Now Available:

Featured Resource:

line

Realtime Communities

line

Newsletter

Email Address:


line

Monthly Archives

line

RSS

line

Ask the Expert

Have a question for our resident expert? Email your questions to Greg.

« Server 2008 Domain Controllers: What's Most Neat and Cool? Part #4 of 6 | Main | Server 2008 Domain Controllers: What's Most Neat and Cool? Part #6 of 6 »

Server 2008 Domain Controllers: What's Most Neat and Cool? Part #5 of 6

DCPROMO

The following is excerpted from Chapter 7 of Windows Server 2008: What’s New / What’s Changed, available now from www.sapienpress.com.

Now that your domain is prepared, you’re ready to build your first Server 2008 DC. If anything has happened to the DCPROMO wizard since Server 2003, it’s gained a little weight. Much needed weight in this author’s opinion. If you’ve ever struggled with creating domains in previous versions that appeared to be complete but really weren’t, you’ll like some of the added error checking in this version. The biggest change within its error checking involves the tests DCPROMO runs against DNS to verify its capability to accept and properly run Active Directory.

From a command prompt, enter dcpromo to start the wizard. Note the new checkbox for Use advanced mode installation. You’ll likely want to check this box every time as it provides some valuable additional screens in the wizard.

Skipping past a few of the screens we’ve seen before, we’re asked about the Forest Functional Level. As expected, there are new Forest and Domain Functional Levels with Server 2008 that, like previous levels, require DC’s in the forest and domain to be at Server 2008. There are no new features that come with an upgrade to the Forest Functional Level, but there are a few that arrive when you upgrade your Domain Functional Level…

More after the jump.

• FRS becomes DFS-R. Our old friend the cantankerous File Replication Service gets replaced with the young whippersnapper Distributed File System Replication. DFS-R is quite a bit more robust and stable than FRS. For larger domains with lots of inter-DC replication, this new feature alone will likely drive an upgrade more than anything.

• Kerberos gets AES. The AES algorithm replaces Kerberos’ previous RC4-HMAC encryption algorithm. AES in either 128-bit or 256-bit is a significantly stronger cipher for protecting authentication information while in transit.

• Last Interactive Logon Information. An enhancement to auditing, last interactive logon information shows characteristics about the last successful interactive logon. This information provides the user, workstation, and number of failed logon attempts since the last logon.

• Fine-Grained Password Policies. We discussed Fine-Grained Password Policies in Chapter 4. But know here that before you can implement them your Domain Functional Level must be at Server 2008.

Moving a few more screens into the interface, we get to see some of the DNS checks provided by the wizard. The screen you’ll be seeing at this point tells us that the wizard is unable to locate the assigned Fully-Qualified Domain Name (FQDN) for the server attempting to become a Domain Controller. In this case, I haven’t assigned a primary DNS suffix, so it is unable to determine the server’s entire FQDN.

When creating a new domain, DCPROMO’s DNS checks will attempt to discover the correct FQDN of the server. If it can, it will create a delegation on behalf of the server within DNS and configure it to properly accept dynamic updates. It will additionally configure or correct any settings associated with client settings, forwarders, root hints as necessary. What’s also different here is the ability of the DCPROMO wizard to install the DNS Role during the creation of the domain if one is not already present. In our case with the error above, I need to enter the primary DNS suffix so the wizard knows the full DNS name of the server.

For new domains, the rest of the DCPROMO screens are unchanged from previous versions, asking us the location for our AD database files and the Directory Services Restore Mode password. As discussed in Chapter 5 on Server Core, the very last screen with DCPROMO includes a checkbox titled Export Settings that will allow us to save our settings into a text file for later use in an unattended installation.

Interested in reading the whole series? Click here for a link to every post in this series.

Tags:              
 Email This!  Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Greg Shields on January 9, 2008 12:30 AM |

TrackBack

TrackBack URL for this entry:
http://www.realtime-windowsserver.com/type/mt-tb.cgi/593

Comments

Good news. Thanks for clause. I shall go to search for the information on the given theme further

Posted by: Cisco | March 14, 2008 3:03 AM

Post a comment

(All comments are approved by site leader before appearing here. Thanks for commenting!)

Search

line

Most Active Posts

line

Library Resources

line
line

Recent Posts

line

Categories

line

Greg Shields' Bio:

Greg Shields, is an independent author, instructor, and IT consultant based in Denver, Colorado, and a co-founder of Concentrated Technology. With nearly 15 years of experience in information technology, Greg has developed extensive experience in systems administration, engineering, and architecture specializing in Microsoft systems management, remote application, and virtualization technologies. Greg is a Contributing Editor for Redmond Magazine, MCPmag.com, and Virtualization Review Magazine and is the author of five books, including Windows Server 2008:  What’s New / What’s Changed. Greg is also a highly sought-after instructor and speaker, speaking regularly at conferences like TechMentor Events, and producing computer-based training curriculum for CBT Nuggets.  Greg is a recipient of Microsoft "Most Valuable Professional" award with a specialization in Windows Terminal Services.