Module 11: Read-Only Domain Controllers. Overview Describe the Read-Only Domain Controllers role Use Read-Only Domain Controllers.

Slides:



Advertisements
Similar presentations
Copyright line. Configuring Server Roles in Windows 2008 Exam Objectives New Roles in 2008 New Roles in 2008 Read-Only Domain Controllers (RODCs) Read-Only.
Advertisements

What’s New in Windows Server 2008 AD?
The following 10 questions test your knowledge of Internet-based client management in Configuration Manager Configuration Manager 2007 Internet-Based.
Implementing and Administering AD DS Sites and Replication
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 6 Managing and Administering DNS in Windows Server 2008.
Module 12 Upgrading from Exchange Server 2003 or Exchange Server 2007 to Exchange Server 2010.
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
Lesson 16: Configuring Domain Controllers
Module 3 Windows Server 2008 Branch Office Scenario.
Chapter 6 Introducing Active Directory
By Rashid Khan Lesson 4-Preparing to Serve: Understanding Microsoft Networking.
Chapter 4 Introduction to Active Directory and Account Management
Lesson 13: Installing Domain Controllers
Course 6425A Module 2: Configuring Domain Name Service for Active Directory® Domain Services Presentation: 50 minutes Lab: 45 minutes This module helps.
Understanding Active Directory
Vikram Thakur Introduction to Active Directory Structure.
Active Directory Implementation Class 4
ADVANCED MICROSOFT ACTIVE DIRECTORY CONCEPTS
Module 1: Installing Active Directory Domain Services
Module 1: Installing Active Directory Domain Services
Overview of Active Directory Domain Services Lesson 1.
Overview of Active Directory Domain Services Lesson 1.
Nassau Community College
(ITI310) SESSIONS : Active Directory By Eng. BASSEM ALSAID.
Chapter 12: Additional Active Directory Server Roles
11 REVIEWING MICROSOFT ACTIVE DIRECTORY CONCEPTS Chapter 1.
Module 1 Introduction to Managing Microsoft® Windows Server® 2008 Environment.
Session 6 Windows Platform Dina Alkhoudari. Learning Objectives What is Active Directory Logical components of active directory Physical components of.
COMP2017 – Server Administration
MCTS Guide to Configuring Microsoft Windows Server 2008 Active Directory Chapter 3: Introducing Active Directory.
(ITI310) By Eng. BASSEM ALSAID SESSIONS
Module 12: Designing an AD LDS Implementation. AD LDS Usage AD LDS is most commonly used as a solution to the following requirements: Providing an LDAP-based.
Module 7: Implementing Sites to Manage Active Directory Replication.
Module 6: Designing Active Directory Security in Windows Server 2008.
Module 9: Active Directory Domain Services. Overview Describe new features in AD DS List manageability and reliability enhancements in AD DS.
Designing Active Directory for Security
Introduction to Active Directory Domain Services
Securing AD DS Module A 3: Securing AD DS
Maintaining Active Directory Domain Services
Designing Authentication for a Microsoft Windows 2000 Network Designing Authentication in a Microsoft Windows 2000 Network Designing Kerberos Authentication.
Module 7 Active Directory and Account Management.
Session 7 Windows Platform Eng. Dina Alkhoudari. Learning Objectives Active Directory review Managing users and groups Single Master Operations Delegation.
Module 11: Implementing ISA Server 2004 Enterprise Edition.
IAM304: Active Directory (AD) Design with Longhorn Server Directory Services Kamal Janardhan Lead Program Manager Directory Services.
Jose Luis Auricchio Microsoft Switzerland
Module 6: Designing Name Resolution. Module Overview Collecting Information for a Name Resolution Design Designing a DNS Server Strategy Designing a DNS.
Introduction to Active Directory Domain Services
Module 12 Upgrading from Exchange Server 2003 or Exchange Server 2007 to Exchange Server 2010.
Module 11 Upgrading to Microsoft ® Exchange Server 2010.
Module 1: Implementing Active Directory ® Domain Services.
Windows Server 2003 La migrazione da Windows NT 4.0 a Windows Server 2003 Relatore: MCSE - MCT.
Module 4 Planning for Group Policy. Module Overview Planning Group Policy Application Planning Group Policy Processing Planning the Management of Group.
Module 4: Configuring Active Directory Sites and Replication.
70-412: Configuring Advanced Windows Server 2012 services
Module 3 Planning for Active Directory®
Chapter 4- Part3. 2 Implementing User Profiles A local user profile is automatically created at the local computer when you log on with an account for.
Installing a Domain Controller
Introduction to Active Directory
Module 8: Planning for Windows Server 2008 Active Directory Services.
Module 4: Configuring Active Directory ® Domain Sevices Sites and Replication.
MCSE: Windows Server 2003 Active Directory Planning, Implementation, and Maintenance Study Guide, Second Edition (70-294) Chapter 1: Overview of the Active.
Active Directory Domain Services (AD DS). Identity and Access (IDA) – An IDA infrastructure should: Store information about users, groups, computers and.
Microsoft Installing & Configuring Windows Server Exam Questions Answers Powered By:
Overview of Active Directory Domain Services Lesson 1.
Assignment # 8.
Overview of Active Directory Domain Services
Implementing Active Directory Domain Services
Overview of Active Directory Domain Services
Network Administration
Presentation transcript:

