Sunday, October 5, 2008

What is change in Windows 2008 with DC PROMO?

DCPROMO is the process of promoting a Sever to become domain controller and can be run from GUI or CMD window. The question is, what is change in windows 2008 when we perform DCPromo, and here is little summary. The .DIT database is still the partitioned database and seeing .DIT with MMC 3.0 looks nice but there are not big/Major changes to the structure of database.

The making DC is GC is integrated with the Wizard, as well, old days we had to go to site and services, find the DC, NTDS settings properties and checkmark was hidden there, this is no longer the case with new DCPromo.Replication is over the network or from media (IFM) this can reduce the network traffic (the network connectivity still is needed)

The new ntdsutil ifm subcommand is also recommended because you can use it to remove secrets, such as passwords, from the AD DS database so that you can install a read-only domain controller (RODC). When you remove these secrets, the RODC installation media is more secure if it must be transported to a branch office for an RODC installation

Finally the installation path for .DIT database ,t he best practice will be keep the .Dit and SysVol together and place Logs on separate hard disk spindles most likely RAID 0 + 1 fashion.

When you install Active Directory Domain Services (AD DS), you specify where the Active Directory database, log files, and the SYSVOL shared folder will be placed on the server. The database stores information about the users, computers, and other objects on the network. The log files record activities that are related to AD DS, such as information about an object being updated. SYSVOL stores Group Policy objects and scripts. By default, SYSVOL is part of the operating system files in the %windir% directory

Finally export settings, very nice future, can be used to automate the future installations.

What is new in ADDS

--Oz Ozugurlu

MVP (Exchange) MCITP (EMA),

MCITP (SA) MCSE 2003, M+, S+,

MCDST, Security+, Project +, Server +



Pattrick said...

This seems cool but we have to see how it is going to help us.
Hope it is going to be user-friendly.

Oz Ozugurlu said...

In my personal opinion knowing the AD 2003 is going to give everyone very strong base, the process has not been changed as well as the concept. The are some improvements but not enough in term of default Microsoft configurations.
I will think for instance the DNS console is very poor, and how hard it would be to make it more efficient for MS? The functionality of AD has been lifted up empowered the windows 2008 servers look way better than any other versions of server family in my opinion. MCC 3.0, build in windows firewall, and report capabilities are awesome, I wish there were some improvements for the DNS and some other AD functions.