Active Directory For Dummies
Book image
Explore Book Buy On Amazon
Whether you're new to Active Directory (AD) or just need a refresher, it'll help you enhance your information technology (IT) environment if you understand how Active Directory has expanded in the Windows 2008 Server, the tasks of the domain controllers, necessary steps to design the logical side of Active Directory, the standard resource records used in the Domain Name Service (DNS), and the hardware required to run the Windows 2008 Server.

Active Directory components in Windows Server 2008

The range of Active Directory (AD) has expanded in Windows Server 2008 and has become an essential part of many information technology (IT) environments. Active Directory has become an umbrella for a multitude of technologies surpassing what AD was in Windows Server 2000 and 2003. Check out the new uses for Active Directory:

  • Active Directory Domain Services: An X.500-based directory service that provides integrated authentication and authorization services for a Windows computing environment.

  • Active Directory Lightweight Directory Services: A stripped down version of Active Directory Domain Services that focuses on providing just the directory services functionality.

  • Active Directory Federation Services: A Web Services–based technology for providing Web single sign-on authentication services between different organizations.

  • Active Directory Certificate Services: Provides digital certification enrollment and revocation services in the support of a public key infrastructure (PKI).

  • Active Directory Rights Management Services: Provides a solution for managing how users can use documents that they’re authorized to access.

Roles of the Active Directory domain controllers

Active Directory uses a multiple-master model, and usually, domain controllers (DCs) are equal with each other in reading and writing directory information. However, certain roles cannot be distributed across all the DCs, meaning that changes can’t take place on more than one domain controller at a time. Some domain controllers, therefore, do assume a single-master operations role — known as operations masters in Active Directory.

The five categories of operations master roles are:

  • Schema master (one per forest): Maintains the master copy of the schema.

  • PDC emulator (one per domain): Emulates a primary domain controller for backward compatibility with Windows NT.

  • Domain naming master (one per forest): Tracks object names throughout a forest to ensure that they’re unique. Also tracks cross-references to objects in other directories.

  • Infrastructure master (one per domain): Tracks object references among domains and maintains a list of deleted child objects.

  • Relative identifier (RID) master (one per domain): Tracks the assignment of SIDs (security identifiers) throughout the domain.

Usually, the first domain controller that you create in the first domain assumes the operations master roles. You can assign these roles to other domain controllers in the domain or forest, but only one domain controller at a time can hold ea

Active Directory logical design checklist

Active Directory is part of a storage structure you design that provides organization of objects — like users, computers, groups, and an assortment of other objects — in your IT environment. Before you can implement Active Directory, you have to do some planning. Be sure to complete the following steps before creating domains and organizational units (OUs):

  1. Using the DNS namespace, identify and name the root domain.

  2. Determine whether a tree or a forest is appropriate for your organization.

  3. Determine whether you need additional domains.

  4. Consult your requirements and environment to decide which domain model is best for your needs and to decide whether you need additional child domains.

  5. Analyze business models and processes to determine which OU model is best for your needs.

  6. Determine who will administer each OU and the administrative rights they’ll need.

  7. Delegate the administrative privileges that the OU administrators need.

  8. Diagram the logical Active Directory structure.

Common types of Domain Name Service resource records

A resource record is the basic data component in the Domain Name Service (DNS). DNS resource records define not only names and IP addresses but domains, servers, zone, and services as well. This list shows you the most common types of resource records:

Type Purpose
A Address resource records match an IP address to a host
CNAME Canonical name resource records associate a nickname to
a host name.
MX Mail exchange resource records identify mail servers for
the specified domain.
NS Name server resource records identify servers (other
than the SOA server) that contain zone information files.
PTR Pointer resource records match a host name to a given IP
address. This is the opposite of an Address record, which matches
an IP address to the supplied host name.
SOA Start of authority resource records specify which server
contains the zone file for a domain.
SRV Service resource records identify servers that provide
special services to the domain.

Hardware requirements for Windows Server 2008

Before you arrange and use Active Directory, you need to install the operating system Windows Server 2008. Start by making certain the hardware you plan to use as domain controllers is able to run the operating system. This list shows you the minimum and recommended hardware levels for Windows Server 2008:

Component Requirement
Processor 1 GHz (x86 CPU) or 1.4 GHz (x64 CPU)
Memory 512MB required; 2GB or higher recommended.
Hard Disk 10 GB required. 40 GB or more recommended.
Video Super VGA or higher video card and monitor.
Hardware Must be on the Windows 2008 Hardware Compatibility List.

About This Article

This article is from the book:

About the book authors:

Steve Clines, MCSE, MCT, has worked as an IT architect and engineer at EDS for over 18 years. He has worked on deployments of more than 100,000 seats for both Active Directory and Microsoft Exchange Server. Steve is the author of MCSE Designing a Windows 2000 Directory Services Infrastructure For Dummies, which is a study guide for the 70-219 MCP exam. He also maintains the Confessions of an IT Geek blog at

Marcia Loughry, MCSE and MCP+I, is a Senior Infrastructure Specialist with a large IT firm in Dallas, Texas. She is president of the Plano, Texas BackOffice User Group (PBUG) and a member of Women in Technology International. Marcia received her MCSE in NT 3.51 in 1997 and completed requirements for the NT 4.0 track in 1998.
Marcia has extensive experience working with Windows NT 3.51 and 4.0 in enterprises of all sizes. She is assigned to some of her firm’s largest customers in designing NT solutions and integrating UNIX and NetWare environments with NT.

This article can be found in the category: