SlideShare a Scribd company logo

It3004 windows server 2012 upgrading active directory

Download as PPTX, PDF
Fabrizio Volpe
Fabrizio Volpe

My speech about upgrading Active Directory to Windows 2012 during Windows Professional Conference 2012 in Milan (Italy). The topics have been : new features of Windows 2012 Directory Services (AD DS), virtualization safe technologies (D.C. cloning and snapshot compatibility), upgrading paths (on-place or addition af a new Windows 2012 D.C.) and migration / parallel environment with ADMT.

Technology
1 of 42
IT3004 - Windows Server 2012: Fabrizio Volpe MVP Directory Upgrading Active Directory Services 2011 & 2012 (Italy) MCITP
Agenda • Nuove Funzionalità e Miglioramenti • Scenari Cloud e Federation per i Directory Services • Upgrade Domain Controllers a Windows Server 2012 • I Passaggi Successivi
Nuove Funzionalità e Miglioramenti Recycle Bin Dynamic Simplified Deployment User Interface Access Control Active Directory Virtualization Safe Active Directory PowerShell History Technology Based Activation Viewer User Interface Fine-Grained Password Rapid Deployment Kerberos Enhancements Policy User Interface Active Directory Active Directory Group Managed Service Replication & Topology Platform Changes Accounts Cmdlets
Simplified Deployment • Solution – integrate preparation steps into the promotion process • automate the pre-requisites between each of them – validate environment-wide pre- requisites before beginning deployment – integrated with Server Manager and remotable – built on Windows PowerShell for command-line and UI consistency – configuration wizard aligns to the most common deployment scenarios
Demo -Windows Server 2012 Domain Controller With GUI
Simplified Deployment: Cosa Cambia ? Streamline the deployment process Minimize odds of deployment failures Optimize for common deployment Minimize number of touch-points paths Bring consistency with other Windows Gain UI-consistency by leveraging an Server roles deployment experiences enhanced command-line experience
Install From Media Create Full NoDefrag %s • Create IFM media without defragmenting for a full AD DC or an AD/LDS instance Windows Server 2012 into folder %s adds two additional options to the Ntdsutil.exe command- Create Sysvol Full NoDefrag %s line tool for the IFM (IFM • Create IFM media with SYSVOL and without Media Creation) menu defragmenting for a full AD DC into folder %s
Simplified Deployment • Requirements – Windows Server 2012 – target forest must be Windows Server 2003 functional level or greater – introducing the first Windows Server 2012 DC requires Enterprise Admin and Schema Admin privileges – subsequent DCs require only Domain Admin privileges within the target domain • Altre features impiegate – DC Promotion Retry Logic – Enhanced Install-from-media (IFM) options – AD FS V2.1 in-the-box
Virtualization-Safe Technology • Background – common virtualization operations such as creating snapshots or copying VMs/VHDs can rollback the state of a virtual DC – introduces USN bubbles leading to permanently divergent state causing: • lingering objects • inconsistent passwords • inconsistent attribute values • schema mismatches if the Schema FSMO is rolled back – the potential also exists for security principals to be created with duplicate SIDs
Virtualization Safe Technology
Che succede se il VM-Generation ID è stato modificato Before any changes are made to the local active directory database the server checks to see what its ‘VM-Generation ID’ is, if it is not what it is expecting then it will do several things. The first thing that will be done is the local RID pool will be invalidated and a new RID pool will be requested from the RID master. Next the invocation ID will be increased so that the when replication happens even though the USN would be the same the domain controllers invocation ID would be different meaning the other domain controllers would accept the update and replicate.
Rapid Deployment – DC Cloning DC Cloning Promote and configure ONLY once Easier and faster to deploy replica DCs Minimizes dependencies/interactions between hypervisor administrators and Active Directory administrators when deploying DCs
Prepare the environment Step 1: Validate that the hypervisor supports VM-Generation ID and therefore, cloning Step 2: Verify the PDC emulator role is hosted by a domain controller that runs Windows Server 2012 and that it is online and reachable by the cloned domain controller during cloning.
Prepare the source domain controller Step 3: Authorize the source domain controller for cloning Step 4: Remove incompatible services or programs or add them to the CustomDCCloneAllowList.xml file. Step 5: Create DCCloneConfig.xml Step 6: Take the source domain controller offline
Create the cloned domain controller Step 7: Copy or export the source VM and add the XML if not already copied Step 8: Create a new virtual machine from the copy Step 9: Start the new virtual machine to commence cloning
