This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.
In this work I will focus on services, Active Directory Domain Services (AD DS) in Windows Server 2008, which include several enhancements and new features compared to Windows Server 2003.
What is Active Directory?
Active Directory (AD) is a directory service, which makes it possible to manage your domain. AD is a service that significantly improves the daily work of network administration.
AD allows you from one place - the server (called a Domain Controller) for configuration of computers, users, printers, deployment, and many others.
Active Directory Domain Services
New features in Active Directory Domain Services Windows Server 2008:
Active Directory Domain Services - Read-Only Domain Controllers
Active Directory Domain Services - Restartable Active Directory Domain Services
Active Directory Domain Services - Fine-Grained Password Policies
Old and new changes made â€‹â€‹on the objects attributes can be recorded as log.
A new feature in Windows Server 2008 AD DS is the ability to define with Fine Grained Password Policy and Account lockout for different users on the same domain.
Fine-Grained Password Policies allow the following settings:
Enforce password history
Maximum password age
Minimum password age
Minimum password length
Passwords must meet complexity Requirements
Store passwords using reversible encryption
Account lockout duration
Account lockout threshold
Reset account lockout after
Fine-Grained Password Policies can be applied to objects "user" and "global security groups. " It is not possible for them to apply for the units.
To use the Fine-Grained Password Policies, the domain functional level must be set to Windows Server 2008.
Read-Only Domain Controller
RODC holds read-only copy of Active Directory database with all objects and attributes.
Active Directory Read-Only Domain Controller (RODC) is a new type of domain controller in Windows Server 2008.
With an RODC, organizations can easily deploy a domain controller for locations where physical security cannot be guaranteed.
Principal purpose is to improve safety RODC in branch offices. The branch office is difficult to ensure the safety required for the IT infrastructure, especially for domain controllers that contain confidential data.
Domain Controllers are often hidden in the office. If someone has physical access to Domain Controller, it will not be hard to manipulate the system and get to the data. RODC solves these problems.
Fundamental elements of the RODC is:
Read-Only Domain Controller
Administrative Role Separation
Restartable Active Directory Domain Services
In Windows Server 2008 Active Directory Domain Services (AD DS), you can now stop and restart. This means that you can stop AD DS when performing manual tasks, and as in previous versions of Windows Server required you to restart the system in Directory Services Restore Mode (DSRM). It is a great feature for scripting and automating these tasks.
Possible states of AD DS:
AD DS - started
AD DS - stopped
AD DS Restore Mode (DSRM)
Database Mounting Tool
AD Database Mounting Tool allows you to use the Active Directory snapshot, mount it in read-only mode.
In Active Directory resources are organized in a logical structure - the structure reflects the organizational model - using:
Organizational Units (OU),
Logical grouping of resources, it is easy to search using the name, not remembering their physical location.
The relationship of Active Directory domains, OUs, trees, and forests
Domain is one of the major units of the logical structure in Active Directory. Domain allows you to store objects.
Objects stored in the domain are those that we consider necessary in our network. Objects are items that support functioning of the organization:
All facilities are within the domain, and each domain stores information only about the objects it contains.
Active Directory consists of one or more domains. Domain can be extended to more than one physical location.
Organization Unit (OU)
Organization Unit is a component used to organize the objects in the domain of logical administrative group.
OU is helpful in performing everyday administrative tasks, such as administering user accounts.
OU is the smallest area to which we can assign the administrative authority.
OU can contain user accounts, groups, computer accounts, printers, applications, shared files, and other organizational units within the same domain.
OU hierarchy, which we'll use the domain hierarchy is independent of the OU in another domain - each domain can have its own independent hierarchies OU.
Active Directory Administrator is responsible for creating a hierarchy corresponding to the need for the company.
Tree is called the grouping or hierarchical arrangement of one or more domains that we get by adding one or more sub-domains (Child Domain) to an existing parent domain.
Domains in the hierarchical tree structure are divided into naming.
In accordance with the standards of the DNS Domain name refers to the child domain to parent domain name.
For example, for the parent domain piotr.com child domains are:
In addition, a child domain for a domain: office.piotr.com can be:
Through the use of trees can be safe and assign the administration of individual organizational units and individual domains to different administrators.
The tree structure can be easily changed to meet business needs.
The person responsible for creating the structure meets the company's foundation is an administrator.
Forest is a group or hierarchical arrangement of one or more completely independent domain trees. Forest has the following characteristics:
All domains in a forest share a common schema
All domains in a forest share a common global directory
Trees in the forest have a different naming structure, in accordance with the domain
The domains in the forest work independently, but allow the forest in the area of â€‹â€‹communication throughout the organization
All domains in the forest are connected
Recommendations for the administration of Active Directory Windows Server 2008
The main requirements on the server side and client:
Server - running Windows Server 2008 / 2008 R2, which will assume the role domain controller
Client - Windows XP / Vista / 7 to the minimum or Business Professional. Important: Systems in the Home version does not have the capability to connect it to a domain. Such systems can benefit from shared files on domain controllers or member servers, but you cannot manage them from DC.
Security for user accounts
Every user who wants to use computer resources must first be authenticated in the domain. It receives from the administrator user name and password, which will serve him to log into the system.
The password should be strong and known only by the user and not given to others, because only on this basis, it is verified and given access to only those resources for which the user is entitled.
Using Kerberos for authentication. Kerberos is the default authentication protocol when you log into the Active Directory Domain Services for clients running Windows 2000 or later.
It is based on the assumption that traffic between the client and the server is sent over an insecure network. This means that the user's password is never transmitted in clear text, which is readable to all types of network sniffers.
Is it worth to implement Active Directory?
Certainly many novice administrators and IT professionals within their companies ask themselves this question.
Most depends on how large and complex is our environment. If it is only a few or several computers, you may consider whether the cost of such implementation will not be too high for us.
However, when the number of hosts is counted in tens, then the choice is obvious.
In this way we are able to more effectively manage the settings of computers, users, groups, printers, shared folders and it's all in one place.
We have the assurance that each computer is configured according to a specified schema.
Tasks of the administrator in case of preparation of the new jobs are kept to a minimum. Group Policy Object is responsible for everything.
Benefits of using Active Directory can be summarized as follows:
Centralized management of IT infrastructure
Automatic installation and update software in the company
Single authentication - the user at login, enter only once a user name and password, then given access to all data, which has permissions, without having to enter credentials each time, making it possible to increase employee productivity
Reducing the cost of managing accounts
Reducing the number of reports of failures and problems