| Lesson 5 || Specific domain controllers |
|Objective||Define the types of Domain Controllers |
Types of Domain Controllers in Active Directory
You know that Active Directory supports multi-master updates of the directory between all the domain controllers in a domain.
However, because of replication traffic and the potential for conflicts in essential operations, it is not always practical to perform updates using multi-master replication.
Special roles for Domain Controllers
For this reason, special server roles, such as global catalog and operations master, are assigned only to specific domain controllers. For example, only one domain controller, called the operations master accepts requests for multi-master replication changes.
If a domain controller that is assigned a special role is not available, the specific functions of that role in Active Directory will not be accessible either. There are three roles domain controllers can fill, and for this reason, we refer to three different types of domain controllers:
- domain controller
- global catalog server
- operations master
Each of these types of domain controller is listed in the Slide Show below. We will describe each of these roles in more detail in upcoming lessons.
- There are three roles domain controllers can fill: 1) Domain Controller, 2) Global Catalog Server, and 3) Operations Master.
- The domain controller can be described as a Windows OS based server holding a copy of the Active Directory
- Global Catalog Server: This is a Windows domain controller that holds a copy of the global catalog for the forest.
- Operations master: This is a Windows domain controller that currently owns one or more of five master roles for a given operation
Mastering Active Directory
The infrastructure cornerstone of Active Directory is the domain controller. Domain controllers are the component that hosts all of the Active Directory functionality and protocols. In this module, we will dig into the steps necessary to deploy
(promote) new domain controllers as well as operational concerns around physical security and hardware virtualization.
Ensuring the physical security of Active Directory domain controllers is an important part of a successful, secure deployment of Active Directory. As Active Directory administrators are well aware, in many organizations the locations that host servers in branch offices are often far from secure.
The (RODC) read-only domain controller is the Active Directory solution to this problem. Hardware virtualization is nothing new, and in Windows Server 2012, Microsoft addressed many of the technical challenges and also simultaneously introduced the ability to rapidly clone domain controllers to scale out or meet disaster recovery requirements.
Building Domain Controllers
One of the first steps you are going to take when you deploy Active Directory is building domain controllers. Depending on the type of domain controller you are deploying and how you implement the domain controller, the process may vary quite a bit. You might want to deploy an RODC, or perhaps you want to use (IFM) Install from Media to lessen the replication load on the network and rapidly promote domain controllers. The process of converting a member server to a domain controller is known as promotion. In the next lesson, we will review each of the special roles for domain controllers in more detail.
Active Directory Administration