC unidirectional replication applies to both AD DS and distributed file system (DFS) replication. The RODC performs normal inbound replication for AD DS and DFS … Continue reading Branch Office: 5 Ways Server 2008 Improves WAN Utilization.
A Read Only Domain Controller has the benefit of being able to perform administrative maintenance tasks without entering into Active Directory Restore Mode which previously required a reboot. The following command shows how to compact the Active Directory database from the command line. Before you start, remember not to leave the Active Directory Services stopped for a long period of time since replication of the active directory data will not occur during the period where it is shut down. Stop the Active Directory Services. From the command prompt with administrative privileges type ntdsutil and press enter type activate instance ntds … Continue reading RODC: How to Defrag or Compact the Active Directory Database
When you stop the Active Directory Domain Services you should make note that the following services also stop: File Replication Kerberos Key Distribution Center Intersite Messaging DNS Server DFS Replication Stopping the Active Directory Domain Services has wide ranging effect on an RODC’s ability to perform branch office duties. Jeff LoucksAvailable Technology Subscribe in a reader
A primary benefits of Read Only Domain Controllers is that the Domain Controller service can be managed like a regular service. It can therefore be stopped and started without rebooting the server. The effect of this is that the Active Directory database (NTds.dit) is offline. While the Domain Controller Services is stopped you can performs actions such as: Defragment the Active Directory Database Perform and authoritative restores of Active Directory objects. For more information on Active Directory Maintenance Tasks and command line, please see the following resource: How To Use Ntdsutil to Manage Active Directory Files from the Command Line in … Continue reading RODC: Effects of being able to start and stop the Domain Controller Service without reboot.
The following is a list of permissions which are supported or not supported for delegation to an RODC delegated administrator. Supported: Active Directory Users and Computers Domain Controller Service Kerberos Key Distribution Center Active Directory Sites and Services Not Supported: Global Catalog Bridgehead server PDC emulator RID Master Jeff LoucksAvailable Technology Subscribe in a reader
One of the benefits of of RODC is that you can add local administrators who do not have full access to the domain administration. This gives them the abiltiy to manage the server but not add or change active directory objects unless those roles are delegated. Adding this type of user is done using the dsmdmt.exe utility at the command prompt. The following graphic shows a few commands including: adding local roles showing local roles Remember, an RODC does not have all of the capabilities of a writeable domain controller. Consequently, an RODC cannot serve as the global catalog, operations … Continue reading RODC: Using the dsmgmt.exe utility to manage local administrators
Susan has got a great post on Getting rid of the Red X’s of the mapped drives. Man, these things bug you but never enough to go looking for an answer. Thanks Susan! http://msmvps.com/blogs/bradley/archive/2009/11/27/getting-rid-of-the-red-x-s-of-the-mapped-drives.aspx Jeff LoucksAvailable Technology Subscribe in a reader
The folowing is a list of features and benefits for read only domain controllers. Features: The deployment of RODC major features : Unattended installation and DCPROMO changes. You install an RODC by selecting Additional Options in the DCPROMO wizard. Read-Only Active Directory database. This prevents changes to the directory. Unidirectional replication. Since the directory is read-only, replication only occurs to the RODC. This reduces WAN traffic. Credential caching. The RODC does not store accounts but caches credentials for accounts that use it to log on. You can configure the caching policy using DCPROMO. Benefits: Here are the benefits of deploying … Continue reading Read Only Domain Controllers – Features and Benefits
The following command line can be run at the server core command line to install the DNS Server role. start /w ocsetup DNS-Server-Core-Role Jeff LoucksAvailable Technology Subscribe in a reader
The following command can be run at the Server Core command prompt to install terminal services in application mode for remote administration. cscript c:\windows\System32\SCRegedit.wsf /ar 0 Jeff LoucksAvailable Technology Subscribe in a reader