Domain Controller Archives - ADSploit https://adsploit.com/tag/domain-controller/ Powered by CionSystems inc Fri, 05 Dec 2008 00:18:25 +0000 en-US hourly 1 https://wordpress.org/?v=6.5.4 https://adsploit.com/wp-content/uploads/2022/08/icon-36x36.png Domain Controller Archives - ADSploit https://adsploit.com/tag/domain-controller/ 32 32 Testing your Domain Controler https://adsploit.com/testing-your-domain-controler/ https://adsploit.com/testing-your-domain-controler/#respond Fri, 05 Dec 2008 00:18:25 +0000 http://blog.cionsystems.com/?p=63 If you’re in charge of the infrastructure at your work you probably deployed your share of DCs. Let’s say you’re about to deploy 2 more at a new site. Microsoft recommends they both be Global Catalogue Servers. You get everything to work just fine- and then someone starts adding more and more users- until pretty […]

The post Testing your Domain Controler appeared first on ADSploit.

]]> If you’re in charge of the infrastructure at your work you probably deployed your share of DCs. Let’s say you’re about to deploy 2 more at a new site. Microsoft recommends they both be Global Catalogue Servers. You get everything to work just fine- and then someone starts adding more and more users- until pretty soon they double the original number. How will your Domain Controllers handle the extra load?
Microsoft has this little tool called the Active Directory Performance Testing Tool (ADTest.exe). ADTest is an Active Directory load-generation tool that will simulate client transactions on a host server.
“Remember that benchmarking and performance exercises are useful for comparing platforms or for getting a general understanding of the hardware requirements for common implementation scenarios.”- in other words, use it as a guideline not as exact science and allow for different results in the real world. Nevertheless it’s a great planning tool.

The post Testing your Domain Controler appeared first on ADSploit.

]]> https://adsploit.com/testing-your-domain-controler/feed/ 0 Server 2008 and the RODC (Read-Only Domain Controller) https://adsploit.com/server-2008-and-the-rodc-read-only-domain-controller/ https://adsploit.com/server-2008-and-the-rodc-read-only-domain-controller/#respond Wed, 15 Oct 2008 06:34:43 +0000 http://blog.cionsystems.com/?p=47 Speaking to several people about the Server 2008 migrations, there were a lot of questions and reactions to the new Read-Only Domain Controller (RODC) option. Some confusion too, as some thought this is similar to Windows NT 4.0’s Backup Domain Controller (BDC) type technology.   The difference between a RODC and a BDC is apparent […]

The post Server 2008 and the RODC (Read-Only Domain Controller) appeared first on ADSploit.

]]> Speaking to several people about the Server 2008 migrations, there were a lot of questions and reactions to the new Read-Only Domain Controller (RODC) option. Some confusion too, as some thought this is similar to Windows NT 4.0’s Backup Domain Controller (BDC) type technology.

 

The difference between a RODC and a BDC is apparent when there are more than two DCs per domain. In Windows NT 4.0 you could only have 1 read-write Primary Domain Controller (PDC), and the other DCs had to be read-only BDCs. Windows Server 2008 allows you to choose which DCs are read-writable and which are read-only with a great degree of freedom. By example, if you have 30 DCs in your domain, you can have 26 regular DCs and 4 RODCs.

 

One reason for having an RODC is if you have a DC that is not physically secure. In that case, not only could data be obtained from the DC, but malicious data could be injected into the vulnerable DC. With a normal read-writable DC, such damage would replicate throughout the domain and maybe even through the entire forest. By having an RODC the damage could be localized.

The post Server 2008 and the RODC (Read-Only Domain Controller) appeared first on ADSploit.

]]> https://adsploit.com/server-2008-and-the-rodc-read-only-domain-controller/feed/ 0