View
221
Download
2
Category
Tags:
Preview:
Citation preview
Lesson: What’s New in AD DS
List new AD DS installation options
Identify AD DS Unattend installation options
Identify the new search feature in Active Directory Sites and Services
Lesson 2: Manageability and Reliability
Describe Common Criteria
Describe the benefits of using DFSR for SYSVOL replication
List DNS improvements
Use the Restartable AD DS feature
Use the AD DS database mounting tool
DNS Improvements
•Support for AD DS
•Auto-Configuration Installation
•Improved DC Location Support for Clients
•Read-Only Integrated Zone for RODC
Restartable AD DS
Server Off
Start as DC?
Success?
Active Directory Started
Stop Active Directory
Active Directory Stopped
Start command successful
Directory Services Restore Mode
Restart
No
No
No
Yes
Yes
Yes
Database Mounting Tool
• Ntdsutil.exe takes snapshots of the AD DS database
• Run Ntdsutil.exe to list and mount available snapshots
• Run Dsamain.exe to expose the snapshot as an LDAP server
• Run and attach Ldp.exe to the snapshot’s LDAP port
• Browse the snapshot
AD DS: Auditing
AD DS: Auditing
When a successful modify occurs AD DS logs the previous and current values of the attribute
If a new object is created, values of the attributes that are populated at the time of creation are logged
Object moved within a domain, the previous and new location is logged
If an object is undeleted, the location to which the object is moved is logged
Fine-Grained Password Policies
AD DS: Fine-Grained Password Policies
Define different password and account lockout policies for different sets of users in a domain
Domain functional level must be Windows Server 2008 Cannot be applied to an OU directly
Can use a shadow group
Recommended