Management Of A Multi Domain Environment Computer Science Essay

Published: Last Edited:

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.

Windows Server 2008 R2 , is the second release of Windows Server 2008. Windows Server 2008 R2 is the seventh edition of the Windows Server family Timeline of Microsoft Windows. It was made available to the retail public in the October 22, 2009. It isn't an entirely new operating system, more like a type of service pack update. It provides additional features and enhancements to the existing Server 2008 operating system. Windows Server 2008 R2 comes in seven different types of editions and only available in 64-bit versions.

(Windows server 2008 R2)

Microsoft claim " Windows Server 2008 R2 is the most robust Windows Server operating system to date" (Windows server 2008 r2 product information) .

In this report, I will be mainly focusing on roles and services which are more relevant how Server 2008 R2 is configured and managed in a Multi Domain Environment.

The main aims of this report is to present information on the following areas

Explain a Windows Domain Environment.

Domain Controller

Active Directory

Trees and Forests

Global Catalogue servers

Time synchronization


Distributed file system.

Microsoft Windows Domain Environment

Windows Server 2008 R2 can be used in a single or multi domain environment. In order to organize user and resources in a logical management structure, Windows Server enables you to create a domain.

A Windows domain is logical group of computers that share the same Active Directory database. All users/computers in a domain share the same namespace for example "my". In order to use Active Directory Domain Services (AD DS), the server must be promoted to a domain controller.

Domain Controller

A domain controller (DC) is a server that handles the security authentication requests from other computers/servers in a Windows domain environment. A domain controller maintains all the users' accounts, groups, and other organization units of the network. In a Windows Server 2008 environment all domain controllers are equal. When any changes are made to a domain controller, these changes are then updated to other domain controllers using a method called replication. Replication is the sharing of updated data amongst other domain controllers. This enables all the domain controllers to contain the same identical information.

Read-only domain controllers

Read-only domain controllers (RODCs) are a new feature to AD DS in Windows Server 2008.An RODC makes it possible for organizations to set up a domain controller where physical security cannot be guaranteed, for example remote office locations. RODC only have a read only copy of AD database. When changes are made to the database, it must be done using read-writeable DC (RWDC), then replicated back to the RODC


Active directory domain services

Active directory is a multi master replication system. It is essentially an organizational database which provides centralised control over your network. Active directory stores resources in a hierarchical structure.

Keeps a record of all user names and passwords.

Used to control resources on a network.

Stores Group Policy settings.

Everything in active directory is an object regardless wither it's a user account, group policy or resources.

Active Directory and DNS

Active Directory (AD) relies on domain name system (DNS) to operate.

AD and DNS have the same hierarchical structure.

The AD names follow the same DNS conventions.

AD clients use DNS to locate domain controllers on the network

(Active Directory Architecture)

Operation master roles

Domain controllers are typically peers with each other in writing and reading directory data. There are certain types of roles which cannot be spread across all the DCs. These specific roles must be chosen to be installed on one DC in either the domain or forest. In Active Directory these roles are known as operations master roles or Flexible Single Master Operations (FSMOs).There roles operate at the domain or forest level

Forest wide roles

Schema master: The Schema Master contains all the layout/structures of all the data in the Active directory database .Within a forest there can only be one schema operational role.

Domain naming master: The Domain naming master role is responsible for the adding or removing a domain in the forest. The domain naming master ensures that two domains are not added with the same name.

Domain wide roles

RID master (relative identifier): The RID master is deals with allocating RID pool requests from all domain controllers.RID pools are sequence of numbers used in security identifiers SID's. In the domain there can only one domain controller playing the role of the RID master.

PDC Emulator: This function was initially put in place to provide a bridge between Windows NT DC and windows 2000 DC. An important task which the PDC emulator is responsible for is, keeping time accurate in the domain.(see time synchronizing for more information).

Infrastructure master: The purpose of infrastructure manager is to be responsible for keeping changes to object references consistent across the domain. It does thing like track moves and the renaming of objects.

(types of domain controller)

Trees and Forests Architecture

Trees and Forests are use to organize multiple domain environment.


A tree consists of domains which share the same common namespace, with the root at the top tree structure. The advantages to having these are active directory will automatically create trust relationships between parent and child domains. These trust relationships allow members of each domain to access resources in another domain (provided they have correct permissions).


