Guy recommends:
Free Solarwinds
VM Console

 A free desktop tool that monitors, or restarts, your VMware virtual machines.  Download your free VM Console

---

 

Active Directory

Best Practice Active Directory Litmus Test

Professionals: Install the Active Directory feature of Windows 2003 / 2008

Amateurs:  Use Windows 2003 only as a member servers in an NT 4.0 Domain

Implementing Active Directory

While the uptake of Windows Server 2003 has been brisk, only a minority of administrators are confident of installing the Active Directory feature.  What amateurs do is only install Windows Server 2003 as a member server for their SQL database and mail servers.

It is a great shame that amateurs carry on using NT 4.0 domain controllers.  Professionals on the other hand, install Windows 2003 domain controllers and unleash the full benefit of Active Directory services.

Best practice for installing Active Directory

When you move to Active Directory, there are crucial decisions to make.  By analysing the following factors the best practice will become clear.

1) How will you begin your migration?  Reformat the machines and build from scratch; I have heard this strategy called 'Wipe and Roll'.  Alternatively, go for an 'In Place' upgrade to the new system.  Simple, but no rollback, therefore impractical for big organisations.

2) Understand DNS and choose the best naming system for your new root domain.  DNS with its new SRV records is vital for Active Directory.  So do not even think about promoting a member server to a domain controller until you are an expert on DNS.

3) Plan how many domains you really need, and how they will be linked?

4) Take advantage of Organizational Units and delegation to manage your users and computers.

5) Develop a vision of your desktops, create that lockdown through Group Policy.

6) Calculate the best distribution of physical sites.  Consider upgrading network connections.

7) Take the time to understand the Windows 2000 Schema as it defines all the objects in Active Directory.

8) Upgrade the desktops first.  The reasons for this tactic are practical rather than logical - users need the benefits of XP Professional quickly.

See much more about Active Directory here.

Guy Recommends:  Solarwinds' Free Bulk Import Tool

Import users from a spreadsheet.  Just provide a list of the users with their fields in the top row, and save as .csv file.  Then launch this FREE utility and match your fields with AD's attributes, click and import the users.  Optionally, you can provide the name of the OU where the new accounts will be born.

There are also two bonus tools in the free download, and all 3 have been approved by Microsoft:

1. Bulk-import new users into Active Directory.
2. Seek and zap unwanted user accounts.
3. Find inactive computers.

Download your FREE bulk import tool.

FSMO Roles

For most operations Windows 2003 uses the multiple master model.  For example if you have three domain controllers, you can physically create a new user in the NTDS.dit database on any of the three.  Five minutes later, the new user object will be replicated to the other domain controllers. 

Unlike NT 4.0, there are no primary and backup domain controllers in Windows 2003.  However, a few operations are so critical that only one domain controller can carry out that operation.  These operations are called Flexible Single Master Operations (FSMO); creating a new child domain would be one example of a single master operation.

I have to confess a hidden agenda with FSMO.  If I want to instantly know how well someone knows Active Directory, I introduce FSMO into the conversation and watch their reaction.  Professionals will know what FSMO means and its significance, amateurs just frown.

The Five FSMO Roles Are

1. PDC Emulator - For NT 4.0 BDC's.  But also for synchronizing time and creating group policies.
2. RID Master - Each object must have a globally unique number.  The RID master makes sure each domain controller issues unique numbers when you create objects like users.
3. Infrastructure Master - Responsible for checking Universal group membership in multiple domain forests.
4. Domain Naming Master - Ensures that each child domain has a unique name.
5. Schema Master - Operations that involve expanding user properties e.g. Exchange 2000 adds the mailbox property to users.

See much more about Active Directory here.

See more about Windows 8

• Windows 8 New Features   • Windows 8 Remote Desktop   • When will Windows 8 Expire?

• Windows 8 Performance  • Windows 8 Explorer Ribbon

 *

Custom Search	Guy Recommends: SolarWinds Free IP SLA Monitor SolarWinds IP SLA Monitor offers so much more than just uncovering network bottlenecks, the real joy is learning about router traffic. To find out what's happening on the network between your computers and their routers, download your free copy of the of IP SLA Monitor.
Home Copyright © 1999-2012 Computer Performance LTD All rights reserved Please report a broken link, or an error.