1 / 18

MCTS Guide to Configuring Microsoft Windows Server 2008 Active Directory

MCTS Guide to Configuring Microsoft Windows Server 2008 Active Directory. Chapter 10: Configuring and Maintaining the Active Directory Infrastructure. Describe and configure Active Directory functional levels Add and remove domains from a forest Configure Active Directory trusts

frey
Download Presentation

MCTS Guide to Configuring Microsoft Windows Server 2008 Active Directory

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. MCTS Guide to ConfiguringMicrosoft Windows Server 2008Active Directory Chapter 10: Configuring and Maintaining the Active Directory Infrastructure

  2. Describe and configure Active Directory functional levels Add and remove domains from a forest Configure Active Directory trusts Configure intrasite replication Work with sites Manage operations master roles Objectives http://www.examcollectionvce.com/vce-70-640.html MCTS Windows Server 2008 Active Directory

  3. Examining Active Directory Functional Levels Functional levels allow for Administrators to maintain backwards compatibility, despite the addition of new features Functional levels should be set at the highest version domain controllers on the network support Member servers / workstations are independent of functional levels http://www.examcollectionvce.com/vce-70-640.html MCTS Windows Server 2008 Active Directory

  4. Forest Functional Levels Forest functional level determines the features of Active Directory that have forest-wide implications A Server 2008 domain controller supports the following functional levels: Windows 2000 Lacks the ability to use forest trusts and to rename a domain Windows 2003 Supports all the features present in Windows 2000, plus the following features: forest trusts, Knowledge Consistency Checker (KCC) improvements, linked-value replication, rename a domain , read only domain controller deployment Windows 2008 All the features of 2003, but no additional features (yet) http://www.examcollectionvce.com/vce-70-640.html MCTS Windows Server 2008 Active Directory

  5. Domain Functional Levels A domain controller can’t be configured to run at a lower functional level than the functional level of the forest. Like forest functional levels, domain functional levels can be raised but not lowered Features: Windows 2000 Native: Universal groups, group nesting, group conversion, Security identifier (SID) history Windows Server 2003: All features of Windows 2000 native, domain controller renaming, logon timestamp replication, selective authentication, Users and Computers container redirection Windows Server 2008: All features of Windows 2003, Distributed File System replication, fine-grained password policies, interactive logon information, Advanced Encryption Standard (AES) support http://www.examcollectionvce.com/vce-70-640.html MCTS Windows Server 2008 Active Directory

  6. Raising the Domain Functional Level All domain controllers must be running a Windows OS compatible with the desired functional level Functional level can be raised in Active Directory Domains and Trusts Only one domain controller needs to be raised to the new functional level, the rest will reflect the change automatically Once the functional level is raised, it cannot be reversed http://www.examcollectionvce.com/vce-70-640.html MCTS Windows Server 2008 Active Directory

  7. Raising the Domain Functional Level (cont.) http://www.examcollectionvce.com/vce-70-640.html MCTS Windows Server 2008 Active Directory

  8. Raising the Forest Functional Level You must be a member of the Domain Admins or Enterprise Admins group to raise the forest functional level If raising both domain and forest functional levels, domain functional must be raised first Domain functional levels must be equal or greater than forest functional levels Once functional level is raised, it cannot be lowered http://www.examcollectionvce.com/vce-70-640.html MCTS Windows Server 2008 Active Directory

  9. Raising the Forest Functional Level (cont.) http://www.examcollectionvce.com/vce-70-640.html MCTS Windows Server 2008 Active Directory

  10. Preparing a Forest and Domain for Windows Server 2008 with Adprep The Adprep command-line program prepares an existing forest or domain for the addition of a Windows Server 2008 domain controller To prepare the forest, run the adprep /forestprep command on a Windows Server 2003 or Windows 2000 domain controller acting as the schema master Then run adprep /domainprep in each domain where you plan to add a Windows Server 2008 DC. Windows 2000 requires adprep /domainprep /gpprep http://www.examcollectionvce.com/vce-70-640.html MCTS Windows Server 2008 Active Directory

  11. Preparing for a Read Only Domain Controller Before you can install an RODC in an existing domain that isn’t running all Windows Server 2008 DCs, follow these steps: Verify the functional level is Windows Server 2003 or higher Prepare the forest Install at least one writeable DC running Windows Server 2008 Install an RODC on a full Windows Server 2008 installation or a Server Core installation http://www.examcollectionvce.com/vce-70-640.html MCTS Windows Server 2008 Active Directory

  12. Removing a Domain Controller Be aware of some potential issues If the DC performs any operations master roles, you must first transfer the role to another DC If the DC is a global catalog server, make sure at least one other DC is a global catalog server If it’s the only DC in the domain, you’ll also remove the domain Dcpromo is used to remove domain services If the server wasn’t the last DC, it will remain a member of the domain http://www.examcollectionvce.com/vce-70-640.html MCTS Windows Server 2008 Active Directory

  13. Removing a Domain Two ways to remove a domain: Dcpromo Ntdsutil If the DC crashed or was taken offline without using dcpromo to demote it to a regular server, you must use Ntdsutil to remove the domain This process is called removing an orphaned domain A metadata cleanup will remove all selected domain data from the rest of the forest http://www.examcollectionvce.com/vce-70-640.html MCTS Windows Server 2008 Active Directory

  14. Using the Active Directory Migration Tool The Active Directory Migration Tool (ADMT) allows moving objects and restructuring Active Directory without users losing access to network resources, and has three main types of migration: Intraforest migration Interforest migration Migration of an NT 4.0 domain to an Active Directory domain Before attempting migration, you should review the Active Directory Migration guide Terms used for migration planning and implementation: SID History Security Translation Password Export Server (PES) http://www.examcollectionvce.com/vce-70-640.html MCTS Windows Server 2008 Active Directory

  15. Configuring Active Directory Trusts Recall that all domains in a forest trust one another automatically through two-way transitive trusts, which you can’t remove Types of trusts you can configure: Shortcut trust Forest trust External trust Realm trust DNS must be configured so that FQDNs of DCs in all participating domains can be resolved http://www.examcollectionvce.com/vce-70-640.html MCTS Windows Server 2008 Active Directory

  16. Configuring Shortcut Trusts A shortcut trust is a one-way or two-way transitive trust between two domains in the same forest or two domains in trusting forests Helps to reduce authorization delays between domains Shortcut trusts between domains in different forests require a forest trust to be configured Trusts between forests and external trusts might require additional DNS configuration http://www.examcollectionvce.com/vce-70-640.html MCTS Windows Server 2008 Active Directory

  17. Configuring Forest Trusts DNS must be configured correctly in both forest root domains You must initiate the forest trust in Active Directory Domains and Trusts from the forest root domain When creating a forest trust, you must specify the type of authentication you wish to use: Forest-wide authentication is a property of a forest trust in which all users in a trusted forest can be authenticated to the trusting forest Selective authentication enables administrators to specify users who can authenticate to selected resources in the trusting forest http://www.examcollectionvce.com/vce-70-640.html MCTS Windows Server 2008 Active Directory

  18. Interesting, right? This is just a sneak preview of the full presentation. We hope you like it! To see the rest of it, just click here to view it in full on PowerShow.com. Then, if you’d like, you can also log in to PowerShow.com to download the entire presentation for free.

More Related