6425a 01

Implementing Active Directory Domain Services
1-1
Module 1
Implementing Active Directory Domain
Services
Contents:
Lesson 1: Installing Active Directory Domain Services
1-3
Lesson 2: Deploying Read-Only Domain Controllers
1-14
Lesson 3: Configuring AD DS Domain Controller Roles
1-22
Lab: Implementing Read-Only Domain Controllers and Managing

Domain Controller Roles
1-29
BETA COURSEWARE. EXPIRES 4/11/2008
1-2
6425A: Configuring Windows Server 2008 Active Directory Domain Services
Module Overview
Active Directory Domain Services (AD DS) is installed as a server role in

Windows Server 2008. You have several choices to make when you install AD DS
and run the Active Directory Installation Wizard. You must choose whether to
create a new domain or add a domain controller to an existing domain. You also
have the option of installing AD DS on a server running Windows Server 2008
Server Core or installing read-only domain controllers. After deploying the domain
controllers, you also must manage special domain controller roles, such as the
global catalog and operations masters.
1-3
Lesson 1:
Installing Active Directory Domain Services
Windows Server 2008 provides several ways to install and configure Active
Directory Domain Services. This lesson describes the standard AD DS installation,
and then also describes some of the other options that are available when
performing the installation.
1-4
Requirements for Installing AD DS
Key Points
To install Active Directory Domain Services, the server must meet the following
requirements:
Windows Server 2008 operating system must be is installed. AD DS can only be
installed on the following editions:
Windows Server 2008, Standard Edition
Windows Server 2008, Enterprise Edition
Windows Server 2008, Datacenter edition
Additional Reading
Active Directory Domain Services Help: Installing Active Directory Domain

Services
Microsoft Technet article: Requirements for Installing AD DS
1-5
What Are Domain and Forest Functional Levels?
Key Points
In Windows Server 2008, forest and domain functionality provides a way to enable
forest-wide or domain-wide Active Directory features in your network environment.
Different levels of forest and domain functionality are available, depending on
domain and forest functional level.
Additional Reading
Active Directory Domain Services Help: Set the domain or forest functional
level
Microsoft Technet article: Appendix of Functional Level Features
1-6
AD DS Installation Process
Key Points
To configure a Windows Server 2008 domain controller, you must install the AD
DS server role and run the Active Directory Domain Services Installation wizard.
Do this using one of the following processes:
Install the Server role by using Server Manager, and then run the installation
wizard by running DCPromo or the installation wizard from Server Manager.
Run DCPromo from the Run command or a command prompt. This will
install the AD DS server role and then start the installation wizard.
Additional Reading

Services
Microsoft Technet article: Installing a New Windows Server 2008 Forest and
Scenarios for Installing AD DS
1-7
Advanced Options for Installing AD DS
Key Points
Some of the Active Directory Domain Services Installation Wizard pages appear
only if you select the Use advanced mode installation check box on the Welcome
page of the wizard or by running DCPromo with the /adv switch. If you do not run
the installation wizard in advanced mode, the wizard uses default options that
apply to most configurations.
Question: When would you use the advanced options mode in your organization?
Additional Reading
Active Directory Domain Services Help: Use advanced mode installation
Microsoft Technet article: What's New in AD DS Installation and Removal
1-8
Installing AD DS from Media
Key Points
Before you can use backup media as the source for installing a domain controller,
use Ntdsutil.exe to create the installation media.
Question: Which types of installation media will you use in your organization?
Additional Reading
Microsoft Technet article: Installing AD DS from Media
1-9
Demonstration: Verifying the AD DS installation
Question: What steps would you take if you noticed that the domain controller
installation failed?
Additional Reading
Microsoft Technet article: Verifying an AD DS Installation
Microsoft Technet article: Verifying Active Directory Installation
1-10
Upgrading to Windows Server 2008 AD DS
Key Points
To install a new Windows Server 2008 domain controller in an existing Windows
2000 Server or Windows Server 2003 domain, complete the following steps:
If the domain controller is the first Windows Server 2008 domain controller in
the forest, you must prepare the forest for Windows Server 2008 by extending
the schema on the schema operations master. To extend the schema, run
adprep /forestprep. The adprep tool is located on the Windows Server 2008
installation media.
a Windows 2000 Server domain, you must first prepare the domain by
running adprep /domainprep /gpprep on the infrastructure master. The
gpprep switch adds inheritable access control entry (ACEs) to the Group
Policy Objects (GPO) that are located in the SYSVOL shared folder and
synchronizes the SYSVOL shared folder among the controllers in the domain.
1-11
a Windows Server 2003 domain, you must prepare the domain by running
adprep /domainprep on the infrastructure master.
After you install a writeable domain controller, you can install an RODC in the
Windows Server 2003 forest. Before doing this, you must prepare the forest by
running adprep /rodcprep. You can run adprep /rodcprep on any computer in
the forest. If the RODC will be a global catalog server, then you must run
adprep /domainprep in all domains in the forest, regardless of whether the
domain runs a Windows Server 2008 domain controller. By running adprep
/domainprep in all domains, the RODC can replicate global catalog data from
all domains in the forest and then advertise as a global catalog server.
Additional Reading

