Module 9: Active Directory Domain Services
Module 9: Active Directory Domain Services. Overview Describe new features in AD DS List manageability and reliability enhancements in AD DS.
Dec 28, 2015
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Module 9:Active Directory Domain
Services
Overview
Describe new features in AD DS
List manageability and reliability enhancements in AD DS
Lesson: What’s New in AD DS
List new AD DS installation options
Identify AD DS Unattend installation options
Identify the new search feature in Active Directory Sites and Services
Unattend Options
Return Code when Complete
Unattend operation completes without response from UI
Active Directory Sites and Services
Lesson 2: Manageability and Reliability
Describe Common Criteria
Describe the benefits of using DFSR for SYSVOL replication
List DNS improvements
Use the Restartable AD DS feature
Use the AD DS database mounting tool
DFSR for SYSVOL
SYSVOL SYSVOL
Distributed File System Replication
DNS Improvements
•Support for AD DS
•Auto-Configuration Installation
•Improved DC Location Support for Clients
•Read-Only Integrated Zone for RODC
Restartable AD DS
Server Off
Start as DC?
Success?
Active Directory Started
Stop Active Directory
Active Directory Stopped
Start command successful
Directory Services Restore Mode
Restart
No
No
No
Yes
Yes
Yes
Database Mounting Tool
• Ntdsutil.exe takes snapshots of the AD DS database
• Run Ntdsutil.exe to list and mount available snapshots
• Run Dsamain.exe to expose the snapshot as an LDAP server
• Run and attach Ldp.exe to the snapshot’s LDAP port
• Browse the snapshot
AD DS: Auditing
AD DS: Auditing
When a successful modify occurs AD DS logs the previous and current values of the attribute
If a new object is created, values of the attributes that are populated at the time of creation are logged
Object moved within a domain, the previous and new location is logged
If an object is undeleted, the location to which the object is moved is logged
Fine-Grained Password Policies
AD DS: Fine-Grained Password Policies
Define different password and account lockout policies for different sets of users in a domain
Domain functional level must be Windows Server 2008 Cannot be applied to an OU directly
Can use a shadow group
Read-Only Domain Controllers
What new functionality does this feature provide?
Read-only AD DS database Unidirectional replication Credential caching Administrator role separation Read-only Domain Name System (DNS)
Related Documents
