Hi guyz,

I wanted to know about the Domain controller I mean what are sites, forest etc. More over I see in the administrative tools different things like Active Directory Site and Services, Active Directory Domain and trust, Domain Controller Security Policy, Domain Security Policy, clusters.

I have worked with group policy on domain controller for disabling USB drives and some other registry key auditing through Domain controller but I am not satisfied with that and also I do not want to go into theory things. Can you provide me any good reading like case study which will clear my concepts about all these things?? In fact I have configured one DC myself for testing purpose but I was just doing hit and trial and similarly I completed the installation of the DNS for that Domain Controller. But I am not satisfied and neither my mind is clear about these things so please suggest

....yeah....that's a ridiculously complex topic and is going to be virtually impossible to answer here....i'd go to the book store and look for some books about active directory and domain management....it's really hard to pin down specifics with such a broad question

some basics:

Domain: a Domain is basically a container for objects in a client/server style network.

Object: an object is any network resource in a domain structure (computer, server, user, etc..)

Forest: is a top level collection of related Domains in a given network structure i.e. if your company was ABC Corp and it had 4 divisions under it's control (ABC Widgets, ABC Whatsits, ABC Thingamabobs, and ABC toothbrushes) the forest would be something like ABC.com then you would have domains within that forest called ABCWidgets.ABC.com, ABCWhatsits.ABC.com, ABCThingamabobs.ABC.com and ABCToothbrushes.ABC.com)...a forest structure allows you to have separate domains for separate companies/organizations while still maintaining enterprise control at the root of the forest

Site: a site is exactly what it means...it's a representation of a physical location for a particular domain/forest. in a forest each site would represent the location of each child domain in the forest. in a domain each site is basically the domain controler



group policy is only as strong as the person writing it...you can do A LOT of great things if you know what you're doing...also the usb blocking in 2003 is dismal at best...2008 is supposed to be much more robust

Thanks for providing such brief but clear definitions. So should I have to start reading a book?? Ti get more detail knowledge??

One more thing can I you let me know form where I can see and compare the 2003 and 2008, What enhancement are there in 2008 specially with regard to security?

http://www.microsoft.com/windowsserver2008...us/default.aspx best place to start digging for info on windows server 2008 or 2003
that's where knowledge comes from....and it's where you're going to find the most concise and accurate info

Ok thanks dsenette.

Just more question to you. When I change the Gp on the Domain Controller to affect all the computers/users who are on the domain, it take time when that policy is applied Its because of the refresh interval of group policy. How can I enforce the GP instantly when I change it. For example I can run the gpudate command from a script but again this script will run the system will refresh its policy. So how I can achieve this thing that when the policy is applied on any OU it will take affect immediately.

you would need to modify the group policy refresh interval in the group policy (how's that for circular reasoning)

this setting is in

user configuration\administrative templates\system\group policy



give this a read http://books.google.com/books?id=T7dBqAmx-...esult#PPA113,M1 (technically a book preview but that link should get you right to the page...also if you can find this book in print it's a good read)