Services
Microsoft Technet article: Installing a New Windows Server 2008 Forest:
Microsoft Technet article: Scenarios for Installing AD DS
1-12
Installing AD DS on a Server Core Computer
Key Points
To install AD DS on a Windows Server 2008 computer running Server Core, you
must use an unattended setup. Windows Server 2008 Server Core does not
provide a graphical user interface (GUI) so you cannot run the Active Directory
Domain Services installation wizard.
To perform an unattended install of AD DS, use an answer file and the following
syntax with the Dcpromo command:
Dcpromo /answer[:filename] Where filename is the name of your answer
file.
Additional Reading
Microsoft Technet article: Appendix of Unattended Installation Parameters
1-13
Discussion: Common Configuration for AD DS
Key Points
After installing a domain controller, you may need to perform additional tasks in
your environment. You can access checklists for the following common
configurations for AD DS in Server Manager, under Resources and Support.
Additional Reading
AD DS Help: Common Configurations for Active Directory Domain Services
1-14
Lesson 2:
Deploying Read-Only Domain

Controllers
One of the important new features in Windows Server 2008 is the option to use
read-only domain controllers (RODCs). RODCs provide all of the functionality that
clients require while providing additional security for domain controllers deployed
in branch offices. When configuring RODCs, you can specify which user account
passwords will be cached on the server and configure delegated administrative
permissions for the domain controller. This lesson describes how to install and
configure RODCs.
1-15
What Is a Read-Only Domain Controller?
Key Points
An RODC is a new type of domain controller that Windows Server 2008 supports.
An RODC hosts read-only partitions of the AD DS database. This means that no
changes can ever be made to the database copy that the RODC stores, and all AD
DS replication uses a one-way connection from a domain controller that has a
writeable database copy to the RODC.
Additional Reading
Microsoft Technet article: AD DS: Read-Only Domain Controllers
1-16
Read-Only Domain Controller Features
Key Points
See the list on the slide.
Additional Reading
Microsoft Technet article: Step-by-Step Guide for Read-Only Domain

Controller in Windows Server 2008 Beta 3
1-17
Preparing to Install the RODC
Key Points
Before you can install an RODC, you must prepare the AD DS environment by
completing the following steps:
Configure the domain and forest functional level
Plan for Windows Server 2008 domain controller availability
Prepare the forest and domain
Additional Reading
AD DS Help: Delegate read-only domain controller installation and

administration

1-18
Installing the RODC
Key Points
The RODC installation is almost identical to the installation of AD DS on a domain
controller with a writeable copy of the database. However there are a few extra
steps.
Additional Reading

administration

1-19
Delegating the RODC Installation
Key Points
You can delegate the installation of an RODC by performing a two stage
installation.
Question: What are the benefits of delegating an RODC installation?
Additional reading

administration
Microsoft Technet article: AD DS: Read-Only Domain Controllers:

Controller in Windows Server 2008 Beta 3:
1-20
What Are Password Replication Policies?
Key Points
When deploy an RODC, you can configure a Password Replication Policy for the
RODC.
The Password Replication Policy acts as an access control list (ACL) that
determines if an RODC is permitted to cache a password.
The Password Replication Policy lists the accounts that you are allowing explicitly
to be cached and those that you are not. The passwords for any accounts are not
actually cached on the RODC until after the first time the user or computer
account is authenticated through the RODC.
Additional Reading
AD DS Online Help: Specify Password Replication Policy
1-21
Demonstration: Configuring Administrator Role Separation

and Password Replication Policies
Questions: What is an alternative way to configure administrator role separation

and password replication policies?
Your organization has deployed two RODCs. How would you configure the
password replication policy if you wanted the credentials for all user accounts and
computer accounts except for administrators and executives to be cached on both
RODCs?
Additional Reading
AD DS Help: Specify Password Replication Policy
1-22
Lesson 3:
Configuring AD DS Domain Controller

