Dynamic Directory Windows Server 2008 R2 Updates .

Uploaded on:
Category: Food / Beverages
Session Objectives And Takeaways. Portray Active Directory highlights in Windows Server 2008 R2Discuss the significance of these elements to our customersDemonstrate how some of these elements will advantage our clients. Motivation. What\'s new in Active Directory for Windows Server 2008 R2?PowerShell CmdletsActive Directory Administrative centerBest Practice AnalyzerRecycle Bin for ADManaged Service
Slide 1

Dynamic Directory Windows Server 2008 R2 Updates

Slide 2

Session Objectives And Takeaways Describe Active Directory includes in Windows Server 2008 R2 Discuss the significance of these elements to our clients Demonstrate how some of these elements will profit our clients

Slide 3

Agenda What\'s new in Active Directory for Windows Server 2008 R2? PowerShell Cmdlets Active Directory Administrative focus Best Practice Analyzer Recycle Bin for AD Managed Service accounts Offline Domain Join Authentication Assurance Health Model and Management Packs Active Directory Tour showing Conclusion

Slide 4

Powershell for AD Command line scripting for authoritative, arrangement and demonstrative errands Past constraints 30+ summon line apparatuses for overseeing AD are not steady in their use Difficult to make these devices to accomplish complex assignments Feature takeaway 85+ AD cmdlets for extensive AD DS and AD LDS organization and setup Communicates utilizing Web Service conventions Can be utilized to oversee Windows Server 2008 and 2003 area controllers, utilizing future AD Web Service download

Slide 5

Powershell Advantages Consistent vocabulary and grammar Predictable revelation Flexible yield designing Cmdlets can be effectively formed (pipe) to fabricate complex operations End-to-End reasonability with Exchange, Group Policy, and so forth

Slide 6

PowerShell Provider Model Provides sessions, server setting, security setting and way setting Enables best works on sharing crosswise over associations Combination of cmdlets & supplier implies commonplace model for clients Perform operations in AD that are like the document framework or registry, for example, rename, move, and so on

Slide 7

Add-ADComputerServiceAccount Add-ADDomainControllerPasswordReplicationPolicy Add-ADFineGrainedPasswordPolicySubject Add-ADGroupMember Add-ADPrincipalGroupMembership Clear-ADAccountExpiration Disable-ADAccount Disable-ADOptionalFeature Enable-ADAccount Enable-ADOptionalFeature Get-ADAccountAuthorizationGroup Get-ADAccountResultantPasswordReplicationPolicy Get-ADComputer Get-ADComputerServiceAccount Get-ADDefaultDomainPasswordPolicy Get-ADDomain Get-ADDomainController Get-ADDomainControllerPasswordReplicationPolicy Get-ADDomainControllerPasswordReplicationPolicyUsage Get-ADFineGrainedPasswordPolicy Get-ADFineGrainedPasswordPolicySubject Get-ADForest Get-ADGroup Get-ADGroupMember Get-ADObject Get-ADOptionalFeature Get-ADOrganizationalUnit Get-ADPrincipalGroupMembership Get-ADRootDSE Get-Command - CommandType Cmdlet *-AD* Get-ADServiceAccount Get-ADUser Get-ADUserResultantPasswordPolicy Install-ADServiceAccount Move-ADDirectoryServer Move-ADDirectoryServerOperationMasterRole Move-ADObject New-ADComputer New-ADFineGrainedPasswordPolicy New-ADGroup New-ADObject New-ADOrganizationalUnit New-ADServiceAccount New-ADUser Remove-ADComputer Remove-ADComputerServiceAccount Remove-ADDomainControllerPasswordReplicationPolicy Remove-ADFineGrainedPasswordPolicy Remove-ADFineGrainedPasswordPolicySubject Remove-ADGroup Remove-ADGroupMember Remove-ADObject Remove-ADOrganizationalUnit Remove-ADPrincipalGroupMembership Remove-ADServiceAccount Remove-ADUser Rename-ADObject Reset-ADServiceAccountPassword Restore-ADObject Search-ADAccount Set-ADAccountControl Set-ADAccountExpiration Set-ADAccountPassword Set-ADComputer Set-ADDefaultDomainPasswordPolicy Set-ADDomain Set-ADDomainMode Set-ADFineGrainedPasswordPolicy Set-ADForest Set-ADForestMode Set-ADGroup Set-ADObject Set-ADOrganizationalUnit Set-ADServiceAccount Set-ADUser Uninstall-ADServiceAccount Unlock-ADAccount

Slide 8

Administrative Center for AD Increase the profitability of IT Pros by giving a versatile, undertaking focused UX for overseeing Active Directory Past restrictions Non assignment situated UI causes client torment Example: resetting client passwords Representation in MMC not adaptable for expansive datasets Feature takeaway Tasks executed through PowerShell Cmdlets Task arranged organization display, with support for bigger datasets Consistency amongst CLI and UI administration capacities Navigation encounter intended to bolster multi-space, multi-woodland conditions

Slide 9

Progressive divulgence Task arranged Powershell based instrumentation Multi-Domains/Multi-Forests

