Testing your Domain Controler

If you’re in charge of the infrastructure at your work you probably deployed your share of DCs. Let’s say you’re about to deploy 2 more at a new site. Microsoft recommends they both be Global Catalogue Servers. You get everything to work just fine- and then someone starts adding more and more users- until pretty soon they double the original number. How will your Domain Controllers handle the extra load?
Microsoft has this little tool called the Active Directory Performance Testing Tool (ADTest.exe). ADTest is an Active Directory load-generation tool that will simulate client transactions on a host server.
“Remember that benchmarking and performance exercises are useful for comparing platforms or for getting a general understanding of the hardware requirements for common implementation scenarios.”- in other words, use it as a guideline not as exact science and allow for different results in the real world. Nevertheless it’s a great planning tool.

Server 2008 and Terminal Services

Quick note on some new improvements in Server 2008 vs 2003/2000 that some people may still not be aware of. Some or all of these may provide a compelling reason to migrate.

 

Server 2008 includes enhancements to many current Windows Server features. Terminal Services is one of them. In Windows Server 2008 it has been enhanced to provide more functionality when compared with the previous versions. Some of these improvements are:

 

– Easier to install and configure

Application publishing

Seamless windows and session sharing

Published applications can be accessed using a built-in web interface

Applications can be accessed securely from outside the firewall without an SSL VPN or modifying firewall configurations, using HTTPS tunneling

Enhanced printing

Session-based load balancing

32-bit color and new RDP compression

Display data prioritization

Large display and custom resolution support

Support for monitor spanning

Enhanced Plug-and-Play device redirection

Single Sign-On

 

Having all these improvements, Terminal Services should be more appealing to IT organizations wanting to reduce complexity in their deployment scenarios.

 

A few things you must keep in mind when you consider migrating because of the above improvements:

 

Most of Windows Server 2008 Terminal Services’ new features require Windows Vista SP1 or Windows XP SP3 on the client side. As a result, these features are not available for older platforms.

To benefit from all the new features of Windows Server 2008 Terminal Services you must upgrade all your servers to this version.

Windows Server 2008 Terminal Services provides session-based load balancing capabilities that are only for groups of identical servers.

System Information and Comparison review

The System Information and Comparison was reviewed by Cnet on Download.com. We received a respectable 4/5 which reinforces our belief that this application is a must-have for all IT departments wanting to get accurate data and detailed information on system hardware and software.

 

“Simple, comprehensive, and easy-to-read, this system-information utility quickly gathers hardware and software specifics. System Information and Comparison’s tried-and-true file tree-style interface makes it easy to scan through extensive information about your system. A simple, single-page Help screen more than adequately describes the program functions.

Experienced to expert users needing accurate snapshots of system hardware and software information should give this utility a test drive.”

 

The complete review can be found on Download.com. More details and info can be found on the product page.

New release- Active Directory Change Notifier 2.0

The new version improves the user interface and introduces domain-level monitoring features. Version 2.0 simplifies the installation process and improves the UI. Other improvements include better monitoring capabilities and more granular reporting. These enhancements are invaluable to administrators wanting to implement a more proactive Directory Services management approach.

More details can be found here.

Server 2008 and the RODC (Read-Only Domain Controller)

Speaking to several people about the Server 2008 migrations, there were a lot of questions and reactions to the new Read-Only Domain Controller (RODC) option. Some confusion too, as some thought this is similar to Windows NT 4.0’s Backup Domain Controller (BDC) type technology.

 

The difference between a RODC and a BDC is apparent when there are more than two DCs per domain. In Windows NT 4.0 you could only have 1 read-write Primary Domain Controller (PDC), and the other DCs had to be read-only BDCs. Windows Server 2008 allows you to choose which DCs are read-writable and which are read-only with a great degree of freedom. By example, if you have 30 DCs in your domain, you can have 26 regular DCs and 4 RODCs.

 

One reason for having an RODC is if you have a DC that is not physically secure. In that case, not only could data be obtained from the DC, but malicious data could be injected into the vulnerable DC. With a normal read-writable DC, such damage would replicate throughout the domain and maybe even through the entire forest. By having an RODC the damage could be localized.

Exchange- Web Access, and blocking your attachements

If you use Exchange Server 2003, you can block attachements for the Web Access. Attachments extensions can be configured through the registry on your Exchange Server. OWA is originally installed with the default set of extensions, shown below.
Level 1: attachments with file extensions prohibited from being accessed by OWA:
Location: HKLM\System\CurrentControlSet\Services\MSExchangeWeb\OWA
Value: Level1FileTypes
Type: REG_SZ
Value Data: ade, adp, app, asx, bas, bat, chm, cmd, com, cpl, crt, csh, exe, fxp, hlp, hta, inf, ins, isp, js, jse, ksh, lnk, mda, mdb, mde, mdt, mdw, mdz, msc, msi, msp, mst, ops, pcd, pif, prf, prg, reg, scf, scr, sct, shb, shs, url, vb, vbe, vbs, wsc, wsf, wsh
Level 2: attachments with extensions accessed only if saved to the client’s file system first:
Location: HKLM\System\CurrentControlSet\Services\MSExchangeWeb\OWA
Value: Level2FileTypes
Type: REG_SZ
Value Data: ade, adp, asx, bas, bat, chm, cmd, com, cpl, crt, exe, hlp, hta, htm, html, htc, inf, ins, isp, js, jse, lnk, mda, mdb, mde, mdz, mht, mhtml, msc, msi, msp, mst, pcd, pif, prf, reg, scf, scr, sct, shb, shs, shtm, shtml, stm, url, vb, vbe, vbs, wsc, wsf, wsh, xml, dir, dcr, plg, spl, swf
If you’re interested in more Exchange management solutions, we can help. The Active Directory Manager provids an easy to use interface and customizable, comprehensive Exchange reports.