Roles
All domain controllers in a domain are essentially equal, meaning they all contain
the same data and provide the same services. However, you also can assign special
roles to domain controllers to provide additional services or address scenarios in
which only one domain controller should provide services at any given time. This
lesson describes how to configure and manage global catalog servers and
operations masters.
1-23
What Are Global Catalog Servers?
Key Points
The global catalog is a partial, read-only replica of all domain directory partitions in
a forest. The global catalog is a partial replica because it includes only a limited set
of attributes for each of the forests objects. By including only the attributes that are
used the most for searching, the database of a single global catalog server can
represent every object in every domain in the forest.
The global catalog server hosts the global catalog and its domain information.
Active Directory configures the first domain controller automatically in the forest as
a global catalog server. You can add global catalog functionality to other domain
controllers or change the default location of the global catalog to another domain
controller.
Additional Reading
Microsoft Technet article: Domain Controller Roles
1-24
Modifying the Global Catalog
Key Points
Sometimes you may want to customize the global catalog server to include
additional attributes. By default, for every object in the forest, the global catalog
server contains an objects most common attributes. Applications and users can
query these attributes. For example, you can find a user by first name, last name, email address, or other common properties
Additional Reading
Microsoft Technet article: Domain Controller Roles (Global Catalog Partial

Attribute Set section)
1-25
Demonstration: Configuring Global Catalog Servers
Questions: What types of errors or user experiences would lead you to investigate
whether you needed to configure another server as a global catalog server?
What are reasons why you would choose to replicate an attribute to the global
catalog?
Additional Reading
Microsoft Technet article: To add an attribute to the global catalog
1-26
What Are Operations Master Roles?
Key Points
Active Directory is designed as a multimaster replication system. However, for
certain directory operations, only a single authoritative server is required. The
domain controllers that perform specific roles are known as operations masters.
The domain controllers that hold operations master roles are designated to
perform specific tasks to ensure consistency and to eliminate the potential for
conflicting entries in the Active Directory database.
Additional Reading
Microsoft Technet article: To add an attribute to the global catalog
1-27
Demonstration: Managing Operation Master Roles
Questions: Under what circumstances might you need to seize an operations

master role immediately rather than wait a few hours for a domain controller
currently holding the role to be repaired?
You are deploying the first domain controller in a new domain that will be a new
domain tree in the WoodgroveBank.com forest. What operations master roles will
this server hold by default?
Additional Reading
Microsoft Technet article: Manage Operations Master Roles
1-28
How Windows Time Service Works
Key Points
The Windows Time service, also known as W32Time, synchronizes the date and
time for all computers running on a Windows Server 2008 network. The Windows
Time service uses the Network Time Protocol (NTP) to ensure highly accurate time
settings throughout your network. You also can integrate the Windows Time
service with external time sources.
Additional Reading
Microsoft Technet article: Windows Time Service Technical Reference
Microsoft Technet article: Configuring a time source for the forest
1-29
Lab: Implementing Read-Only Domain

Controllers and Managing Domain Controller
Roles
Scenario:
Woodgrove Bank has begun their deployment of Windows Server 2008. The
organization has deployed several domain controllers at the corporate
headquarters and is preparing to deploy domain controllers in several branch
offices. The Enterprise Administrator created a design that requires read-only
domain controllers to be deployed on servers running Windows Server 2008 in all
branch offices. Your task is to deploy a domain controller in a branch office that
meets these requirements.
1-30
Exercise 1: Evaluating Forest and Server Readiness for

Installing an RODC
Woodgrove Bank has begun their deployment of Windows Server 2008. The
organization has deployed several domain controllers at the corporate
headquarters and is now preparing to deploy domain controllers in several of the
branch offices. The Enterprise Administrator has created a design that requires
read-only domain controllers to be deployed on servers running Windows Server
2008 in all branch offices.
Your task is to deploy a domain controller in a branch office that meets these
requirements
Note: Due to the limitations of the virtual lab environment, you will be installing the
RODC in the same site as the existing domain controllers. In a production
environment, you would complete the same steps even if the RODC was in a
different site.
The main tasks are as follows:

