Free Essay

Distribution of Domain Controllers

In:

Submitted By mark1123
Words 495
Pages 2
Distribution of Domain Controllers
With the fresh install of Windows 2008 R2 both Domain Controllers and Read Only Domain Controllers will need to be deployed in strategic areas of the redesigned network. Since the corporate offices are in Ohio this is where the main domain controller will be located. It has been determined that the Huffman network will have between 50 - 100 users throughout the site which means that a minimum of two Domain Controllers, with universal grouping caching, is recommended to be placed in the network (Morimoto, Noel, Droubi, , Mistry, & Amaris, 2010). “Universal Group Cashing is a process by which an Active Directory site caches all universal group members locally so that the next time clients log on, information is more quickly provided to the client and they are able to log on faster” (Morimoto, Noel, Droubi, Mistry, & Amaris 2010, p. 371). This would be fine if the network was in one location, but Huffman’s network has four locations around the United States which means that only two regular Domain Controllers is not practical for the topography of the business.
Domain Controller deployment will be as follows. Each satellite location, including California, Missouri, and New Jersey, will each have a Read-Only Domain Controller in place. The Read Only Domain Controllers is used instead of a normal controller to enhance security throughout the entire network. Read only prevents changes made to sensitive information throughout the entire company. Quick access to information is important so when each user logs onto the system so for the each user’s initial login, response time will be a little slower but just for their initial log. Once the initial log in password is verified, the active Password Replication Policy makes the decision if the credentials should be replicated on stored in the cache on the RODC. This type of limited domain controller helps improve security risks to all information with the system. If a RODC is compromised in any capacity the administrators can force a password reset for all the users within the RODC. This emergency procedure prevents unauthorized users from making it into the main server which minimizes compromised information. One regular Domain Controller will be deployed at the main facilities in Ohio.
Global Catalog Domain Controller
This is the first Domain Controller to be deployedand in order for the Active Directory to work properly this server needs be configured as a global catalog server as well. “It is important to understand that global catalog objects must be physically located close to all objects in the network that require prompt login times and fast connectivity” (Morimoto, Noel, Droubi, , Mistry, & Amaris 2010, p. 371). This by itself is not always possible so universal group caching will be implemented or a global catalog and a domain server are on the same WAN as in this case for the Ohio offices.

References

Morimoto, R., Noel, M., Droubi, O., Mistery, R.,& Amaris, C.(2010). Windows Server 2008 R2 Unleashed . : Sams Publishing.

Similar Documents

Premium Essay

Xxxxxxxxxxxxx

...The process of obtaining an IP address for a computer name (for example, “ComputerA”) is called | Name Resolution | The routing service included with Windows Server 2008 is better suited for | A smaller network | . Network Access Protection was introduced with which operating system? | Windows Server 2008 | A starting address of 192.0.0.0 and an ending address of 223.255.255.255 is a member of which network class? | Class C | . IPv4 addresses are commonly represented by using what type of notation? | Dotted-decimal | Which feature is an integral part of IPv6, whereas it was an optional feature under IPv4? | IP Security | Each host on a TCP/IP network should be configured with a number of mandatory and optional configuration items except for which of the following? | Routing Method | . If a system will be a DHCP server, what type of address should you set? | Static IP Address | What is made up of free space from multiple physical disks | Spanned Volume | Which partition style is recommended for disks larger than 2TB or for disks that are used in Itanium computers? | GPT | . BOOTP enables a TCP/IP workstation to retrieve settings for all of the configuration parameters it needs to run excluding which option? | Workstation Settings | Which of the following is not a key benefit provided by DHCP for those managing and maintaining a TCP/IP network? | De Centralized Administration | Sent by clients via broadcast to locate a DHCP server per RFC 2131, which message...

Words: 1150 - Pages: 5

Premium Essay

1. Relate How Windows Server 2008 R2 Active Directory and the Configuration of Access Controls Achieve C-I-a- for Departmental Lans, Departmental Folders, and Data.

...trust relationships, and node/application replication. Group management is made simple with Active Directory. There are two types of groups in Active Directory, distribution and security. Distribution groups are used solely for email purposes, and all members of a certain department or team are get grouped together. For example, the finance department of a company typically only communicates with other members of that same group. An Active Directory distribution group allows all members of the finance department to email without having to type every individual name in the email. Security groups are used to provide or deny access to users or devices to shares, files, or even other devices, these are called security permissions. Security permissions can be added to any distribution or security group, however email cannot be sent to a distribution group. Active Directory allows administrators to designate network users as owners or delegates of other security or distribution groups, to be updated as needed. Organizational management is made possible through the use of Organizational Units aka OU’s. Basically, OU’s allow users, computers, or devices on the same network to be grouped together to best fit the Companies needs. This makes searching for or accessing a device, user, or group far less complex than if all domain items were listed together. For example, the Company I work for has over 20 sites spread across the U.S., and to simplify user management and security each site...

