Information Technology Reference
In-Depth Information
Before you can install a Windows Server 2008 server as a domain controller in an existing
Windows Server 2003 or Windows 2000 Server domain, you must prepare existing
domain controllers for the Windows Server 2008 domain controller and the schema
changes it will bring.
■
Before you can install an RODC in an existing domain that isn't running all Windows
Server 2008 domain controllers, you must verify that the forest functional level is
Windows Server 2003 or higher, prepare the forest with Adprep, and install a writeable
Windows Server 2008 domain controller.
■
To remove a domain controller, you use Dcpromo to remove domain services from the
domain controller. You can use Dcpromo or Ntdsutil to remove a domain from a forest.
■
Use the Active Directory Migration Tool to migrate accounts from one domain or forest to
another.
■
Before creating a trust of any type, DNS must be configured so that FQDNs of domain con-
trollers in all participating domains can be resolved. Typically, you configure DNS between
forests by using conditional forwarders, stub zones, and occasionally secondary zones.
■
Some trust properties you can configure include the trust direction and transitivity, name
suffix routing, and authentication.
■
Both intrasite and intersite replication use the same basic processes to replicate Active
Directory data; the main goal is to balance data replication timeliness and efficiency.
Intrasite replication involves two major components: Knowledge Consistency Checker
(KCC) and connection objects.
■
10
A site is an Active Directory object containing domain controllers and default settings for
replication within the site and is usually associated with one or more IP subnets and site
links. To create a new site, you use Active Directory Sites and Services.
■
Connection objects provide the connection and replication parameters between two
servers. You can add or remove sites that use a particular site link for replication. Two
protocols can be used to replicate between sites: IP and SMTP. By default, IP is used in the
DEFAULTIPSITELINK site link and is recommended in most cases.
■
Bridgehead servers are responsible for all intersite replication. By default, site link bridging
is enabled, which makes site links transitive.
■
Universal group membership caching resolves the potential conflict between faster logons
and additional replication traffic.
■
Deciding where to place the FSMO role holder is part of your overall Active Directory
design strategy. Two important operations for managing FSMOs are transferring and
seizing operations master roles.
■
alternate UPN name suffixes
This method enables users to log on with another name in
place of the “domain” in the typical UPN suffix format
username
@
domain
. These suffixes are
used for security reasons or to simplify logons with lengthy suffixes.
connection object
An Active Directory object created in Active Directory Sites and Services
that defines the connection parameters between two replication partners.
forest-wide authentication
A property of a forest trust in which all users in a trusted forest
can be authenticated to the trusting forest.
interforest migration
Moving objects between domains in different forests. Migrated objects
are actually copied and exist in both domains simultaneously so that users can continue
working while the migration is in progress.
intraforest migration
Moving objects between domains in the same forest. The domain from
which objects are moved is the source domain, and the domain to which they're being moved
is the target domain.
Search WWH ::
Custom Search