Implementing NI/AD – 11/11/2008

Further exploring AD, we came across the concept of sites today.  Sites exist for the purpose of explaining to Active Directory which DCs are separated by weaker WAN links that may cost our companies money if left to replicate every 15 minutes or so.  AD sees no difference between New York and Los Angeles — it only sees a couple of different IP addresses of different DCs.

After playing with Sites and Services a bit, we moved on to the Global Catalog and FSMO roles.  Remember, if operating in Windows 2000 Native mode or higher, having global catalogs are required for the authentication (logon) process.  Global Catalogs keep authentication information and how to get to remote domains stored on them so that authentication traffic doesn’t have to traverse WAN links.  FSMO roles are the things that domain controllers do.  Each initial DC that is installed is given all 5 roles, but in bigger installations we may want to divy up the jobs to other DCs that might be better equipped to handle the jobs.  We can either transfer roles to other servers, or we can seize roles from servers that already have roles.  The tool we use for this?  NTDSUtil.

Finally, in chapter 5, we practiced with some techniques that allow us to run AD in a day-to-day fashion.  Obviously, seizing the Infrastructure Master role from one server to another is not something we’ll likely do every day.  But adding users is something we might definitely do.  We looked at some alternate ways of adding those users, namely using the DSADD and the NET commands.

Homework:

• Chapter 3: Review Questions
• Chapter 4: Review Questions
• Chapter 5: Review Questions