You can do this in
two basic ways: You can perform in-place upgrades of your domain controllers, or bring
142 Microsoft Windows Server 2008 Administration
in new Windows Server 2008 domain controllers as you retire the older domain controllers.
The latter is ideal if done in conjunction with a server refresh, since you can ensure
that your new servers are up to current specifications as you decommission the older
domain controllers.
The two new features in Windows Server 2008 that you should consider in planning
your new domain controller architecture are the Server Core installation option
and RODCs. Typically, you want your servers acting as domain controllers to perform
that function and nothing else. Domain controllers are perfect candidates for a Server
Core installation since you want your domain controllers to have absolutely the bare
minimum number of components installed. Not only does this increase the stability and
performance of your domain controllers, but it decreases the possibility for unrelated
vulnerabilities from affecting your Active Directory infrastructure.
You should also revisit your strategy around any domain controllers you have deployed
at remote offices. They may be better served by RODCs if no local IT staff is
available to secure and maintain the domain controllers properly. This will increase the
overall performance of your remote domain controller by limiting replication traffic to
one direction and reducing any potential security risk that a remote domain controller
possesses.
Pages:
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194