1.
Start 6425A-NYC-DC1 and log on as Administrator.
2.
Start 6425A-NYC-SVR1 and log on as Administrator.
3.
Start 6425A-NYC-SVR1 and log on as Administrator.
4.
Verify the forest and domain functional level are compatible with an RODC
deployment.
5.
Verify the availability of a writeable domain controller running Windows

Server 2008.
5.
Configure the computer account settings for the RODC.
f Task 1: Start 6425A-NYC-DC1 and log on as Administrator
Start 6425A-NYC-DC1 and log on as Administrator using the password

Pa$$w0rd.
1-31
f Task 2: Start 6425A-NYC-DC2 and log on as Administrator
Start 6425A-NYC-DC2 and log on as Administrator using the password

Pa$$w0rd.
f Task 3: Start 6425A-NYC-SVR1 and log on as Administrator
Start 6425A-NYC-SVR1 and log on as Administrator using the password

Pa$$w0rd.
f Task 3: Verify the forest and domain functional level are compatible
with an RODC deployment
1.
On NYC-DC1, open Active Directory Users and Computers.
2.
Right-click WoodgroveBank.com and verify that the domain functional level

and the forest functional level are set to Windows Server 2003.
f Task 4: Verify the availability of a writeable domain controller running

Windows Server 2008
1.
In Active Directory Users and Computers, check the properties for NYC-DC1.
2.
Verify that the operating system name is Windows Server 2008 Enterprise.
f Task 5: Configure the computer account settings for the RODC

1.
On NYC-SVR1, open Server Manager.
2.
Click Change System Properties, and on the Computer Name tab, change the
computer name to TOR-DC1.
3.
Restart the computer.
Result: At the end of this exercise, you will have verified that the domain and the
computer are ready to install an RODC.
1-32
Exercise 2: Installing and Configuring an RODC

You will install the RODC server role on the Windows Server 2008 computer. To
do this, you will prestage the computer account that the RODC will use. As part of
the prestaging, you will configure an administrative group with permissions to
install the domain controller.
After the installation is complete, you will verify that the installation completed
successfully. You also will configure password-replication policies for users that log
on to the domain controller.
1.
Pre-stage the computer account for the RODC.
2.
Log on to TOR-DC1 as Administrator.
3.
Install the RODC using the existing account. Use WoodgroveBank\Axel as the
account with credentials to perform the installation.
4.
Verify the successful installation of the domain controller.
5.
Configure a password replication policy that enables credential caching for all
user accounts in Toronto.
f Task 1: Pre-stage the computer account for the RODC

1.
On NYC-DC1, open Active Directory Users and Computers.
2.
Right-click the Domain Controllers organization unit and click Pre-create

Read-only Domain Controller account.
3.
Complete the Active Directory Domain Services Installation Wizard using the
following selections:
a.
Use advanced mode installation
b.
Use the current credentials.
c.
Computer name: TOR-DC1
d. Default site
e.
Install only the DNS and RODC options
f.
Delegate permission to install the RODC to Axel Delgado
1-33
f Task 2: Log on to TOR-DC1 as Administrator
Log on as Administrator using the password Pa$$w0rd.
f Task 3: Install the RODC using the existing account. Use

WoodgroveBank\Axel as the account with credentials to perform the
installation
1.
On TOR-DC1, open a command prompt and type dcpromo

/UseExistingAccount:Attach, and then press ENTER:
2.
Complete the Active Directory Domain Services Installation Wizard using the
following selections:
a.
Use advanced mode installation
b.
Provide Axel as the alternative credential
c.
Use TOR-DC1 as the computer name
d. Use NYC-DC1.WoodgroveBank.com as the source domain controller
3.
e.
Accept the default location for the Database, Log Files, and SYSVOL files.
f.
Use Pa$$w0rd as the Directory Services Restore Mode Administrator

Password
Reboot the computer when the installation finishes.
f Task 4: Verify the successful installation of the domain controller

