The efficient domain management experience under Windows Server 2008

domain is an important part of the Microsoft LAN solution. The release of almost every Windows Server version will be greatly improved and improved in the domain. What kind of domain experience will Microsoft bring to us as the latest version of Windows Server 2008? Here I will share some new applications based on Windows Server 2008 domain with examples. I hope these new features will bring you different domain management. Experience.

1. Deploying a read-only domain controller

The security of the domain controller (DC), especially its physical security, is a concern for administrators. A special domain controller, the Read-Only Domain Controller (RODC), has been added to Windows Server 2008. With RODC, we can deploy read-only domain controllers in network nodes that cannot guarantee physical security. This not only improves security, but also enables faster logins and more efficient access to network resources.

It is very simple to deploy a read-only domain controller (RODC) in Windows Server 2008. For example, if we want to deploy a Windows Server 2008 host in the jp.com domain as a read-only domain controller, we can do this by first logging in to the host as an administrator and then allowing the command prompt as an Administrator. The command "dcpromo /replicaornewdomain:readonlyreplica /installdns:yes /replicadomaindnsname:Woodgrovebank.com /sitename=default-first-site-name /safemodeadminpassword:ctocio!" Where /replicadomaindnsname:Woodgrovebank.com" specifies the domain name, "/safemodeadminpassword:ctocio!" sets the password of the domain controller administrator to ctocio!.

It should be noted that the process of obtaining the directory (AD) during installation Also install and configure DNS at the same time, and set the administrator password for the recovery mode of Active Directory. In addition, during the installation process, be sure to mainly view the output of the Trojan copy policy on the screen. In addition, other settings we can Keep the default. After the Active Directory is installed, the system will restart. After the system restarts, the host becomes a read-only domain controller (RODC).

2. Separation of management roles

Management role separation is a significant feature of read-only domain controllers (RODCs), we can specify a domain user to the role on the RODC without granting the user any user rights to the domain or other domain controllers In fact, these roles are very similar to local groups. With this feature, we can assign administrators to branch offices' RODCs for routine maintenance (such as disk fragmentation). Rather, don't need to give him a domain administrator username and password. The benefits of doing this are very obvious: first, you can liberate the administrator and achieve the allocation of DC management tasks; in addition, it will greatly enhance the security of the domain. Because authorized users can only perform specified operations without jeopardizing the security of other parts of the domain. At the same time, it avoids the risk of damage caused by misuse of DC management at any time by administrator users.

We perform the separation of administrative roles on a read-only domain controller (RODC): log in to the host as an administrator, run the command prompt as administrator, and then execute the following commands in sequence:

NTDSUTIL

Local Roles

Add Woodgrovebank.com\\jp Administrators

Show Role Administrators

Quit

Quit

(Figure 2)

Figure 2 NTDSUTIL

Briefly explain the above command, the first line is to enter the NTDSUTIL.exe command line, the second line is to enter the local The role setting state, the third line is the key command Add the user jp to the administrators group of the Woodgrovebank.com domain, the fourth line command is to display the members of the role administrator group, and the fifth and sixth lines of commands are to exit the NTDSUTIL tool.
Previous page 12 3 One page read the full text