Active Directory Components in Windows Server 2008
The range of Active Directory (AD) has expanded in Windows Server 2008 and has become an essential part of many information technology (IT) environments. Active Directory has become an umbrella for a multitude of technologies surpassing what AD was in Windows Server 2000 and 2003. Check out the new uses for Active Directory:
• Active Directory Domain Services: An X.500-based directory service that provides integrated authentication and authorization services for a Windows computing environment.
• Active Directory Lightweight Directory Services: A stripped down version of Active Directory Domain Services that focuses on providing just the directory services functionality.
• Active Directory Federation Services: A Web Services–based technology for providing Web single sign-on authentication services between different organizations.
• Active Directory Certificate Services: Provides digital certification enrollment and revocation services in the support of a public key infrastructure (PKI).
• Active Directory Rights Management Services: Provides a solution for managing how users can use documents that they're authorized to access.
Roles of the Active Directory Domain Controllers
Active Directory uses a multiple-master model, and usually, domain controllers (DCs) are equal with each other in reading and writing directory information. However, certain roles cannot be distributed across all the DCs, meaning that changes can't take place on more than one domain controller at a time. Some domain controllers, therefore, do assume a single-master operations role — known as operations masters in Active Directory.
The five categories of operations master roles are:
• Schema master (one per forest): Maintains the master copy of the schema.
• PDC emulator (one per domain): Emulates a primary domain controller for backward compatibility with Windows NT.
• Domain naming master (one per forest): Tracks object names throughout a forest to ensure that they're unique. Also tracks cross-references to objects in other directories.
• Infrastructure master (one per domain): Tracks object references among domains and maintains a list of deleted child objects.
• Relative identifier (RID) master (one per domain): Tracks the assignment of SIDs (security identifiers) throughout the domain.
Usually, the first domain controller that you create in the first domain assumes the operations master roles. You can assign these roles to other domain controllers in the domain or forest, but only one domain controller at a time can hold each operation's master role.
Active Directory Logical Design Checklist
Active Directory is part of a storage structure you design that provides organization of objects — like users, computers, groups, and an assortment of other objects — in your IT environment. Before you can implement Active Directory, you have to do some planning. Be sure to complete the following steps before creating domains and organizational units (OUs):
1. Using the DNS namespace, identify and name the root domain.
2. Determine whether a tree or a forest is appropriate for your organization.
3. Determine whether you need additional domains.
4. Consult your requirements and environment to decide which domain model is best for your needs and to decide whether you need additional child domains.
5. Analyze business models and processes to determine which OU model is best for your needs.
6. Determine who will administer each OU and the administrative rights they'll need.
7. Delegate the administrative privileges that the OU administrators need.
8. Diagram the logical Active Directory structure.
Common Types of Domain Name Service Resource Records
A resource record is the basic data component in the Domain Name Service (DNS). DNS resource records define not only names and IP addresses but domains, servers, zone, and services as well. This list shows you the most common types of resource records:
Type Purpose
A Address resource records match an IP address to a host name.
CNAME Canonical name resource records associate a nickname to a host name.
MX Mail exchange resource records identify mail servers for the specified domain.
NS Name server resource records identify servers (other than the SOA server) that contain zone information files.
PTR Pointer resource records match a host name to a given IP address. This is the opposite of an Address record, which matches an IP address to the supplied host name.
SOA Start of authority resource records specify which server contains the zone file for a domain.
SRV Service resource records identify servers that provide special services to the domain.
Hardware Requirements for Windows Server 2008
Before you arrange and use Active Directory, you need to install the operating system Windows Server 2008. Start by making certain the hardware you plan to use as domain controllers is able to run the operating system. This list shows you the minimum and recommended hardware levels for Windows Server 2008:
Component Requirement
Processor 1 GHz (x86 CPU) or 1.4 GHz (x64 CPU)
Memory 512MB required; 2GB or higher recommended.
Hard Disk 10 GB required. 40 GB or more recommended.
Video Super VGA or higher video card and monitor.
Hardware Must be on the Windows 2008 Hardware Compatibility List.