1.
After NYC-SRV1 restarts, log on as Axel with a password of Pa$$w0rd.
2.
In Server Manager, verify that Active Directory Domain Services server role is
installed.
3.
Verify that all required services are running.
4.
In Active Directory Users and Computers, verify that TOR-DC1 is listed in

the Domain Controllers organizational unit.
5.
Verify that you do not have permission to add or remove domain objects.
1-34
6.
In Active Directory Sites and Services, verify that TOR-DC1 is listed in the
Servers list for the Default-First-Site-Name.
7.
Check the NTDS Settings for TOR-DC1. Confirm that connection objects have
been created.
8.
Check the NTDS Settings for NYC-DC1. Confirm that no connection objects
have been created for replication with TOR-DC1.
9.
Open Event Viewer. In the Directory Service log, locate and view a message
with an event ID of 1128. This event ID verifies that a replication connection
object has been created between NYC-DC1 and TOR-DC1.
f Task 5: Configure a password replication policy that enables credential

caching for all user accounts in Toronto
1.
On NYC-DC1, in Active Directory Users and Computers, access the TORDC1 Properties dialog box.
2.
Add all of the Toronto groups to the Password replication policy.
Result: At the end of this exercise, you will have installed an RODC and configured
the RODC password replication policy for the RODC.
1-35
Exercise 3: Configuring AD DS Domain Controller Roles

You will configure the RODC installed in the previous exercise as a global catalog
server. You also will assign operation master roles to an additional domain
controller in the domain.
1.
Use Active Directory Sites and Services to configure TOR-DC1 as a global

catalog server.
2.
Configure NYC-DC2 as the infrastructure master and domain naming master

for the WoodgroveBank.com domain.
3.
Add the Department attribute to the global catalog.
4.
Shut down all virtual machines.
f Task 1: Use Active Directory Sites and Services to configure TOR-DC1

as a global catalog server
1.
On NYC-DC1, in Active Directory Sites and Services, locate the TOR-DC1

computer account.
2.
Access the NTDS Settings, and select the Global Catalog check box.
f Task 2: Configure NYC-DC2 as the infrastructure master and domain

naming master for the WoodgroveBank.com domain
1.
On NYC-DC1, in Active Directory Users and Computers, change the

consoles focus to NYC-DC1.WoodgroveBank.com and then click OK.
2.
Right-click WoodgroveBank.com, and then click Operations Masters.

Transfer the infrastructure master role to NYC-DC2.WoodgroveBank.com.
3.
On NYC-DC2, open Active Directory Domains and Trusts. Access the

Operations Master settings and transfer the domain naming operations
master role to NYC-DC2.
1-36
f Task 3: Add the Department attribute to the global catalog

1.
On NYC-DC1, use the regsvr32 schmmgmt.dll to register the Active Directory

Schema snap-in.
2.
Create a new MMC and add the Active Directory Schema snap-in.
3.
In the Active Directory Schema, access the Department attribute and

configure the attribute to replicate to the Global Catalog.
f Task 4: Shut down all virtual machines and discard any changes
Result: At the end of this exercise, you will have configured a global catalog server and
configure AD DS domain controller roles.
1-37
Module Review and Takeaways
Review Questions
1.
You are deploying a domain controller in a branch office. The branch office
does not have a highly secure server room so you are concerned about the
security of the server. What two Windows Server 2008 features can you take
advantage of to enhance the security of the domain controller deployment?
2.
You must create a new domain by installing a domain controller in your Active
Directory infrastructure. You are reviewing the inventory list of available
servers for this purpose. Which of the following computers could be used as a
domain controller?
A. Windows Server 2008 Web Edition, NTFS files system, 1 gigabyte (GB)
free hard disk space, TCP/IP.
B. Windows Server 2008 Enterprise Edition, NTFS files system, 500
megabyte (MB) free hard disk space, TCP/IP.
1-38
C. Windows Server 2008 Server Core Enterprise Edition, NTFS files system,
1GB free hard disk space, TCP/IP.
D. Windows Server 2008 Standard Edition, NTFS files system, 500 MB free
hard disk space, TCP/IP.
3.
You are deploying an RODC in branch office. You need to ensure that all users
in the branch office can authenticate even if the WAN connection from the
branch office is not available. Only the users who normally log on in the
branch office should be able to do this? How would you configure the
password replication policy?
4.
You need to install a domain controller by using the install from media option.
What steps do you need to take to complete this process?
5.
Will you be deploying RODCs in your AD DS environment? Describe the

deployment scenario.
6.
You are deploying a domain controller in a branch office. The office has a
WAN connection to the main office that has very little available bandwidth and
is not very reliable. Should you configure the branch office domain controller
as a global catalog server?
Considerations
Keep the following considerations in mind when you are implementing RODCs
and managing domain controller roles:
You can install the AD DS Server role on all Windows Server 2008 editions
except Windows Server 2008 Web Server Edition.
Consider installing a RODC on a Windows Server 2008 Server Core computer

