This chapter focuses on the infrastructure cornerstone of Active Directory—the domain controller. Domain controllers are the component that hosts all of the Active Directory functionality and protocols. In this chapter, we’ll dig into the steps necessary to deploy (promote) new domain controllers as well as operational concerns around physical security and hardware virtualization.
Ensuring the physical security of Active Directory domain controllers is an incredibly important part of a successful, secure deployment of AD. As AD administrators are well aware, in many organizations—especially large global enterprises—the locations that host servers in branch offices are often far from secure. The read-only domain controller (RODC) is the Active Directory solution to this problem.
Hardware virtualization is nothing new, and in Windows Server 2012, Microsoft addressed many of the technical challenges and also simultaneously introduced the ability to rapidly clone domain controllers to scale out or meet disaster recovery requirements.
One of the first steps you’re going to take when you deploy Active Directory is building domain controllers. Depending on the type of domain controller you’re deploying and how you go about it, the process may vary quite a bit. You might want to deploy an RODC, or perhaps you want to use Install from Media (IFM) to lessen the replication load on the network and rapidly promote domain controllers. ...