Windows Domain Administration Report Computer Science Essay

The intent of this study is to research how the Windows Server 2008r2 OS manages a Multi Domain Environment. The study provides information from the research carried out through the mentions and beginnings made available in the bibliography. This research provides a Fuller apprehension of what a Multi Domain Environment is and highlights the logical and physical substructure implemented by Windows Server 2008 R2.

The study will concentrate its attendings on the undermentioned countries:

Active Directory

DNS, Domains

Groups, trees, woods, trusts

Schema, Global catalogues

DFS Multi-Master Replication



Group Policy

With the research and study carried out a decision is presented measuring the advantages and disadvantages with Windows waiter 2008 R2s OS.

active directory Domain services

Active directory Domain Service ( ADDS ) is a distributed database that handles web disposal and security. This Server Role provides the web decision maker an synergistic, hierarchal and unafraid substructure in which to administrate resources. Once the Server Role ADDS and Dcpromo.exe ( DC to a wood ) is installed the computing machine is so promoted to Domain Controller.

The Domain Controller trades with security hallmark for all users and devices. Active directory holds all information such as users, groups, computing machines, pressmans and files. This information is stored in Objects which are made available within the sphere wood ( logical security boundary ) . Objects within a sphere are contained in Organisational Units ( OUs ) , leting web decision makers to depute the relevant security and portion permissions for that peculiar OU or object. This is an efficient method in covering with many objects in an case. The advantages with Windows Server 2008r2 running Active Directory Domain Services are:

Domain Naming System ( DNS ) . This maps names to IP addresses helping human interaction

User individuality with watchword protected logon utilizing AD and LDAP ( Lightweight directory protocol )

Advanced Encryption with AES 128 and 256

Kerberos V5 Authentication Protocol

Backup services and waiters understating informations redundancy.

Integrating DNS zones with multi-master informations reproduction reduces the usage of web bandwidth and minimises informations redundancy through unafraid dynamic updates

Access Control Lists

Trusts created to portion and depute information with other spheres.

( Microsoft )

( Minasi, 2010 )

Domain naming system ( DNS )

The Windows Domain Naming System is a appellative system used to map names to IP ( Internet Protocol ) addresses. DNS is portion of the protocol suite TCP/IP ( Transmission Control Protocol ) which transports information over LANs and WANs. This protocol suite formats, references, transmits and paths informations to be sent to the receiving system. Windows 2008r2 by default will put in DNS when AD DS is installed.

( Microsoft Technet )

( Yarendi, 2010 )

multiple Spheres

Multiple Spheres are configured when one sphere needs to portion resources with another sphere. These spheres work in a hierarchal construction and are organised in trees and woods. Forests are the logical security boundary of the web substructure with trees incorporating a hierarchal construction of the spheres. The first sphere on the web is the root sphere which so becomes the parent sphere for the following sphere added. This sub sphere of the parent is called the kid sphere. To optimize public presentation in a multi sphere environment a web utilizing a WAN connexion breaks the web down into sites. Sites construction a web into LAN sections using the high velocity bandwidth. Sites aid to cut down AD traffic in cases such as logon and reproduction. More spheres can be added to the wood to retroflex informations over the web. To enable Windowss server 2008 to portion informations with other spheres trust are created.

( Guy, 2011 )

( Minasi, 2010 )

( Dot Servant )


Groups are used to incorporate objects which can so be configured in mass economy clip with administrative undertakings.

Group Definitions





Stored on the local computing machine.

Limited to the local computing machine


Domain local groups are used to put permissions to resources.

This group can incorporate planetary and cosmopolitan groups every bit good as other sphere local groups for the same sphere.


Global group contains users, computing machines and planetary groups.

Any sphere in the wood.


Universal group contains sphere and planetary groups from any sphere in the wood. This group is stored within the Global Catalogue waiter ( GC ) .

Any sphere in the wood.

Group Scope Diagram

group container concept.PNG

Figure, Group Scope.

( Tech Target )

( Microsoft, 2010 )


Trusts are authenticated communicating links between spheres. Trusts allow users from one sphere to entree resources from another sphere. Once two spheres have been connected the default trust applied to this gateway is a transitive bipartisan trust. This default trust creates a kid sphere to its construction. Authentication from the kid domains carries upwards to the trusted sphere for any alterations in the planetary catalogue. Types of trusts:

External non-transitive one and two manner trusts. Used to entree resources from Windows NT and 4.0 spheres.

Realm transitive or non-transitive one and two manner trusts. Used to portion information between 3rd party severs and window waiters.

Forest transitive one and two manner trusts. Used to pass on between two woods.

Shortcut transitive one and two manner trusts. Used cutoff trust to better logon times between spheres.


Figure, Trust Relationships.

( IT Geared, 2011 )

( Minasi, 2010 )

( Yarendi, 2010 )


Within a forest all spheres hold a current Schema. This defines all object types held in AD database utilizing a list of belongingss to stipulate an object. The scheme is besides responsible for the design and construction. When alterations are made the scheme is replicated to all spheres in the wood.


Figure, Active Directory Name Contexts.

( Microsoft Technet, 2012 )

( Team Approach )

Global Catalogue Server

2008r2 waiters are set by default to go Global Catalogue Servers ( GC ) one time they have been promoted to DC. The GC holds information associating to the AD database for that sphere. This information is stored in the NTDS.dit file and provides a searchable index for objects within the sphere utilizing port 3268. The sphere accountant does non hold information associating to resources outside that sphere. DC uses a GC to incorporate all the information about objects in the wood. To pull off this data the GC merely holds adequate information about an objects attributes to indicate to the object in the wood. This allows users from one sphere to logon from another sphere and entree resources from within the forest. GC waiters communicate with other GC waiters to:

Locates User logon Information known as a UPN ( alone rule name ) .

