Starting with the Windows 2000 operating system, the Active Directory has become the standard in network management for Windows operating systems, and all network activities, including the login process, authentication, domain Name system, and other domain functions, are under their control. The advent of multiple primary domain controllers and replication makes the goal of global network management integration a step closer.
Active Directory functionality has been improved in the Windows Server 2008 operating system, and read-only domain controllers are part of these improvements. This feature enables faster authentication of Active Directory information at remote offices to help increase the speed of access to resources, while ensuring that the server and remote terminal security are not compromised. This is achieved by providing a read-only copy of the most Active Directory information for a Windows Server 2008 domain controller on a remote terminal.
Improved security at logon
User authentication information, including account name and password, cannot be replicated to a read-only domain controller server. The damage caused by the time the server is compromised can be controlled without affecting the use of user names and passwords throughout the Active Directory database. When the user asks for authentication, the information is queried in the local read-only domain controller, not the license certificate. If no information is found in the local copy of the Active Directory database, the request is submitted to another domain controller in the network to confirm the user's permissions. Once the user has been authenticated, the information can be saved locally. When the user logs on again, the cached copy of the authorization certificate can be used to increase the speed of the login.
When the authorization certificate has changed-for example, when the user password has expired-the read-only domain controller analyzes the login and the password does not match the password in the cache, and the request is forwarded to another domain controller. In this case, the damage to the server itself will be reduced when the user's password is lost.
The domain Name System has become more secure
Another advantage for read-only domain controllers is that the replicated domain Name system also belongs to read-only. All domain Name System information in the Active Directory is replicated to the read-only domain controller, but the replicated domain Name System is not updated, and registration or updates must be performed on another domain controller. These updates, and then replicate to the read-only domain controller. The query and naming solution runs as usual and can improve the user experience by running a copy of the domain Name System locally. The cached information for the domain Name System is also replicated to the read-only domain controller.
Such a configuration can improve the overall performance of the network and improve the performance of the remote office terminal using the Active Directory, but there are some aspects that need to be noted in this configuration time:
· The first domain controller in the Windows Server 2008 operating system cannot become a read-only domain controller in an existing Active Directory environment. In the Windows Server 2008 operating system, you must first install a fully functional domain controller to replicate a read-only domain controller.
· Before you install the first read-only domain controller, you must run the Active Directory Preparation Tool adprep and rodcprep to ensure that the read-only domain controller is licensed for installation.
· In any case, a read-only domain controller cannot become a global catalog server or a role that can host operations in a directory environment.
The main reason why I am introducing a read-only domain controller in this article is to provide a way to improve the efficiency of telecommuting in the context of a domain controller with a remote office terminal, ensuring security. With the advent of the Windows Server 2008 operating system Publishing date, read-only domain controllers can provide very large help for a decentralized network environment.