Sometimes having a server that “does it all” is quite handy to have around. It may be for testing or development purposes, or perhaps it would be used as a small “all in one” company server. Microsoft do have a Small Business Edition version of Windows Server 2008 (SBS 2008) that can be used for this kind of purpose, but in some cases this solution may be a little overkill. That being said, here is a brief overview of how I configure a single Windows Server 2008 R2 Standard server to provide both a Domain Controller and RDS (formerly Terminal Services) role.
When you configure the first Domain Controller for your organization using the Active Directory Installation Wizard (or dcpromo for short), it is configured with all five FSMO roles by default. Here I will cover how you can view and transfer the specific FSMO roles of various Domain Controllers in your domain. As this is a short how-to article, I won’t go into the specific details of when you would need to transfer roles, but in short you may want to take a certain domain controller down for maintenance one day and may find it necessary to transfer some, or all of these roles.
To start with you will obviously require more than one Domain Controller in your Windows domain. In my case I have a “Primary” and “Secondary” domain controller called “NOOBS-DC1″ and “NOOBS-DC2″.
By now you’ve probably heard about Role Based Access Control (RBAC) in Exchange 2010, which introduces a completely different permission model than was used previously in Exchange 2007. Instead of assigning permissions using access control lists, RBAC uses management roles to delegate what you can do and where you can do it. Exchange provides several built-in roles used for typical management tasks, but in this post we’ll look at a real world example where a custom management role will be required.
In an Active Directory domain running at the Windows Server 2003 or higher functional level the lastLogonTimestamp attribute can be used to find out if a user or computer has logged on to the domain recently. This can be useful information for finding inactive user and computer accounts so that they can be removed from AD.