Module 11: Read-Only Domain Controllers

Overview Describe the Read-Only Domain Controllers role Use Read-Only Domain Controllers

Lesson 1: Read-Only Domain Controller Describe the role of Read-Only Domain Controllers Describe Windows Server 2008 domain upgrade requirements and prerequisites List the prerequisites for RODC deployment Describe scenarios in which RODC usage is recommended Describe Read-Only Domain Controller Replication

Read-Only Domain Controller Branch Office Guide Recommendations

Windows Server 2008 Domain Upgrade Requirements and Prerequisites In-place upgrade from Windows 2000 Server is not supported In-place upgrade from Windows Server 2003 domain controller to Windows Server 2008 RODC or Windows Server 2008 Server Core is not supported Prepare your Active Directory environment with Windows Server 2008 updates Extend the domain schema

RODC Deployment Prerequisites 1. Works in existing environments 2. Windows Server® 2003 Forest Functional Mode One Windows Server® 2008 DC 3. No patching to down-level DCs or clients is needed 4. Multiple Windows Server 2008 DCs per Domain One RODC per Domain per Site 1. Works in existing environments 2. Windows Server® 2003 Forest Functional Mode One Windows Server® 2008 DC 3. No patching to down-level DCs or clients is needed 4. Multiple Windows Server 2008 DCs per Domain One RODC per Domain per Site

Read-Only Active Directory Database

Read-Only Domain Controller Replication Replication is Unidirectional Cannot Perform Outbound Replication Domain Partition replication must be sourced from Windows Server 2008 Requires writeable 2008 domain controller in nearest site in the topology

Placing RODCs with site link bridging 2008 writable DC can be placed in Site A rather than Site B Physical connectivity between Site A and C available implicitly If WAN links are available for a time that is sufficient to complete replication, RODC in Site C can replicate from the writable domain controller running Windows Server 2008 in Site A

Placing RODCs without site link bridging Bridge all site links option is disabled Writable DC running 2008 for the same domain should be placed in Site B to replicate the domain partition to the RODC Otherwise, the RODC in Site C can replicate the schema, configuration, and application directory partitions, but not the domain partition

RODCs in Spoke Sites In this scenario do any of the following to accommodate the need for direct replication between RODC and writable DC Additional site link between A and C and between site A and site D Create a site link bridge that includes site link A-B, site link B- C, and site link B-D Add a writable 2008 DC in the intermediary site (site B).

Lesson 2: Read-Only Domain Controller Operation Describe how credential caching is controlled on an RODC Describe how to configure Administrator Role Separation Configure read-only DNS servers Describe how to recover from a compromised RODC

Credential Caching Credential Caching is storing user passwords on RODC Must be explicitly allowed Configured via Password Replication Policy on RODC’s writeable replication partner

Administrator Role Separation Problem Too many domain administrators Problem Too many domain administrators Solution Provides a new “local administrator” level of access per RODC Prevents accidental Active Directory modifications by computer administrators Does not prevent “local administrator” from maliciously modifying the local database This is a true security feature for Read-Only Domain Controller Solution Provides a new “local administrator” level of access per RODC Prevents accidental Active Directory modifications by computer administrators Does not prevent “local administrator” from maliciously modifying the local database This is a true security feature for Read-Only Domain Controller Read-Only Domain Controller

Read-Only Domain Name System Does not support client updates directly Refers clients to a writeable authoritative DNS Replicates updated records from writeable DNS

Recovering from RODC Compromise Delete the RODC from the domain Change passwords of accounts that are cached on compromised RODC Manually remove the server object for the deleted RODC

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.