Time to Upgrade your Server to Windows-Server-2008

You are consistently pushed by the growing requirements of the organizations. These demands all meet with the day to day difficulties of keeping management of ever-increasing sprawl of server, solutions, and costs. Windows-Server-2008 R2, also known as win2k8, is developed to enable you to increase management, mobility and accessibility of your desktop and datacenter while assisting reduction of expenditures.

Win2k8 functional level of domain includes support for the use of DFS for replication of the SysVol share. This share contains all the group policy and login scripts for the domain. DFS is a much more efficient system of replication, so using it should save you some bandwidth.

Window Server 2008 functional level of domain also supports advanced encryption security or AES for Kerberos. The security currently used for Kerberos is quite good; however, if you want even better security you can use AES. This comes in both 128 and 256 bits.

Also added with the Win2k8 functional level of domain can support for last login details. With the functional level of domain in 2003 Server, you have support for last logon time stamp. With Win2k8, this adds supports for the number of incorrect logins from that user.

The next feature is fine grained password. This allows you to configure different password lengths and complexity requirements for different users. Consider this example: in the past, if you had a commercial network and then a secure network, the only way a pre Win2k8 functional level of domain  could have had different password requirements for different users was to make a different domain.

A secure and commercial domain needed to be created to meet this requirement. If you did not want to make a spare domain, you basically had to make a decision on which set of password requirements to use. With Win2k8 functional level of domain, you can combine the two domains like this. Now the secure domain is simply another organization unit or OU in the same domain. With the users separated into different OU’s, you can assign one set of password requirements to the commercial OU and one to the secure OU.

The last functional level of domain is Win2k8 R2. If you do decide to go to this functional level you gain two features. The first is Authentication Mechanism Assurance. What this allows is compatible services to look at a Kerberos ticket and determine what was used to authenticate the user. For example, if you had a secure document you may only want people to access it who were authenticated using smartcards.

The next feature is Automatic SPN management. When you install certain software you may have been asked to supply a service account. When the software is running it will use this service account to access resources on the computer. A lot of software will commonly allow you to run the software with a built in account like the system account.

The problem is that when you start using enterprise solutions like Exchange you want to isolate Exchange to its own user account to run rather than using an account like the system account. The service account is like any other Active Directory account with a password that will expire one day. You could tick the box in Active Directory that prevents the password from ever expiring but this is not very secure in the long term.

Automatic SPN management is a system in Windows that takes over the Management of passwords for service accounts like these. Automatic SPN management also allows the account to be delegated to other administrators as well. Without a system like this you would need to make account to run a particular application, which is common practice. Later on you may find that the password for this user account changes or the account password expires. When this occurs the software will no longer be able to run. If this account is linked to your Exchange system, your e-mail could potentially be down until you realize the password has changed or expired.

That’s it for all the functional level of domain s. Just for the sake of completeness, if you ever see functional level of domain s with mixed or interim in it, these are domains that are in the process of being upgraded from Windows NT4. If you no longer have any NT domain controllers on your network, then raise your functional level to one of the levels that I have mentioned in this video.

The last point I want to make about functional level of domain is that once you raise the functional level of domain, you can’t go back to a lower functional level of domain. For this reason ensure that you will never add any domain controllers of a lower functional level before you raise the functional level. Also you need to ensure that any down level domain controllers have been upgraded or removed from the network before you raise the functional level of domain.

For Domain Controller first of all, open Active Directory Users and Computers from administrative tools under the start menu. Right click your domain and select the option raise functional level of domain. Notice at the top the Functional level of domain is set to Windows-Server-2003. To select a new functional level of domain, select the pull down. In this case I can choose between Win2k8 and Win2k8 R2.

Once I select my functional level of domain and press raise, Windows will give me a warning reminding me this process can’t be reversed. Once I press o.k. I will be informed that changes may be delayed until replication has had time to occur between all the domain controllers in my domain.

This was a brief introduction of the Microsoft Win2k8, which helps IT experts to maximize the mobility and excellence of their server structure. It provides programmers a more effective web platform for applications to develop live programs and software as well.