Active Directories Server Roles
An Active Directory server role is a logical grouping of features and services that are required to perform a specific function in the Active Directory environment. Prior to Windows Server 2008, some Active Directory server roles were not incorporated into the Active Directory, rather they were available as Microsoft downloads. Functionality and services are added to your server by adding the following:
- A role is a set of software features that provides a specific server function. Examples of roles include DNS server, DHCP server, File Server, and Print Server.
- Role services are specific programs that provide the functions of a role. Some roles, like DNS, have a single role service. Other roles, like Print Server, have multiple role services such as the LPD Service for Unix printing and Internet Printing. You can think of a role as a group of programs, with each role service being a sub-component of the role.
- A feature is a software program not directly related to a server role but which adds functionality to the entire server. Features include management tools, communication protocols or clients, and clustering support
Note: All roles except for AD FS are supported on the Standard, DataCenter, and Enterprise editions of 2008. AD FS requires the DataCenter or Enterprise editions for deployment.
Active Directory Domain Services (AD DS)
AD DS is a distributed database that stores and manages information about network resources, such as users, computers, and printers. The AD DS role:
- Helps administrators securely manage information.
- Facilitates resource sharing and collaboration between users.
- Is required to be installed on the network to install directory-enabled applications such as Microsoft Exchange Server and for applying other Windows Server technologies, such as Group Policy.
Active Directory Lightweight Directory Service (AD LDS)
Active Directory Lightweight Directory Services (AD LDS), formerly known as Active Directory Application Mode (ADAM), is an LDAP directory service that you can use to create a directory store (database) for use by directory-enabled applications. AD LDS is very similar to Active Directory Domain Services (AD DS), but is customizable and can be much smaller than an AD DS database.
Active Directory Federation Services (AD FS)
AD FS is a feature which enables secure access to web applications outside of a user’s home domain or forest. The AD FS role:
- Provides Web Single-Sign-On (SSO) technologies to authenticate a user to multiple Web applications using a single user account.
- Securely federates (shares) user identities and access rights in the form of digital claims between partner organizations.
Active Directory Rights Management Service (AD RMS)
AD RMS is a feature which safeguards digital information from unauthorized use. The AD RMS role:
- Can define exactly how a recipient can use information, specifying who can open, modify, print, forward, and/or take other actions.
- Allows organizations to create custom usage rights templates (such as “Confidential - Read Only”) that can be applied directly to information such as product specifications, financial reports, e-mail messages, and customer data.
Active Directory Certificate Services (AD CS)
AD CS is an identity and access control feature that creates and manages public key certificates used in software security systems. The AD CS role:
- Provides customizable services for creating and managing public key certificates.
- Enhances security by binding the identity of a person, device, or service to a corresponding private key.
- Includes features that allow you to manage certificate enrollment and revocation in a variety of scalable environments.
AD CS supports:
- Digital signatures
- Encrypting File System (EFS)
- Internet Protocol security (IPsec)
- Secure/Multipurpose Internet Mail Extensions (S/MIME)
- Secure Socket Layer/Transport Layer Security (SSL/TLS)
- Secure wireless networks
- Smart card logon
- Virtual Private Networks (VPN
Server Core Facts
Server core is a minimal server installation option which provides a low-maintenance version of Windows Server 2008. Be aware of the following when using server core:
- The server core interface has limited GUI support, with most tasks being performed only from a command prompt.
- You can only perform a clean installation of server core; you cannot upgrade to or from server core.
- Server core can only run a limited set of server roles:
- Active Directory
- Active Directory Lightweight Directory Services (AD LDS)
- Dynamic Host Configuration Protocol (DHCP) Server
- DNS Server
- File Server
- Print Server
- Media Services
- Web Server (IIS)
- Server core has the following limitations:
- There is no Windows Shell.
- There is no managed code support (no .NET framework). All code has to be native Windows API code.
- There is only MSI support for unattended mode installs.
- To manage a server core system:
- Log on and use the command prompt.
- Log on using Remote Desktop to gain access to the command prompt.
- Use Windows Remote Shell (winrm).
- Run Server Manager or another tool on another computer and connect to the server core system. This method allows you to use a GUI interface for managing the server core system.
- Run oclist to see a list of roles, role services, and features that can be installed on server core.
- Run start /w ocsetup to add server roles to the server core system. Switches for the role or service must be typed exactly as they are listed, and role names are case-sensitive.