Words: 705 - Pages: 3

Free Essay

Windows

...their parent domains. | | Definition False | | | Term You can drag and drop leaf objects, such as users and computers, between OUs, but not between domains. | | Definition TRUE | | | Term Unlike organizational units, you cannot assign Group Policy settings to computer objects, nor can you delegate their administration. | | Definition TRUE | | | Term When you want to grant a collection of users permission to access a network resource, such as a file system share or a printer, you can assign permissions to an organizational unit. | | Definition FALSE | | | Term Active Directory is one of the easiest technologies to test because an isolated lab environment usually can emulate many of the factors that can affect the performance of a directory service. | | Definition FALSE | | | Term When you want to grant a collection of users permission to access a network resource, such as a file system share or a printer, you can assign permissions to an organizational unit. | | Definition FALSE | | | Term Active Directory is one of the easiest technologies to test because an isolated lab environment usually can emulate many of the factors that can affect the performance of a directory service. | | Definition FALSE | | | Term Active Directory was first introduced in which operating system? | | Definition Windows 2000 Server | | | Term Where do users log in when joining an Active Directory domain? | | Definition domain | | ...

Words: 1908 - Pages: 8

Premium Essay

Client Server 2 Final Exam Study Guide

... 10. The style of partitioning for larger drives (over 2 Tb)? GPT (guid partition table) 11. Boot –P allows a pc to receive from the DHCP server except what? Workstation settings 12. What zone would a DNS server may have? Primary zone 13. What is in a forward/reverse lookup zone? Primary,secondary, and stud 14. If you have a IP based on name, what type of zone is it? Reverse lookup zone 15. If you have Server 2008 with DS role is has? Domain controller 16. If you have domain controller, what is the process called for keeping it up to date? Replication 17. The “read only” domain controller holds this file? NTDS.Dit 18. Distinguished name includes the entire name (whole hierarchal structure). 19. Dc promo.exe makes the wizard to make server a domain controller. 20. What is the minimum numory requirement for active directory? 200 MB 21. Application directory partitions are used to divide forest wide DNS info from Domain wide info. 22. How often the intersight replication occurs? Every 15 minutes 23. In order...

Words: 654 - Pages: 3

Free Essay

Active Directory Accounts

...users do to the amount of permissions that are bestowed upon the user. They have complete control over everything otherwise known as Full Control which means they can read write execute modify and delete but believe you me myself would detour anybody but a certain few the power to delete. So by default the built in group Administrators gives full control so only a select few will be put into this group and in most cases just one person. Also the administrators group allows the user to have complete control over the domain controllers to add users and set permissions. So the only people you would ever see in this group are Network Administrators. There are a lot of other things this group can do but for this paper that’s all I’m getting into. The next built in group I’ll be talking about is the Account Operators with this account the users are limited when it comes to permissions. They can modify and delete user and user group information but only on their local domain but they can’t modify anything having to do with administrators. So locally they could cause a threat to local groups and users but across the network they have no control so if there is an issue to arise cause by a member in this group you can pin point it to their LAN. Ok now with this next group, no one is in this group by default they have to be physically being placed in this group because of the special task they have to perform. This group is called the Backup Operators group. In this group the network...

Words: 801 - Pages: 4

Premium Essay

Information Technology

...Page 179, 198-199 1. In a case where multiple PSOs are configured for a particular user, Active Directory will determine which one to apply by using the PSO’s msDS-PasswordSettingsPrecedence 2. You can automatically add a technical support user to the local Administrators group of each domain workstation by using Restricted Groups. 3. The gpupdate.exe command allows you to manually refresh group policy settings on a particular computer. 4. Tattooing refers to a Group Policy setting that is not removed when the GPO setting reverts to “Not Configured” 5. You would audit Account Logon Events to determine who is authenticating against your Active Directory domain controllers. 6. Each Active Directory domain controller acts as a Key Distribution Center to enable the distribution of Kerberos tickets. 7. Folder Redirection allows you to configure a user’s Documents, Desktop, and other folders so that they are stored on a network drive rather than the local computer 8. Settings in the Kerberos Policy section of Group Policy allow you to configure the maximum allowable clock skew between a client and a domain controller. 9. Auditing for Policy Change Events will alert you when a change is made to User Rights assignments, IPSec policies, or trust relationships. 10. You can create a consistent service startup configuration for multiple computers by using the System Services node in Group Policy. Matching: 1. This feature of Group...

