Saturday, April 20, 2013

Read-Only Domain Controller

With the release of Windows Server 2008, Microsoft has introduced the read-only domain controller
(RODC). The RODC contains a read-only copy of the Active Directory database that cannot be
directly configured. This increases security, especially in areas where the physical security of the
domain controller cannot be guaranteed.
A new Domain Name System (DNS) zone was also created to support this new server type. A
primary read-only zone contains read-only copies of the domain partition, ForestDNSZones, and
DomainDNSZones.


Ref: Mastering Active Directory for windows server 2008.

Posted by at No comments:

Windows Server Core

In keeping with Microsoft’s ongoing battle against all things security (whether implied or true), the
company has introduced a new type of server for 2008. Windows 2008 Server Core is a Windows
server that does not contain a GUI. All administration of Server Core is performed via the command
line or via scripting. You may also administer some functions by connecting to Server Core from
another server’s Microsoft Management Console (MMC) utility.
Server Core was introduced for many reasons:

 Reduced maintenance—Server Core installs only what is necessary for the specific server role.

 Reduced attack surface—Because Server Core installs only what is necessary for the specific
server role, fewer applications are running on the server, and the attack surface is reduced.

 Reduced management—Because fewer applications are running on the server, there is less
to manage.

 Less disk space—Server Core can run on less that 5 GB of disk space. Considering that most
new servers come standard with 150-plus GB drives now, you may be wondering why this
is an advantage of Core Server. Think about what is being done with solid-state drives in the
marketplace right now. There may be options for running Server Core on solid-state drives
in the very near future.

Ref: Mastering Active directory for windows server 2008
Posted by at No comments:

Active Directory Certificate Services


The Active Directory Certificate Services (AD CS) allow you to create and manage certificates used
in environments that employ public-key technologies. AD CS allows you to associate the identity
of a person, device, or service to a private key.
Posted by at No comments:

Active Directory Rights Management Services


Microsoft released Windows Rights Management Services (RMS) a few years ago. Windows Server
2008 introduces a pretty significant update to this product and has changed the name to Active
Directory Rights Management Services (AD RMS)
Posted by at No comments:

Active Directory Federation Services (AD FS)

Active Directory Federation Services (AD FS) extends Active Directory to the Internet while guaranteeing
the authenticity of the accounts attempting to authenticate. Using this technology will not only
enable organizations to work with partner organizations more efficiently; it will also allow interoperability
with a with range of applications and platforms, such as Netegrity, Oblix, and RSA, as well as
leverage client systems that can utilize Simple Object Access Protocol (SOAP)–based command sets.
When using AD FS, an organization can allow users that exist within separate forests, as well as
amongpartner organizations, to have access to the organization’s web applications and use a single
sign-on. AD FS is based on the Web Services architecture that is being developed with the
cooperation of several companies, including IBM and Microsoft.


Reference :Mastering Active directory for windows server 2008.


Posted by at No comments:

Active Directory Lightweight Directory Services


Active Directory Lightweight Directory Services (AD LDS) allows administrators to create small versions
of Active Directory that run as non–operating system services. Because AD LDS does not run
as an operating system service, it does not require deployment on a domain controller. Any workstation
or server can host an instance, or multiple instances, of AD LDS. Instead of building a domain
controller so that developers have an Active Directory database to work with, you could create an
instance of AD LDS on their workstations for them to test against. You could also use it as a repository
for data used by a customer-relations management program or an address book directory. If you
need a directory to hold data instead of a database, you may want to consider using AD LDS.


reference : mastering Active directory for windows server 2008
Posted by at No comments:
Subscribe to: Comments (Atom)