WSV330: Turbo Charge Your Active Directory Implementation

Download Report

Transcript WSV330: Turbo Charge Your Active Directory Implementation 

Active Directory Version
2000
2003
2003 R2
2008
2008 R2
Other (NT4)
2%
27%
16%
3%
24%
28%
X86 = NO DIRECT “in place” UPGRADE PATH
Pre-Migration
Migration planning
•Number of network interface cards (NICs)
Migration
Make destination server a domain
controller
Post-Migration (Optional)
Retire source server
Roll back migration
Prepare source server
•Back up
•Collect migration data
Manually migrate DNS server settings
Troubleshoot migration
Transfer FSMO roles
Prepare destination server
•Install Windows Server 2008 R2
•Assign temporary server name
•Assign temporary IP address
•Join domain
Migrate IP address and rename servers
Perform verification steps
©2009 Microsoft Corporation. All Rights Reserved.
Source Server
Temp Storage
Export Settings
Destination Server
Import Settings
Transfer Data and Shares
Migration Cmdlet
Description
Get-SmigServerFeature
Discovers features available for migration and features in the migration store available for
import
Export-SmigServerSetting
Exports specified role, feature, and OS settings to a migration store
Import-SmigServerSetting
Imports specified role, feature, and OS settings from a migration store
Send-SmigServerData
Transfers data and shares, preserving local and domain permissions
Receive-SmigServerData
Receives transferred data
~1GB
©2009 Microsoft Corporation. All Rights Reserved.
Reduces Downtime and Effort
AD Objects Are Preserved
Functional for AD DS and AD LDS
Use LDP.exe or Windows PowerShell Cmdlets
Setup Requirements
Adprep must be used for Windows Server
2003 and Windows Server 2008 forest
All domain controllers in your
Active Directory forest are running
Windows Server 2008 R2
Raise the functional level of your
Active Directory forest to Windows
Server 2008 R2
The process of enabling Active Directory
Recycle Bin is irreversible. After you enable
Active Directory Recycle Bin in your
environment, you cannot disable it.
Less Disruption of Service
Reduce Recurrent Administrative Tasks
Domain-Based Service Accounts Managed by AD
Enhanced Security
Administrative Benefits
Create class domain accounts
Accounts are now reset automatically
SPN management tasks are not
completed
Can be delegated to non-administrators
Managed Service
Account
Virtual Accounts
Local Accounts
SQL
IIS
Updated Server Manager:
Provides a unified experience for adding, configuring, and managing servers
New in Windows Server 2008 R2!
Over 15 new role services and features
added
New configurations added for Scan
Server, AD CS, and Remote Desktop
Services
Remoting and Windows PowerShell
Integration with BPA
Customizable GUI
Active Directory Module in Windows Server 2008 R2
A Windows PowerShell module
Manage AD domains and Lightweight Directory Services
(LDS) configuration sets
AD Database Mounting Tool instance
New Functionality
Special Considerations
Active Directory module provider
Active Directory module cmdlets
Windows PowerShell Integrated Scripting
Environment (ISE)
Out-GridView cmdlet
Performance counters
Only installs on Windows Server 2008 R2
At least one Windows Server 2008 R2 domain
controller or LDS configuration set
Windows 7 and Report Server Administration
Tools (RSAT)
Djoin.exe
Reduces time and effort for large-scale deployments
Establishes trust between operating system and Active Directory
Domain
Advantages
Special Considerations
AD state changes are completed without
network traffic to the computer
Computer state changes are completed
without any network traffic to a domain
controller
Each change can be completed at different
times
Run on Windows® 7 or Windows Server
2008 R2
Must have user rights to join workstation to
the domain
Defaults target domain controller running a
version of Windows Server 2008 R2
I <3 AD
10 Hot Topics Every IT Admin Needs to Know about Windows Server 2008 R2
www.microsoft.com/teched
www.microsoft.com/learning
http://microsoft.com/technet
http://microsoft.com/msdn
Sign up for Tech·Ed 2011 and save $500
starting June 8 – June 31st
http://northamerica.msteched.com/registration
You can also register at the
North America 2011 kiosk located at registration
Join us in Atlanta next year
http://technet.microsoft.com/en-us/library/dd379558(WS.10).aspx
http://technet.microsoft.com/en-us/library/dd365353(WS.10).aspx
http://technet.microsoft.com/en-us/library/dd378796(WS.10).aspx
http://technet.microsoft.com/en-us/library/dd378896(WS.10).aspx
http://technet.microsoft.com/en-us/magazine/ff679947.aspx
http://technet.microsoft.com/en-us/library/dd392261(WS.10).aspx
http://technet.microsoft.com/en-us/library/cc770842(WS.10).aspx
http://blogs.technet.com/b/askds
http://edge.technet.com/Media/Active-Directory-Recycle-Bin/
www.energizedtech.com