Member servers simply participate in the domain and can perform any
number of server roles. When you install a brand new instance of Windows Server 2008
(and even previous versions, all the way back to Windows 2000), it is installed first as a
member server. To act as a domain controller, it can be promoted to a domain controller
server. A domain controller can also be demoted back to a regular member server.
Figure 4-4. A domain split up into OUs
TESTLAB.LOCAL Domain
DC = Testlab, DC = local
OU = Sales
OU = IT
OU = HR
OU = Finance
OU = Users
OU = Workstations
OU = Engineering
103 Chapter 4: Active Directory Domain Services
Other critical Active Directory roles are called Flexible Single Master Operations (FSMO)
roles. Every domain controller that participates in an Active Directory domain can be
written to (though changed in Windows Server 2008, this is generally the case). That
means that if you have two domain controllers in the same domain, you can update
the password of a user on either of the two domain controllers and the changes will
be replicated to the other domain controller in the near future (or in the case of intrasite
replication, almost immediately). This is called a multi-master configuration since
multiple masters are authoritative at any given time. Certain roles, however, pertain to
Active Directory and can be sensibly fulfilled only by a single server.
Pages:
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145