That designated user account can then log on to the server and perform any maintenance
task necessary, such as installing Microsoft Critical Updates or defragmenting
the hard drive. Users would not be able to log on to any other domain controller in your
domain or perform any other tasks on the domain and are completely restricted to local
changes that require administrative privileges.
An RODC can also host DNS to provide name resolution services. However, unlike
other Active Directory integrated DNS zones, computers will not be able to update their
DNS entry on an RODC. Instead, they will get a referral to a writable DNS Server that
can take the update and then replicate this back down to the RODC. (This read-only DNS
mode is new with Windows Server 2008 and is discussed thoroughly in Chapter 10 along
with all the other DNS changes in Windows Server 2008.)
Backup and Recovery
The ability to back up and recover Active Directory properly is an absolutely necessary
skill every Windows administrator must master. If you??™ve never had to perform an
Active Directory recovery in a production environment, consider yourself very lucky.
Although you can mitigate the risk of having to restore Active Directory from scratch by
setting up enough domain controllers and physically dispersing them to prevent single
points of failure, as with all things, you should carefully plan, and more important, test
your backup and restore procedures.
Pages:
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187