Embed Size (px)
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
TechNet goes virtual
Active Directory Domain Services in Windows Server 2008 R2 Technical Overview
Padman De SilvaMBCS CITP, MCSE,MSTS, MCSA, CCNA, MVP- Exchange Server
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
Agenda
• Active Directory Overview • Active Directory Management • Managing Active Directory
Deployments• Identity and Access Management
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
What’s New in Active Directory?
AD Domain Services
Recycle BinModule for Windows
PowerShell™ and Windows
PowerShell cmdlets
Administrative Center
Best Practices Analyzer
Web ServicesAuthentication Assurance
Offline Domain Join
Management Pack
Manage Service
Accounts
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
Solutions That Address IT Pro Challenges
Windows Server 2008 R2 Forest Functional Level
New Windows PowerShell cmdletsConsole Enhancements
Task-OrientedBetter Management
Deals with Accidental Object DeletionDeals with Mapping of Various PropertiesDeals with Pre-Provisioning of Computer AccountsDeals with Managed Service AccountsAnalyzers Expanded
to All Core Windows Server 2008 R2 Roles
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
Agenda
• Active Directory Overview • Active Directory Management• Managing Active Directory
Deployments• Identity and Access Management
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
Active Directory Administrative Center
Customizable GUI
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
Demonstration Environment
Internal Network192.168.16.0
`
SEA-WRK-001192.168.16.5Windows 7
SEA-DC-01192.168.16.1
Windows Server 2008 R2
`
SEA-WRK-002192.168.16.6Windows 7
SEA-CS-01192.168.16.2
Windows Server 2008 R2
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
• Create an Organizational Unit
• Create a User• Create a New Group and
Add a User
Demonstration: Creating Objects Using Active Directory Administrative Center
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
Automating Administrative Activities with Windows PowerShell
New FunctionalityActive Directory module provider Active Directory module cmdletsWindows PowerShell Integrated Scripting Environment (ISE)Out-GridView cmdletPerformance counters
Only installs on Windows Server 2008 R2At least one Windows Server 2008 R2 domain controller or LDS configuration setWindows 7 and Report Server Administration Tools (RSAT)
Special Considerations
A Windows PowerShell moduleManage AD domains and Lightweight Directory Services (LDS) configuration setsAD Database Mounting Tool instance
Active Directory Module in Windows Server 2008 R2
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
• Display Domain Information
• Create a New Organizational Unit
Demonstration: Using the Active Directory Module in PowerShell
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
Active Directory Recycle Bin
Setup RequirementsAdprep must be used for Windows Server 2003 and Windows Server 2008 forestAll domain controllers in your Active Directory forest are running Windows Server 2008 R2Raise the functional level of your Active Directory forest to Windows Server 2008 R2
The process of enabling Active Directory Recycle Bin is irreversible. After you enable Active Directory Recycle Bin in your environment, you cannot disable it.
