Windows Server 2008 allows you to configure AD DS to perform various tasks.
You can use various options in the AD DS Installation Wizard to install domain controllers in Windows Server 2008. You can use advanced options in the AD DS Installation Wizard to install AD DS and automate the DNS installation. Also, you can launch the Add Roles Wizard to select specific roles.
You can use the Server Manager to manage various roles on the server. You can install a maximum of 18 roles. You can use the roles option to view the health of the various roles installed on the server. You can use Active Directory tools to create, delete, configure, locate, and move objects.
You can perform audit changes to AD DS by using the Group Policy Object Editor tool in Windows Server 2008. You need to enable the audit policy and specify the subcategory for the policy. By enabling an audit policy, you can audit all changes made by the Domain Admins group.
Windows Server 2008 provides three states for a domain controller that has Windows Server 2008 installed on it. In the AD DS start state, Active Directory is started. In the AD DS stopped state, Active Directory is stopped. In the DSRM state, you can perform authoritative restores of AD DS.
Restartable AD DS provides various benefits such as offline defragmentation, independent running of services, and fewer restarts for domain controllers.
The Active Directory functional levels ensure that all domains in the forest are included at the Windows Server 2008 domain functional level. Active Directory functional levels has provided DFS and 256-bit AES as new enhancements in Windows Server 2008.
An RODC is a domain controller that hosts a read-only version of the Active Directory database. The features of RODCs include read-only data, unidirectional replication, credential caching, and limited rights to write in a directory.
You need to follow certain guidelines when installing RODCs in Windows Server 2008. You need to ensure that the RODCs are deployed only in sites that do not have any other domain controllers. You can deploy RODCs in large organizations to reduce the load on domain controllers in hubsites. You also need to ensure that you configure RODCs as global catalog servers.
When you install a read-only domain controller in a domain, you need to ensure that the domain is at the Windows Server 2003 forest functional level.
To install a read-only domain controller, you need to ensure that the forest functional level supports link-value replication and Kerberos constrained delegation. To install a domain controller, ensure that the PDC emulator runs Windows Server 2008.
You must configure password replication policy on the writable domain controller when you deploy an RODC. You can use any of the three options when planning the password replication policy for RODCs. You can choose not to cache any account, cache most of the accounts, or cache only a few accounts.
You can permit a domain user to become a local administrator of an RODC by configuring the administrator role separation features. You must be a member of the Domain Admins group to configure the administrator role separation features for an RODC.
You can install RODCs in Windows Server 2008 by using the Add Roles Wizard in the Server Manager. You need to install at least two domain controllers for a domain. You can also make the domain controller to perform the DNS server and global catalog server roles.
Windows Server 2008 includes various new features related to AD DC backup and recovery. You can use the Windows Server Backup tool to perform backups in Windows Server 2008. You can backup the entire volumes or perform scheduled backup or manual backup. You can perform non-authoritative restore by accessing the Windows PE from the Windows Server 2008 setup media.
You can perform AD DC backup after adding the Windows Server backup feature. You can create scheduled backup by using the Backup Schedule option. You can use Add Feature Wizard to add any role, services, or features to the server.
You can perform either an authoritative restore or non-authoritative restore to restore AD DS data. You can use non-authoritative restore option to restore a single domain controller. You need to use a system-volume backup or a full server backup to perform a non-authoritative restore of AD DS. You can use an authoritative restore to restore AD DS data that has been deleted.