Locates directory Information in the wood.

Provides forest broad hunts.

Provides forest broad services.

Directory database alterations when made are updated to the GC waiters in the wood. All Domain accountants with writeable properties save informations alterations to their GC directory. Data is replicated with DFS ( distributed file system ) .


The DFS service ( Dfssvc.exe ) is the nucleus constituent of the DFS physical and logical construction. DFS Namespace allows an decision maker to group shared booklets stored on many waiters into a hierarchal structured namespace. This displays the shared root booklet with subfolders that relate to that namespace. DFS namespace construction shops file portions from multiple waiters and sites. By utilizing DFS namespace you can spread out the handiness of resources over the web and connect users automatically to these resources within the AD DS sites.

DFS Replication is a multi-master reproduction tool which allows an decision maker to expeditiously retroflex shared booklets over the web and multiple waiters. This process is an effectual manner in covering with limited bandwidth. Remote Differential Compression ( RDC ) which is a compaction algorithm which enables alterations to be made to a file that has been edited. This is so replicated to all the GC waiters on the web. For bandwidth and waiter efficiency changes merely take topographic point with the existent information that & amp ; acirc ; ˆ™s edited. DFS benefits the web with:

Mistake tolerant reproduction of informations to multiple locations on a web.

Easy entree to shared resources through logical construction.

Load reconciliation.

DFS multi-master reproduction is implemented when a alteration has been made to the DFS booklet. It is so replicated throughout the web to other DFS waiters. Once the initial reproduction occurs between two waiters the maestro transcript is no longer a maestro transcript it is so multi-master transcript distributed to all DFS waiters.

( Reproduction )

9.1. DFS Connection Process

Client connects to a domain/ member waiter hive awaying DFS utilizing UNC.

The Server so responds to the petition and gives the location or of the resource to the user.

Client caches the location of the resource and can now entree the resource straight without inquiring the DFS waiter.

A client will sporadically inquire the DFS waiter of any alterations to the location. The clip to populate before a referral is requested is set by default to 300 seconds ( 5 proceedingss ) with 1800 seconds ( 30 proceedingss ) for nexus referrals, the clip to populate can be altered in

( Reproduction )


The Kerberos hallmark protocol requires all computing machines in the sphere to be clip synced. Computers 5 proceedingss out of sync can non fall in the web. Windows Server hosts PDC ( primary sphere accountants ) to configure and synchronise with an external NTP ( web clip protocol ) waiter. All DCs synchronise with the PDC clip. Computers and members waiters synchronise their clip with the authenticating DC.

( Minasi, 2010 )

( Reasoning )


BranchCache requires 2008r2 and Windows 7 Enterprise / Ultimate. BranchCache is the method of sharing files by hoarding them to the local web over a broad country web ( WAN ) . When a resource is requested it is held on the local web ( high velocity bandwidth ) this improves public presentation with the lower bandwidth capablenesss of a broad country web ( WAN ) . BranchCache besides supports end-to-end encoding between clients and waiters.

BranchCache Modes



Hosted Mode

Server 2008r2 at each subdivision.

SSL certification

Round trip calculated. If this is more than the default 80 milliseconds the file is cached to the local waiter.

Distributed Cache Mode

Windows 7 Enterprise / Ultimate

Computer shops the file in cache. If another computing machine requests the file it sends a broadcast to all computing machines and the file is so transferred between the computing machines.

BranchCache can be configured either through group Policy or netsh ( bid line scripting ) . Group policy has five scenes:

Branch cache Modes


Bend On BranchCache

Enable / Disable

Set BranchCache Distributed Cache Mode

Enable / Disable

Set BranchCache Hosted Mode

Configure BranchCache Server

Configure BranchCache for web files

Set latency times ( default 80milliseconds ) for roundtrip.

Set Percentage of phonograph record infinite usage for client cache

Default set to 5 %

( Minasi, 2010 )

( Yarendi, 2010 )

( Microsoft Technet )

group policy ( GPO )

Group policies are held in active directory in SYSVOL. GPOs configure user and computing machine scenes such as watchwords, control panel options, firewalls. There are four types of GPOs, local, site, sphere and OUs. To configure a sphere based policy the group policy object editor is used. The group policy direction console is used to associate the policy to sites, spheres and OUs. Group policies hierarchal order is with the lowest precedency being local, site, sphere and eventually OUs with the highest precedency ( group policy puting to be applied in that case ) .

( Minasi, 2010 )

( Yarendi, 2010 )


Windows Server 2008 R2 manages a Multi-Domain environment firmly and expeditiously with AD DS and the other waiter functions available at its disposal. AD DS Hierarchical and logical constructions simplify server informations along with Kerberos, group policies and OUs puting the security and permissions for resources over a web.

BranchCache being one of the new editions to the waiter bundle furthers an administrations networking ability to supply necessary resources wheresoever and whenever requested. One disadvantage could be the added package cost ( XP clients ) . BranchCache requires clients to be utilizing the Windows 7 OS. Another possible disadvantage to take into consideration is the hardware facet. If hardware specifications are non met what would be the ascent costs for a company.

From the research carried out it is clear that the Windows waiter 2008 R2 edition provides a robust secure networking environment giving decision makers more control with the waiter and web substructure. In today & A ; acirc ; ˆ™s market place the Windows waiter 2008r R2 runing system enhances an administration of any size with IT productiveness and public presentation and dependability.