Reduces Downtime and EffortAD Objects Are PreservedFunctional for AD DS and AD LDSUse LDP.exe or Windows PowerShell Cmdlets
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
• Enable Active Directory Recycle Bin
• View Objects That Are in the Deleted Objects Container
• Restore Deleted Objects
Demonstration: Working with the Active Directory Recycle Bin
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
Agenda
• Active Directory Overview • Active Directory Management • Managing Active Directory
Deployments• Identity and Access Management
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
AD DS BPA scans verify:DNS rulesOperation master connectivity rulesOperation master ownership rulesNumber of controllers in the domainRequired services rulesReplication configurations rulesW32time configuration rulesVirtual machine configuration rules
Best Practices Analyzer
BPA Run Time
AD DS BPA Windows PowerShell
Script
AD DS BPAGuidance
AD DS BPARules Set
BPA Run Time
BPA Run TimeAD DS BPA
Report
Document
Schema
1
2
3
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
• Run AD DS BPA Scan • Run BPA on a Remote
Server
Demonstration: Active Directory Domain Service Best Practices Analyzer Scans
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
Agenda
• Active Directory Overview • Active Directory Management • Managing Active Directory
Deployments• Identity and Access Management
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
Run on Windows® 7 or Windows Server 2008 R2Must have user rights to join workstation to the domainDefaults target domain controller running a version of Windows Server 2008 R2
Special Considerations
Offline Domain Join
Reduces time and effort for large-scale deploymentsEstablishes trust between operating system and Active Directory Domain
Djoin.exe
Advantages
AD state changes are completed without network traffic to the computerComputer state changes are completed without any network traffic to a domain controllerEach change can be completed at different times
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
• Perform an Offline Domain Join
Demonstration: Using Offline Domain Join
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
Authentication Mechanism Assurance
For organizations that use certificate-based authentication
Special ConsiderationsNetwork resource administrators can control access to resourcesDistinction in the access token of a user who logs on with certificate-based authentication and a user who logs on with a different method of authentication
Features
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
Prerequisites for Authentication Mechanism Assurance
Increase the Domain Functional Level to Windows Server 2008 R2
Established a Certificate-BasedAuthentication Method
The Certificates for Logon Must Be Distributed from a Certificate Issuance Policy
Available in the following editions:
• Windows Server 2008 R2 with or without Hyper-V™
• Standard, Enterprise, and Datacenter
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
Management of Service Accounts
Domain-Based Service Accounts Managed by ADEnhanced Security
Less Disruption of ServiceReduce Recurrent Administrative Tasks
Administrative BenefitsCreate class domain accountsAccounts are now reset automaticallySPN management tasks are not completedCan be delegated to non-administrators
SQL IIS
Managed ServiceAccount
Local Accounts
Virtual Accounts
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
Session Summary
• Active Directory Domain Services improves management capabilities that automate Active Directory tasks
• The new Active Directory Administrative Console and Windows PowerShell module allow for flexible discovery and output
• Use and implement the new features of Windows Server 2008 R2 Domain Services
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
Where to Find More Information?
Visit TechNet at technet.microsoft.com
Also check out TechNet Edge
edge.technet.com
Or just visit http://go.microsoft.com/?
linkid=9662652
for additional information on this
session.
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
For the more titles, visithttp://go.microsoft.com/?linkid=9662652
Supporting Publications
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
For more training information http://go.microsoft.com/?linkid=9662652
Training Resources
Course ID Title
6418B Deploying Windows Server 2008
6430A Planning and Administering Windows
Server 2008 Servers
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
Become a Microsoft Certified Professional
• What are MCP certifications?– Validation in performing critical IT
functions.
• Why Certify?– WW recognition of skills gained via
experience.– More effective deployments with reduced
costs
• What Certifications are there for IT Pros?– MCTS, MCITP.
www.microsoft.com/certification
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
Microsoft TechNet Plus
TechNet Plus is an essential premium web-enabled and live support resource that provides IT Professionals with fast and easy access to Microsoft experts, software and technical information, enhancing IT productivity, control and planning.
Evaluate & Learn Plan & Deploy Support & Maintain
Use the TechNet Library to plan for deployment using the Knowledge Base, resource kits, and technical training
Use exclusive tools like System Center Capacity Planner to accurately plan for and deploy Exchange Server and System Center Operations Manager
2 complimentary Professional Support incidents for use 24/7 (20% discount on additional incidents)
Access over 100 managed newsgroups and get next business day response--guaranteed
Use the TechNet Library to maintain your IT environment with security updates, service packs and utilities
Get all these resources and more with a TechNet Plus subscription.For more information visit: technet.microsoft.com/subscriptions
Evaluate full versions of all Microsoft commercial software for evaluation—without time limits. This includes all client, server and Office applications.
Try out all the latest betas before public release
Keep your skills current with quarterly training resources including select Microsoft E-Learning courses
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