A forest is one or more domains which are encased into one structure. A forest acts like a security boundary for all your domains within. The roots of trees are linked by default by two-way, transitive trust relationships. All domains in a forest have something in common they share something called the schema. The schema defines the active directory database. The schema also determines what can be stored on the database and the structure of that data. Each domain has its own copy of the database but it's the schema that determines the design and the schema is shared between all the domains in the forest. When changes are made to the schema, these changes are replicated to every domain throughout the forest.


Figure the illustration shows hierarchical relationship between domains in a forest

(Server 2008 Trust Relationships)

Global Catalogue Servers

In order to locate items in a forest you need an index. In any active directory forest there will be a server which provides an index for all items in the forest. These are called global catalogue servers (GC); there is always one global catalog server per domain. GC contains an index of every object in the forest. This is not a full copy of the object but it contains enough to allow a user to carry out a search. An example of this would be to use the GC to carry out a search of the forest for all laser printers.

(Understanding the Global Catalog)

Time Synchronization

All computers and servers within a Windows enterprise environment use a common time. This is because the W32Time service is required by the Kerberos authentication protocol. To keep time accurate within a domain, Microsoft uses a hierarchy system of time syncing. The root of the hierarchy is the domain controller with PDC (primary domain controller) emulator operation master role. To synchronize time in an enterprise a PDC emulator is required. All domain controllers in the domain will sync their time from the PDC emulator. The clients and member servers on the network will sync their time to the nearest domain controller. The most cost effective and efficient way to sync the time on the PDC emulator is to use an external time source (usually an atomic clock).

(How Timesync Works)

Figure illustrates the hierarchical time synchronization between computers in a forest

(windows server)


BranchCache is a new capability that was added to Windows server 2008 R2 and Windows7.It is used when you have an environment which consists of a main office along with one or more branch offices. When a user at a branch office requests files from the main office over a wide area network link. These files are then cached locally at branch office. When the same files are then requested by a different user from the same branch office, they retrieve them directly from the branch office network. BranchCache is intended to emulate as if branch users were directly connected to the main office local area network.

BranchCache uses an algorithm called remote differential compression. This algorithm carries out a round trip to check the timestamp of the file. This is to check what the most current version is. If there have been no changes. It will then open the local cached version. The benefits to this is, it will save time and reduce traffic on the WAN Link.

Microsoft claim" can reduce wide area network (WAN) utilization and enhance network application responsiveness when users access content in a central office from branch office locations."

BranchCache can operate on two different modes.

Hosted mode requires server 2008 R2 to be installed at each branch location. All data which is sent over the network is encrypted with SSL (secure sockets layer) encryption so the server will require as SSL certificate.

Distributed cache mode. In this mode each windows 7 client has its own cache. When a file is copied over the WAN link it is stored on the local cache. If another windows 7 client requested the file it will send a broadcast over the network asking if any other local computer has it. If another computer has it, the file will then be transferred from that computer instead of using the WAN.

(BranchCache Technical Overview)

Figure Diagram of Hosted and Distributed BranchCache


Distributed File System

Distributed file system (DFS) provides away to manage your file shares in your enterprise. It provides a way to make it easier for users to find information. In large organizations there can be hundreds of file shares spread out over many different servers across various sites. This can make it difficult for users to find resources because they may have to remember difficult UNC paths for example \\homerdc\comapny\sales\2012\march.

There are two different types of service roles within the Distributed File System:

DFS Namespaces

DFS Namespaces allows network administrators to group shared folders which that may be found on various different servers. This enables the namespace to be organised into one or numerous logically structures. This will give the user the impression that they are using a single shared folder with a set of subfolders.

DFS Replication

DFS Replication works by using an efficient state based multiple master replication engine .This allows you to keep all folders synchronized between servers because of slow bandwidth network connections. It uses a compression algorithm called Remote Differential Compression. This can detect and repeat only the change to files, rather than replicating entire files.

(Distributed File System)

Art Image

Figure diagram of distributed file system

(distributed file system)


Windows server 2008 R2 is suitable server platform for an organisation whose network architecture is built on multi domain environment. Implementing Windows server 2008 R2 infrastructure can greatly enhance the efficiency of any business. The new features added to Windows Server 2008 R2 like BranchCache, read only domain controllers and DFS. These added features allow organisations to operate in a more efficient manner with a greater control over network security.

The benefits Windows server 2008 R2 can provide to an organisation.

Improved file and network security

Increased reliability

Centralized data storage

Centralized management