Words: 481 - Pages: 2

Premium Essay

Server 2 End of Lesson Answers

...cmd extension, that can be used to automate many routine or repetitive tasks. built-in user accounts Accounts automatically created when Microsoft Windows Server 2008 is installed. By default, two built-in user accounts are created on a Windows Server 2008 computer: the Administrator account and the Guest account. Comma-Separated Value Directory Exchange (CSVDE) Command-line utility used to import or export Active Directory information from a comma-separated value (.csv) file. Comma-Separated Values (CSV) Format that contains a comma between each value. The CSV format can be used to import and export information from other third-party applications. distribution group Non-security-related groups created for the distribution of information to one or more persons. domain account Accounts used to access Active Directory or network-based resources, such as shared...

Words: 6605 - Pages: 27

Premium Essay

Student

...registered records is not scalable, especially for larger customers with multiple domains and/or forests. In GNZ, after the creation and enabling of the GlobalNames zone, the administrators must manually create, add, edit and, if required - delete, name records from that zone. GNZ does not support dynamic updates." Read more: http://wiki.answers.com/Q/What_is_the_purpose_of_the_Global_Names_Zone_in_Windows_Server_2008_DNS_servers#ixzz1kzD5eDgb EXPLAIN THE MODIFICATIONS NECESSARY TO DNS FOR ACCOMMODATING READ ONLY DOMAIN CONTROLLERS. HOW IS THIS DIFFERENT FROM THE WAYS DNS HANDLES ORDINARY DOMAIN CONTROLLERS? "Because the DNS server that runs on an RODC cannot directly register client updates, it has to refer the client to a DNS server that hosts a primary or Active Directory-integrated copy of the zone file. This server is sometimes referred to as a "writable DNS server." When a client presents a Find Authoritative Query, which is the precursor to an update request, the DNS server on the RODC uses the domain controller Locator to find domain controllers in the closest site. The RODC then compares the list of domain controllers that is returned with the list of name server (NS) resource records that it has. The RODC returns to the client the NS resource record of a writable DNS server that the client can use to perform the update. The client can then perform its update. If no domain controller in the closest site matches an entry in the list of NS records...

Words: 5692 - Pages: 23

Free Essay

Active Directory at Campus

...be created and configured in Windows Server 2008 installation. The ITT Technical has to use a Domain Controller because the built-in Administrator account created in Active Directory has a full control of the domain in which it created. Groups have been used to make network permission easier to administer. For ITT Tech I will make three distinct groups of users: students, instructors, and administrators. When I determine in which group type I can allocate the students, instructors, and administrators. I have to nesting some groups. To add security and distribution using the group types that are available in the Active Directory domain are as follow: domain local groups, global groups, and universal groups. I will place in the domain local group: Director, Dean, Associate Dean, Registrar, and the Dept. Chair. Because they can contain user accounts, computer accounts, global groups, and universal groups from any domain, in addition to other domain local groups from the same domain. So, the domain local group can has access to all groups in the hierarchy three or forest and UOs. In the global group I will allocate the Instructors and Administrators. This global group can contain user accounts, computer accounts, and/or other global groups only from within the same domain as the global group. Global groups can be used to grant or deny permissions to any resource located in any domain in the forest. I believe the students will be belong to universal group because can assign the...

Words: 384 - Pages: 2

Free Essay

Executive Summary Report

...Active Directory provides a namespace for resolving the names of network objects to the objects themselves. Active Directory can resolve a wide range of objects, including users, systems, and services on a network. Each object in an Active Directory has a name. These are not the names that you are accustomed to, like "Tony" or "Eric." They are LDAP distinguished names. LDAP distinguished names are complicated, but they allow any object within a directory to be identified uniquely regardless of its type. The local users on the client’s computer will not be affected during domain join. They can still logon on the local machine. Meanwhile, on domain controllers, during the Active Directory Installation, local accounts in the registry-based SAM database are migrated to Active Directory; the existing SAM is deleted; and a new, smaller registry-based SAM is created that is used for starting the domain controller in Directory Services Restore Mode for system repair. You can assign profile paths in Active Directory Users and Computers… on the computer’s hard disk, users who access several computers will have a profile… For example, is a user logs on to three different workstation, the user could have three very different profiles on each system. As a result, the user may get confused about what network resources are available on a given system. A workgroup is best...

Words: 468 - Pages: 2

Free Essay

Dr Powell

...which is the physical card, and what the user and only the user themselves know which is the pin/password. It's also the principal card that’s used to enable physical access to buildings and controlled spaces, and it also provides access to defense computer systems and networks. The integrated circuit chip (ICC) which is the the little gold chip that is usually located at the bottom of the card contains information about the owner, including the PIN and one or more PKI digital certificates. The ICC comes in different capacities, with the most recent versions issued at 64 and 144 kilobytes (KB). One of the very first parts of the book and the virtual labs are focusing on the Active Directory Domain Controllers. Before I started to work on the lab I knew a little about the domain controllers and what it is used for. Working on the lab itself made me not only learn about it...

