Access over 20 million homework & study documents


POS 421 Networking Service Request SR-kf-015






Showing Page:
POS 421 Networking Service Request SR-kf-015
POS 421
Networking Service Request SR-kf-015
With the fresh install of Windows 2008 R2 for Kudler Fine Foods the Domain
Controllers, Global Catalog Domain Controllers and Read Only Domain Controllers will need to
be deployed in strategic areas of the network. Each type of controller has advantages and
disadvantages for their use. Specifics will be given on the design and associated logic to
implement name resolution.
Domain Controllers
Kudler Fine foods will require several Domain Controllers or (DCs) across the company.
The domain controller is the server that is running the Windows Server operating system, and
also contains the Active Directory Domain Services installed. The domain controllers that will
hold operations master roles are designed to perform a specific task to make sure there is the
consistency, and to help eliminate the potential for entries that shouldn’t be entered in the Active
Directory database. It will also be determined how many domain controllers the organization

Sign up to view the full document!

lock_open Sign Up
will need. Kudler Fine Foods might need one or more domain controllers located at each
location to provide a high availability and the fault tolerance. Fault tolerance will have to be
weighed to determine what is acceptable and what is not. Since Kudler Fine Foods have
different locations it is also good to put a domain controller at each location to have the network
performed enhance its performance. The domain controller will be contacted in the logon
process once a user logs on to the network. Having a domain controller at each location will
help the user logon into the network to be more efficiently within the site they logon. For
security reasons it is best to have the domain controllers locked in a tight secured room with very
limited access to employees or even to the public. If a user has unauthorized physical access to
the domain controllers they can do some malicious harm to the network. There are some domain
controllers that will have a single master operations role; these are known as the operation’s
masters in the Active Directory. These five operations master roles are the Schema master, the
PDC emulator, and Domain naming master, the Infrastructure master, and the Relative identifier
(RID) master.
Global Catalog Domain Controller
“Global Catalog Domain Controllers are designated to perform as the Global Catalog
server role” (Microsoft, 2012). This is the first Domain Controller to be deployed for Kudler Fine
Foods and in order for the Active Directory to work properly this server needs be configured as a
global catalog server as well. The Global Catalog helps to identify the source that is trying to
login in. Without the Global Catalog Domain Controller no employee of Kudler will be able to
log into the domain except the administrator. The global catalog also stores the membership of
only universal groups for Kudler Fine Foods. Only a Global Catalog server can have all universal

Sign up to view the full document!

lock_open Sign Up
group memberships that are needed for the authentication process. A universal group can have
members from other domains therefore it can be used to access the resources from any domain.
Also, Kudler needs the “Global Catalog server so that Outlook clients will have the ability to
open the Exchange Global Address List or retrieve the email addresses of message recipients
within the forest” (Microsoft, 2012).. “It is important to understand that the global catalog
objects must be physically located close to all objects in the network that require prompt login
times and fast connectivity” This by itself is not always possible so universal group caching will
be implemented or a global catalog and a domain server are on the same WAN as in this case for
the offices outside of California. Global Catalog servers can produce a lot of traffic due to the
replication process” (Microsoft, 2012).
Read-Only Domain Controllers
“A read-only domain controller (RODC) is a new type of domain controller in the
Windows Server® 2008 operating system. With an RODC, organizations can easily deploy a
domain controller in locations where physical security cannot be guaranteed. An RODC hosts
read-only partitions of the Active Directory® Domain Services (AD DS) database.” (Microsoft,
2011) There are a few prerequisites to deploying a RODC and they are:
“The Read-Only Domain Controller must forward authentication requests to a writable
domain controller running Windows Server 2008. The Password Replication Policy is set
on this Domain Controller to determine if credentials are replicated to the branch location
for a forwarded request from the Read Only Domain Controller” (Microsoft, 2012).
“The domain functional level must be Windows Server 2003 or higher” (Microsoft,

Sign up to view the full document!

lock_open Sign Up
User generated content is uploaded by users for the purposes of learning and should be used following Studypool's honor code & terms of service.

Really helpful material, saved me a great deal of time.