to provide additional security for your domain environment.
To install AD DS on a Server Core computer, you must use an unattended

installation.
Plan the password replication policies carefully in your organization. If you

enable credential caching for most of the accounts in your domain, you will
increase the impact to your organization if the RODC is compromised. If you
do not enable any credential caching, you increase the impact to the branch
office location if the WAN link to the main office is not available.
1-39
In most cases, deploying a global catalog server in a site will improve the logon
experience for users. However, deploying a global catalog in a remote office
also increases the network utilized for replication.
Operation master roles provide important services on a network but the

services are not usually time critical. Most of the time, if a domain controller
holding an operation master role fails, you do not immediately need to seize
the role to another domain controller if the failed server can be repaired within
a few hours.

6425a 01

Transféré par

Informations du document

Titre original

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

6425a 01

Transféré par

Droits d'auteur :

Formats disponibles

Implementing Active Directory Domain Services

Lesson 2: Deploying Read-Only Domain Controllers

Lesson 3: Configuring AD DS Domain Controller Roles

Lab: Implementing Read-Only Domain Controllers and Managing

BETA COURSEWARE. EXPIRES 4/11/2008

6425A: Configuring Windows Server 2008 Active Directory Domain Services

Active Directory Domain Services (AD DS) is installed as a server role in

BETA COURSEWARE. EXPIRES 4/11/2008

Implementing Active Directory Domain Services

Installing Active Directory Domain Services

BETA COURSEWARE. EXPIRES 4/11/2008

6425A: Configuring Windows Server 2008 Active Directory Domain Services

Requirements for Installing AD DS

Windows Server 2008, Standard Edition

Windows Server 2008, Enterprise Edition

Windows Server 2008, Datacenter edition

Active Directory Domain Services Help: Installing Active Directory Domain

Microsoft Technet article: Requirements for Installing AD DS

BETA COURSEWARE. EXPIRES 4/11/2008

Implementing Active Directory Domain Services

What Are Domain and Forest Functional Levels?

Microsoft Technet article: Appendix of Functional Level Features

BETA COURSEWARE. EXPIRES 4/11/2008

6425A: Configuring Windows Server 2008 Active Directory Domain Services

Active Directory Domain Services Help: Installing Active Directory Domain

BETA COURSEWARE. EXPIRES 4/11/2008

Implementing Active Directory Domain Services

Advanced Options for Installing AD DS

Active Directory Domain Services Help: Use advanced mode installation

Microsoft Technet article: What's New in AD DS Installation and Removal

BETA COURSEWARE. EXPIRES 4/11/2008

6425A: Configuring Windows Server 2008 Active Directory Domain Services

Installing AD DS from Media

Microsoft Technet article: Installing AD DS from Media

BETA COURSEWARE. EXPIRES 4/11/2008

Implementing Active Directory Domain Services

Demonstration: Verifying the AD DS installation

Microsoft Technet article: Verifying an AD DS Installation

Microsoft Technet article: Verifying Active Directory Installation

BETA COURSEWARE. EXPIRES 4/11/2008

6425A: Configuring Windows Server 2008 Active Directory Domain Services

Upgrading to Windows Server 2008 AD DS

BETA COURSEWARE. EXPIRES 4/11/2008

Implementing Active Directory Domain Services

Active Directory Domain Services Help: Installing Active Directory Domain

Microsoft Technet article: Installing a New Windows Server 2008 Forest:

Microsoft Technet article: Scenarios for Installing AD DS

BETA COURSEWARE. EXPIRES 4/11/2008

6425A: Configuring Windows Server 2008 Active Directory Domain Services

Installing AD DS on a Server Core Computer

Microsoft Technet article: Appendix of Unattended Installation Parameters

BETA COURSEWARE. EXPIRES 4/11/2008

Implementing Active Directory Domain Services

Discussion: Common Configuration for AD DS

AD DS Help: Common Configurations for Active Directory Domain Services

BETA COURSEWARE. EXPIRES 4/11/2008

6425A: Configuring Windows Server 2008 Active Directory Domain Services

Deploying Read-Only Domain

BETA COURSEWARE. EXPIRES 4/11/2008

Implementing Active Directory Domain Services

What Is a Read-Only Domain Controller?

Microsoft Technet article: AD DS: Read-Only Domain Controllers

BETA COURSEWARE. EXPIRES 4/11/2008