New features of DNS and Active Directory in Windows Server 2008

DNS Devolution
Allows client computers in a child namespace to access resources in the parent namespace without the need to explicitly provide the fully qualified domain name (FQDN) of the resource in the Active Directory environment.
DNS Cache Locking
Cache locking allows to control whether or not information in the DNS cache can be overwritten. DNS server will not allow cached records to be overwritten for the duration of the time to live (TTL) value.
In short, DNSSEC allows for a DNS zone and all the records in the zone to be cryptographically signed. When a DNS server hosting a signed zone receives a query, it returns the digital signatures in addition to the records queried for.
DNS Socket Pool
The socket pool enables a DNS server to use source port randomization when issuing DNS queries. Instead of using a predicable source port when issuing queries, the DNS server uses a random port number selected from this pool, known as the socket pool
Restartable Active Directory Domain Services
Restartable AD DS reduces the time that is required to perform certain operations. AD DS can be stopped so that updates can be applied to a domain controller. Also, administrators can stop AD DS to perform tasks, such as offline defragmentation of the Active Directory database, without restarting the domain controller. Other services that are running on the server and that do not depend on AD DS to function, such as Dynamic Host Configuration Protocol (DHCP), remain available to satisfy client requests while AD DS is stopped.
Fine-Grained Password Policies
You can use fine-grained password policies to specify multiple password policies within a single domain. You can use fine-grained password policies to apply different restrictions for password and account lockout policies to different sets of users in a domain.
Read-Only Domain Controllers
An RODC provides a way to deploy a domain controller more securely in locations that require fast and reliable authentication services but cannot ensure physical security for a writable domain controller. Except for account passwords, an RODC holds all the Active Directory objects and attributes that a writable domain controller holds. However, changes cannot be made to the database that is stored on the RODC. Changes must be made on a writable domain controller and then replicated back to the RODC.
Database Mounting Tool
The purpose of the Active Directory database mounting tool is to expose AD DS data that is stored in snapshots or backups online. Administrators can then compare data in snapshots or backups that are taken at different points in time, which in turn helps them to make better decisions about which data to restore, without incurring service downtime.

About Murugan B Iyyappan

Working as a Consultant - Citrix solutions architect with 18 years of experience in the IT industry. Expertise in Citrix products and Windows platform.
This entry was posted in Citrix XenApp, Citrix XenDesktop and tagged , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s