Ø Active Directory Role in Windows Server 2008
o Active Directory Domain Services (ADDS) – this is like the current AD
o Active Directory Certificate Services (ADCS)
o Active Directory Federation Services (ADFS) – for possible access between two different organization
o Active Directory Lightweight Directory Services (ADLDS) – this is like ADAM in Windows 2003
o Active Directory Rights Management Services (ADRMS)
o Active Directory Read Only Domain Controller (ADRODC) – truly new feature
Ø ADLDS contains customize AD attribute, mainly use for application in DMZ and it is read only too. No authentication and doesn’t support exchange.
Ø ADRMS – for Intranet, Website, Email, and document
Ø For RODC implementation must have at least Windows Server 2003 forest functionality and one Windows Server 2008 DC
Ø By default RODC doesn’t keep password. A password replication policy must be setup. PDC emulator on the Domain must run on Windows Server 2008.
Ø Local Administrator can be set on RODC without giving access to Active Directory.
Ø Improved Auditing in AD
o Directory Service Access (current)
o Directory Service Change
o Directory Service Replication
o Detailed Directory Service ReplicationAuditing is not setup by default. When it’s enable, it can track AD object creation, deletion, modify, or movement.
No comments:
Post a Comment