Installation and Adminstration of AD_MVP Padman

Click to edit Master title style

TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.

TechNet goes virtual

Active Directory Domain Services in Windows Server 2008 R2 Technical Overview

Padman De SilvaMBCS CITP, MCSE,MSTS, MCSA, CCNA, MVP- Exchange Server



Agenda

• Active Directory Overview • Active Directory Management • Managing Active Directory

Deployments• Identity and Access Management



What’s New in Active Directory?

AD Domain Services

Recycle BinModule for Windows

PowerShell™ and Windows

PowerShell cmdlets

Administrative Center

Best Practices Analyzer

Web ServicesAuthentication Assurance

Offline Domain Join

Management Pack

Manage Service

Accounts



Solutions That Address IT Pro Challenges

Windows Server 2008 R2 Forest Functional Level

New Windows PowerShell cmdletsConsole Enhancements

Task-OrientedBetter Management

Deals with Accidental Object DeletionDeals with Mapping of Various PropertiesDeals with Pre-Provisioning of Computer AccountsDeals with Managed Service AccountsAnalyzers Expanded

to All Core Windows Server 2008 R2 Roles



Agenda

• Active Directory Overview • Active Directory Management• Managing Active Directory




Active Directory Administrative Center

Customizable GUI



Demonstration Environment

Internal Network192.168.16.0

`

SEA-WRK-001192.168.16.5Windows 7

SEA-DC-01192.168.16.1

Windows Server 2008 R2

`

SEA-WRK-002192.168.16.6Windows 7

SEA-CS-01192.168.16.2

Windows Server 2008 R2



• Create an Organizational Unit

• Create a User• Create a New Group and

Add a User

Demonstration: Creating Objects Using Active Directory Administrative Center



Automating Administrative Activities with Windows PowerShell

New FunctionalityActive Directory module provider Active Directory module cmdletsWindows PowerShell Integrated Scripting Environment (ISE)Out-GridView cmdletPerformance counters

Only installs on Windows Server 2008 R2At least one Windows Server 2008 R2 domain controller or LDS configuration setWindows 7 and Report Server Administration Tools (RSAT)

Special Considerations

A Windows PowerShell moduleManage AD domains and Lightweight Directory Services (LDS) configuration setsAD Database Mounting Tool instance

Active Directory Module in Windows Server 2008 R2



• Display Domain Information

• Create a New Organizational Unit

Demonstration: Using the Active Directory Module in PowerShell



Active Directory Recycle Bin

Setup RequirementsAdprep must be used for Windows Server 2003 and Windows Server 2008 forestAll domain controllers in your Active Directory forest are running Windows Server 2008 R2Raise the functional level of your Active Directory forest to Windows Server 2008 R2

The process of enabling Active Directory Recycle Bin is irreversible. After you enable Active Directory Recycle Bin in your environment, you cannot disable it.

Reduces Downtime and EffortAD Objects Are PreservedFunctional for AD DS and AD LDSUse LDP.exe or Windows PowerShell Cmdlets



• Enable Active Directory Recycle Bin

• View Objects That Are in the Deleted Objects Container

• Restore Deleted Objects

Demonstration: Working with the Active Directory Recycle Bin



Agenda





AD DS BPA scans verify:DNS rulesOperation master connectivity rulesOperation master ownership rulesNumber of controllers in the domainRequired services rulesReplication configurations rulesW32time configuration rulesVirtual machine configuration rules

Best Practices Analyzer

BPA Run Time

AD DS BPA Windows PowerShell

Script

AD DS BPAGuidance

AD DS BPARules Set

BPA Run Time

BPA Run TimeAD DS BPA

Report

Document

Schema

1

2

3



• Run AD DS BPA Scan • Run BPA on a Remote

Server

Demonstration: Active Directory Domain Service Best Practices Analyzer Scans



Agenda





Run on Windows® 7 or Windows Server 2008 R2Must have user rights to join workstation to the domainDefaults target domain controller running a version of Windows Server 2008 R2

Special Considerations

Offline Domain Join

Reduces time and effort for large-scale deploymentsEstablishes trust between operating system and Active Directory Domain

Djoin.exe

Advantages

AD state changes are completed without network traffic to the computerComputer state changes are completed without any network traffic to a domain controllerEach change can be completed at different times



• Perform an Offline Domain Join

Demonstration: Using Offline Domain Join



Authentication Mechanism Assurance

For organizations that use certificate-based authentication

Special ConsiderationsNetwork resource administrators can control access to resourcesDistinction in the access token of a user who logs on with certificate-based authentication and a user who logs on with a different method of authentication

Features



Prerequisites for Authentication Mechanism Assurance

Increase the Domain Functional Level to Windows Server 2008 R2

Established a Certificate-BasedAuthentication Method

The Certificates for Logon Must Be Distributed from a Certificate Issuance Policy

Available in the following editions:

• Windows Server 2008 R2 with or without Hyper-V™

• Standard, Enterprise, and Datacenter



Management of Service Accounts

Domain-Based Service Accounts Managed by ADEnhanced Security

Less Disruption of ServiceReduce Recurrent Administrative Tasks

Administrative BenefitsCreate class domain accountsAccounts are now reset automaticallySPN management tasks are not completedCan be delegated to non-administrators

SQL IIS

Managed ServiceAccount

Local Accounts

Virtual Accounts



Session Summary

• Active Directory Domain Services improves management capabilities that automate Active Directory tasks

• The new Active Directory Administrative Console and Windows PowerShell module allow for flexible discovery and output

• Use and implement the new features of Windows Server 2008 R2 Domain Services



Where to Find More Information?

Visit TechNet at technet.microsoft.com

Also check out TechNet Edge

edge.technet.com

Or just visit http://go.microsoft.com/?

linkid=9662652

for additional information on this

session.



For the more titles, visithttp://go.microsoft.com/?linkid=9662652

Supporting Publications



For more training information http://go.microsoft.com/?linkid=9662652

Training Resources

Course ID Title

6418B Deploying Windows Server 2008

6430A Planning and Administering Windows

Server 2008 Servers



Become a Microsoft Certified Professional

• What are MCP certifications?– Validation in performing critical IT

functions.

• Why Certify?– WW recognition of skills gained via

experience.– More effective deployments with reduced

costs

• What Certifications are there for IT Pros?– MCTS, MCITP.

www.microsoft.com/certification



Microsoft TechNet Plus

TechNet Plus is an essential premium web-enabled and live support resource that provides IT Professionals with fast and easy access to Microsoft experts, software and technical information, enhancing IT productivity, control and planning.

Evaluate & Learn Plan & Deploy Support & Maintain

Use the TechNet Library to plan for deployment using the Knowledge Base, resource kits, and technical training

Use exclusive tools like System Center Capacity Planner to accurately plan for and deploy Exchange Server and System Center Operations Manager

2 complimentary Professional Support incidents for use 24/7 (20% discount on additional incidents)

Access over 100 managed newsgroups and get next business day response--guaranteed

Use the TechNet Library to maintain your IT environment with security updates, service packs and utilities

Get all these resources and more with a TechNet Plus subscription.For more information visit: technet.microsoft.com/subscriptions

Evaluate full versions of all Microsoft commercial software for evaluation—without time limits. This includes all client, server and Office applications.

Try out all the latest betas before public release

Keep your skills current with quarterly training resources including select Microsoft E-Learning courses



Education

Installation and Adminstration of AD_MVP Padman