Words: 1397 - Pages: 6

Premium Essay

Module 1 Written Assignment

...Assignment Robert Collazo Rasmussen College What steps are required in the planning and design of this domain infrastructure? Determine the Number of Forests. This step involves determining whether one or multiple forests are required to meet the organization’s objectives. Determine the Number of Domains. This step involves determining the number of domains that are required to meet the organization’s objectives. Assign Domain Names. This step involves assigning names to each of the domains. Select the Forest Root Domain. This step involves selecting the forest root domain. Determine Domain Controller Placement. This step involves deciding where domain controller resources will be placed for each domain in each forest. Determine Operations Master Role Placement. This step involves deciding the placement of the operations master roles for the forest and each domain. Determine Domain Controller Configuration. This step involves determining the disk space, memory, processor, and the network requirements for each domain controller. How would you implement and configure the AD domain for these offices? When implementing AD for these offices I would configure first a forest or domain. Then I would configure trust, sites, and active directory replication. Then I would configure the global catalog and master operations. What would you implement to allow access between domains? Which type would you recommend and why? Selective authentication By creating Selective authentication...

Words: 918 - Pages: 4

Premium Essay

Unit 7 Ad Design

...which option? 12. Which of the following is not a key benefit provided by DHCP for those managing and maintaining a TCP/IP network? 13. Sent by clients via broadcast to locate a DHCP server per RFC 2131, which message may include options that suggest values for the network address lease duration? 14. What type of zone might a DNS server host? 15. Which of the following is not a forward or reverse lookup zone type? 16. Which zone enables a host to determine another host's name based on its IP address 17. A windows server 2008 computer that has been configured with the Active Directory DS role is referred to as a ___. 18. The process of keeping each domain controller in synch with changes that have been made elsewhere on the network is called ___. 19. The ___ domain controller...

Words: 921 - Pages: 4

Free Essay

Active Dir

...Active Directory Design Guide Thursday, 25 February 2010 Version 2.0.0.0 Baseline Prepared by Microsoft Prepared by Microsoft Copyright This document and/or software (“this Content”) has been created in partnership with the National Health Service (NHS) in England. Intellectual Property Rights to this Content are jointly owned by Microsoft and the NHS in England, although both Microsoft and the NHS are entitled to independently exercise their rights of ownership. Microsoft acknowledges the contribution of the NHS in England through their Common User Interface programme to this Content. Readers are referred to www.cui.nhs.uk for further information on the NHS CUI Programme. All trademarks are the property of their respective companies. Microsoft and Windows are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. © Microsoft Corporation 2010. All rights reserved. Disclaimer At the time of writing this document, Web sites are referenced using active hyperlinks to the correct Web page. Due to the dynamic nature of Web sites, in time, these links may become invalid. Microsoft is not responsible for the content of external Internet sites. Page ii Active Directory – Design Guide Prepared by Microsoft, Version 2.0.0.0 Last modified on 26 February 2010 Prepared by Microsoft TABLE OF CONTENTS 1 2 Executive Summary ..............................................................................................

Words: 43732 - Pages: 175

Free Essay

Ntc/324 Week 5 Best Answers Ch 16, 17, 18, 19

...Ch16 1. B – Ch16 – Page 462-463 - Under – Understanding Group Policy Objects – There are 3 subheadings listed as Local GPOs, Domain GPOs, and Starter GPOs. The differences between these groups are explained here. 2. B – Ch16 – Page 463 – Under – Viewing the Group Policy Container - By default, installing Active Directory Domain Services on Windows Server 2012 creates two GPOCs, corresponding to two default GPOs: Default Domain Policy and Default Domain Controller Policy. The two GPCs are named using globally unique identifiers (GUIDs) assigned to the GPOs during their creation. 3. D – Ch16 – Page 482 – Under – Create Local GPO – After logging on to a Windows Computer using an account with Administrative privileges, the Server Manager Console appears and the steps to create Local GPO, then Secondary GPO, then a Tertiary GPO and the policy settings for each GPO are outlined here. 4. A – Ch16 – Page 485 – Under – Skill Summary - Group Policies applied to parent containers are inherited by all child containers and objects. You can alter inheritance by using the Enforce, Block Policy Inheritance, or Loopback settings. 5. B – Ch16 – Page 462 – Under Local GPO - All Windows operating systems have support for local Group Policy objects, sometimes known as LGPOs. Windows versions Windows Server 2008 R2 and Windows Vista support multiple local GPOs and enables you to specify a different local GPO for administrators or to create specific GPO settings for one or more...

Words: 1144 - Pages: 5