Slide 10

Best Practice Analyzer Identify deviations from best practices to help our clients better deal with their Active Directory organizations Past confinements No simple and mechanized approval of AD design against best practices Feature takeaway Analyzes AD settings that cause most startling conduct in client situations Leverages PowerShell cmdlets to assemble run-time information Makes suggestions with regards to the sending Available through Server Manager BPA runtime device

Slide 11

Best Practice Analyzer first arrangement of situations Version 1.0 of the BPA concentrates for the most part on regular DNS issues Checking SRV records for DC are enlisted with its DNS Server An/AAAA records of a DC are enrolled with its DNS Server DC has a substantial host name Schema Naming Master and Domain Naming Master FSMO are prescribed to be on same machine RID and PDC prescribed to be on same machine Each space is prescribed to have no less than two DCs

Slide 12

Windows Server 2008 Windows Server 2008 R2 Additions GUI CLIENT GUI ADUC/ADSS/ADDT BPA AD MUX CLI MMC WSH CLI ADSI AD PS MUX .NET DS RPC-Based Protocols LDAP WCF WPF SAM DSR … .NET WCF SERVER AD Web Service .NET S.DS.P/S.DS.AM/S.DS.AD DS RPC-Based Protocols LDAP SAM DSR … AD Core AD Core

Slide 13

Recycle Bin for AD Customer can fix a coincidental erasure in Active Directory Past impediments Accidental question cancellation causes business downtime – erased clients can\'t logon or get to corporate assets Accidental erasures are the number #1 reason for AD Disaster\Recovery situations Feature takeaway Recycle container for AD DS and AD LDS objects Feature empowered with another backwoods useful level Requires all DCs in the timberland to be Windows Server 2008 R2 DCs For AD LDS, all reproductions must keep running in another \'application mode\'

Slide 14

Recycle Bin for AD Object Life-cycle 180 Days Live Object Tombstone Object Garbage gathering Windows Server 2008 Returns Tombstones LDAP OID 1.2.840.113556.1.4.417 Windows Server 2008 R2 with Recycle Bin empowered (If not empowered, conduct is like Windows Server 2008) LDAP OID 1.2.840.113556.1.4.2064 Returns Deleted Returns Deleted and Recycled Garbage accumulation Live Object Deleted Object Recycled Object 180 Days 180 Days

Slide 15

Managed Service Accounts Simple administration of administration records Past impediments Management of individual records for administrations is unwieldy Periodic upkeep frequently causes blackouts Example: resetting administration account secret key Feature takeaway A sensible arrangement that locations disconnection requirements for administrations Better SPN administration in Win7 Domain Functional Mode Lower TCO from lessened administration blackouts (for manual watchword resets and related issues) One Managed Service Account for every Service per box No human intercession for secret word administration!

Slide 16

Offline Domain Join Enable less demanding provisioning of machines in the server farm Past restrictions Reboot required after area join Inability to set up the machine to be space joined while disconnected Feature takeaway Ability to pre-arrangement machine accounts in the area to get ready OS pictures for mass sending Machines are space joined on introductory boot Reduces steps and time expected to convey in the server farm

Slide 17

Authentication Assurance Applications can control asset get to in light of confirmation quality and technique Past constraints Customers can\'t utilize verification sort or validation quality to ensure corporate information Example: control access to assets in light of cases, for example, utilization of smartcard for logon or the testament utilized 2048 piece encryption Feature takeaway Administrators can delineate properties, including confirmation sort and verification quality to a character Based on data amid validation, these personalities are added to Kerberos tickets for use by applications Feature is empowered with another space useful level All space controllers in the area should be Window Server 2008 R2 DCs

Slide 18

Health Model Enable IT chairmen to better analyze and resolve Active Directory issues Past confinements Diagnostic data is fragmented and conflicting Feature takeaway Continued speculation towards finishing the wellbeing model A solitary legitimate hotspot for data utilized as a part of Management Packs, Best Practice Analyzer and online documentation

Slide 19

Management Pack Provide proactive checking of accessibility and execution of Active Directory Past impediments Current administration pack needs bolster for Windows Server 2008 and MOM 2007 Feature takeaway Support for Windows Server 2008 area controllers Multiple replication idleness bunches Ability to screen different backwoods from a solitary administration aggregate Management pack for MOM 2007

Slide 20

The excursion to Windows Server 2008 R2 Upgrading to Windows 7 customer while continuing existing servers, you can use: Off-line area join Once AD Web-administration is accessible for existing servers, on the off chance that you move up to Windows 7 customer, you can utilize: AD Powershell and ADAC with every one of your servers Upgrading to Windows 7 customer while introducing at least one Windows Server 2008 R2 (one for every space), you can utilize: Managed benefit account If you change the area utilitarian level to Windows Server 2008 R2, you can utilize: Authentication Assurance Managed benefit account with an improved SPN administration encounter If you change the Forest useful level to Windows Server 2008 R2, you can utilize: AD Recycle-canister

Slide 21

Related Content Visit the Identity & Security stalls for a nitty gritty manual for exercises at TechEd EMEA

Slide 22

Related Co

View more...