Starting with the Windows 2000 operating system, Active Directory has become the standard in Windows operating system network management, including login process, authentication, domain name system and other domain functions. All network activities are controlled by them. The emergence of multi-master controllers and replication has made the goal of global network management integration a big step closer.
In the Windows Server 2008 operating system, the Active Directory feature has been improved, and the read-only domain controller is one of these improvements. This feature allows for faster verification of remote office Active Directory information and ensures faster access to resources while keeping the security of the server and remote terminals unaffected. It does this by providing a read-only copy of most Active Directory information for Windows Server 2008 domain controllers on remote terminals.
Security improvements when logging in
User authentication information, including account name and password, cannot be copied to a read-only domain controller server. This way the loss caused by the time the server is compromised can be controlled without affecting the use of usernames and passwords in the entire Active Directory database. When the user asks for authentication, the information query will be performed in the local read-only domain controller instead of copying the authorization certificate. If no information is found in the local copy of the Active Directory database, the request will be submitted to another domain controller on the network to confirm the user's permissions. Once the user is authenticated, the information can be saved locally. When the user logs in again, the cached copy of the authorization certificate can be used, thereby increasing the speed of login.
When the authorization certificate has changed — for example, when the user password has expired — the read-only domain controller will analyze the login, the password cannot match the password in the cache, then the request will be forwarded Go to another domain controller. In this case, when the user's password is lost, the damage to the server itself will be reduced.
Domain Name System Becomes More Secure
Another advantage for read-only domain controllers is that the replicated domain name system is also read-only. All domain name system information in the Active Directory is copied to the read-only domain controller, but the replicated domain name system is not updated, and registration or updates must be made on another domain controller. These updates are then replicated to the read-only domain controller. The query and naming solution runs the same as usual, and running the copy of the Domain Name System locally can improve the user experience. The cache information for the Domain Name System will also be replicated to the read-only domain controller.
Such a configuration can improve the overall performance of the network and improve the performance of remote office terminals using Active Directory; however, there are some aspects to be aware of when configuring this time:
· Windows Server 2008 The first domain controller in the operating system cannot become a read-only domain controller in an existing Active Directory environment. In the Windows Server 2008 operating system, you must first install a fully functional domain controller to replicate the read-only domain controller.
· Before installing the first read-only domain controller, you must run the Active Directory preparation tools adprep and rodcprep to ensure that the installation of the read-only domain controller is licensed.
· In any case, a read-only domain controller cannot be a global catalog server, nor can it assume a role for host operations in a directory environment.
The main reason I introduced the read-only domain controller in this article is to provide a way to improve telecommuting in the context of a domain controller environment where remote office terminals exist, while maintaining security. s efficiency. With the release date of the Windows Server 2008 operating system approaching, read-only domain controllers can provide great help for a decentralized network environment.
In order to protect the security of shared information, the unit LAN will often set appropriate shar
Remote maintenance of Win2003 server using Web interface When installing network devices, such as ne
A new performance detection tool is included in the Windows Server 2008 operating system: Windows Pe
When a hacker invades a target, he often leaves a back door to control the computer for a long time.
Windows 2000 installation hardware driver skills
Windows 2003 Security: Cancel IE Security Alert Dialog
Clever release of memory resources in Win 2003
Win2000 optimized full version
Windows Server 2003 Security Event ID Analysis
Windows 2003 Security: Re-supporting ASP scripts
Windows2008 running environment deployment (iis, ftp, oracle)
Solve the failure of Win2008 shared resources can not be opened
Analysis of WindowsServer2008 application
Microsoft Windows 2008 Server Chinese Standard Edition promotes
How to watch a movie card Reasons and solutions for watching a movie card
Win10 ie browser open error prompt 0xc0000018 solution
What if the WinXP file or directory is corrupt and cannot be read?
Win7 computer watching movies will appear card screen crash is what is the reason to solve
What should I do if the Win7 automatic update tool does not have an SP1 upgrade patch?
Linux newbie tutorial: teach you how to mount the hard disk
Windows 8 system login is more personalized. You can create picture passwords
Sogou input typing speed viewing method