Microsoft Windows Active Directory 2003 Notes

Security groups:

global group - use to put members in it. Global group is put into a domain local group. ex. sales group. contains members that are in the same domain as the global group.

domain local group - named for resource it provides. ex. printer users. put global group in this group. the resource has to be local to domain. Good practice: name dl groups for permission being applied, ex. DL_folder_ReadOnly

universal group - named for its function. resource or members do not have to be in domain, can be from forest.

*** AGGUDLP

NT Domain models:
Single domain - 1 domain (1 pdc, 1 or more bdcs), users and resources

single master - more than 1 domain. 1 master(users), 1 or more resource domains. no users only resources. resource domains are trusted by the master domain. users in master domain can use resources that are in the resource domain.

Multiple Master - more than 2 master domain and more than one resource domain.
each master domain trust each other. resource domains trust the master domains.

Complete Trust - every domain contains users and resources. every domain trusts ever other domain. 4 domains requires 12 = n*(n-1) trusts.

Windows 2000-03:
03 can rename domains and controllers if correct functional level.
03 can stub zones and conditional forwarding

stub zone - has soa, name server record and ip(glue host record or pointer to other server)
- can be ad integrated

caching only server - installing dns with no zones. create forward lookups for other server. caches info that has been returned by the forward lookup.

conditional forwarding - way of pointing dns in a particular direction based on the address we are trying to resolve
- like using conditional ifs.

Microsoft recommends one GC per site.
Roles:
1 per forest = Schema Admin, Domain Naming master

1 per domain = RID, PDC Emulator, Infrastructure master(- never be a GC server)
Domain Naming Master should be a GC server

MISC Stuff:
When using SMTP for replication, domain controllers must be in different domains and sites.

RFC 1542 = DHCP broadcast compliance