Select the option to install an RODC in the Active Directory Domain Services Installation wizard. To install an RODC on a Server Core installation, use an unattended installation[r]
Module 1: Implementing Active Directory Domain Services ® Module Overview • Installing Active Directory Domain Services • Deploying Read-Only Domain Controllers • Configuring AD DS Domain Controller Roles Lesson 1: Installing Active Directory Domain Services • Requirements for Installing AD DS • What Are Domain and Forest Functional Levels? • AD DS Installation Process • Advanced Options for Installing AD DS • Installing AD DS from Media • Demonstration: Verifying the AD DS installation • Upgrading to Windows Server 2008 AD DS • Installing AD DS on a Server Core Computer • Discussion: Common Configuration for AD DS Requirements for Installing AD DS Server requirements to install AD DS • A computer running Windows Server 2008 • Minimum disk space of 250 MB and a partition formatted with NTFS file system • TCP/IP must be configured, including DNS Network configuration client settings • DNS Server that supports dynamic updates must be available or will be configured on the domain controller • Local Administrator permissions to install the first Administrator permissions domain controller in a forest • Domain Administrator permissions to install additional domain controllers in a domain • Enterprise Administrator permissions to install additional domains in a forest What Are Domain and Forest Functional Levels? Functional levels: • Determine the AD DS features available in a domain or forest • Restrict which Windows Server operating systems can be run on domain controllers in the domain or forest Supported functional levels: Domain Windows 2000 native Supported Domain Controller Operating Systems • Windows Server 2008 • Windows Server 2003 • Windows 2000 Windows Server 2003 • Windows Server 2008 • Windows Server 2003 Windows Server 2008 • Windows Server 2008 Forests Windows 2000 Windows Server 2003 Windows Server 2008 AD DS Installation Process Install the Active Directory Domain Services role using the Server Manager Run the Active Directory Domain Services Installation Wizard Choose the deployment configuration Select the additional domain controller features Select the location for the database, log files, and SYSVOl folder Configure the Directory Services Restore Mode Administrator Password Advanced Options for Installing AD DS To access the advanced mode installation options, choose the Advanced Mode option in the installation wizard or run DCPromo /adv Use the advanced mode options to: • Create a new domain tree • Use backup media as the source for AD DS information • Select the source domain controller for the installation • Modify the default domain NetBIOS name • Define the Password Replication Policy for an RODC Installing AD DS from Media Use Ntdsutil.exe to create the installation media Ntdsutil.exe can create the following types of installation media: • Full (or writable) domain controller • Full (or writable) domain controller without SYSVOL data • Read-only domain controller without SYSVOL data • Read-only domain controller Demonstration: Verifying the AD DS Installation In this demonstration, you will see how to verify the AD DS installation Upgrading to Windows Server 2008 AD DS To prepare previous versions of Active Directory for a Windows Server 2008 domain controller installation: Current Version Windows 2000 Windows 2003 Windows Server 2000 Windows Server 2003 Windows Server 2003 Before installing Command • Windows Server 2008 domain controllers • Windows Server 2008 domain controllers adprep /forestprep adprep /domainprep / gpprep • Windows Server 2008 domain controllers • Windows Server 2008 RODCs adprep /domainprep adprep /rodcprep Delegating the RODC Installation To delegate the installation of a RODC: • Pre-create the RODC computer account in the Domain Controllers container • Assign a user or group with permission to install the RODC To complete a delegated RODC installation, run DCPromo with the /UseExistingAccount:Attach switch What Are Password Replication Policies? • The password replication policy determines how the RODC performs credential caching for authenticated user • By default, the RODC does not cache any user credentials or computer credentials Options for configuring password replication policies: • No credentials cached • Enable credential caching on an RODC for specified accounts • Add users or groups to the Domain RODC Password Allowed group so credentials are cached on all RODCs Demonstration: Configuring Administrator Role Separation and Password Replication Policies In this demonstration, you will see how to: • Configure administrator role separation • Configure the RODC password replication groups • Track which users log on to a RODC • Configure password replication policies for those accounts ... Overview • Installing Active Directory Domain Services • Deploying Read-Only Domain Controllers • Configuring AD DS Domain Controller Roles Lesson 1: Installing Active Directory Domain Services • Requirements... the Active Directory Domain Services role using the Server Manager Run the Active Directory Domain Services Installation Wizard Choose the deployment configuration Select the additional domain. .. domain or forest • Restrict which Windows Server operating systems can be run on domain controllers in the domain or forest Supported functional levels: Domain Windows 2000 native Supported Domain