Steps for deploying a clone virtualized domain controller • Prerequisites • Step 1: Grant the source virtualized domain controller the permission to be cloned • Step 2: Run Get- ADDCCloningExcludedApplicationList cmdlet • Step 3: Run New-ADDCCloneConfigFile • Step 4: Export and then import the virtual machine of the source domain controller
Demo - DC Cloning
Active Directory Platform Change • Improved allocation and scale of RIDs (relative identifiers), deferred index creation • Kerberos enhancements and support for Kerberos claims in AD FS
Active Directory forest in Windows Azure
Active Directory forest in Windows Azure You can install Windows Server 2012, but be aware that the virtualized domain controller safeguards that are built into Windows Server 2012 are not available on Windows Azure Virtual Networks. The virtualized domain controller safeguards require support for VM- GenerationID, which Windows Azure Virtual Networks do not provide at the present time http://www.windowsazure.com/en- us/manage/services/networking/active-directory- forest/
Active Directory Federation Role description • Simplified, secured identity federation and Web single sign-on (SSO) capabilities. – Federation Service role service – Federation Service Proxy role – Web Agent role services
Active Directory Federation in Windows 2012 Integration with Dynamic Access Control scenarios Improved installation experience using Server Additional Windows PowerShell cmdlet
Active Directory cloud deployments Remote PowerShell • Cloud-based servers can be promoted to domain controllers Active Directory is Deployment with Cloning
Upgrade Domain Controllers a Windows Server 2012 System requirements for installing AD DS on Windows Server 2012 • On domain controllers that you plan to upgrade to Windows Server 2012, make sure that the drive that hosts the Active Directory database (NTDS.DIT) has at least 20% free disk space before you begin the operating system upgrade Tipologia di Installazione • Server Core • Full • Minimal Server Interface
Upgrade Domain Controllers a Windows Server 2012 Supported in-place upgrade paths • Domain controllers that run Windows Server 2008 or Windows Server 2008 R2 can be upgraded to Windows Server 2012 • You cannot upgrade domain controllers that run Windows Server 2003.
Upgrade Domain Controllers a Windows Server 2012 Functional level features and requirements
Upgrade Domain Controllers a Windows Server 2012 Operations master roles
Migrare AD a Windows Server 2012 Upgrading forests and • Using the new Server Manager domains Deploying new replica • Using the new Server Manager DCs Managing AD DS • PowerShell History Viewer using AD • AD Recycle bin GUI Administrative Center • Fine Grained Password Policy GUI
Scenari di Upgrade Da Windows 2003 a Windows 2012 Da Windows 2008 a Windows 2012
Demo – Upgrade To Windows 2012 DC
I Passaggi Successivi • Best Practices Analyzer (BPA)
Promoting a Domain Controller with PowerShell • Install the Active Directory Domain Services role • Prerequisite Checks • Promoting the DC • Best Practices Analyzer
Demo - Promoting a Domain Controller with PowerShell
Limiti di BPA e Prerequisites Checker No check on other No inventory of Microsoft existing application applications or or services on the DC 3rd party applications
Best Practices for Implementing Schema Updates • Test your forest recovery plans. • Test your schema extensions in your recovery environment and in any other test/non-production environments
Planning • Infrastructure Planning and Design documents – http://www.microsoft.com/en- us/download/details.aspx?id=732 • Impatto delle nuove funzionalità – Active Directory Web Services (ADWS) – Virtualized Domain Controller Cloning – Dynamic Access Control (DAC) & Kerberos Flexible Authentication Secure Tunneling (FAST or AKA Kerberos armoring)
Summary of Minimum Requirements With this deployed… ... these features become available • New Active Directory Administrative Center • Windows PowerShell History Viewer + First Windows Server 2012 domain- • • Graphical Recycle Bin and FGPP management Richer authorization through DAC & FCI member • Active Directory-based Activation (or Windows 8 with RSAT installed) • Requires Windows Server 2012 schema extensions • Active Directory Replication & Topology Cmdlets • AD FS (v2.1) • Simplified Deployment and Preparation • Dynamic Access Control policies and claims • Kerberos Claims in AD FS (v2.1) • Cross-domain Kerberos Constrained + First Windows Server 2012 DC Delegation • Group Managed Service Accounts • Virtualization-Safe for the Windows Server 2012 DC • requires Hypervisor support for VM-Gen-ID • Rapid virtual DC deployment through DC- + Windows Server 2012 DC holds PDC cloning FSMO role • requires Hypervisor support for VM-Gen-ID
Migrazione e Ristrutturazione Source domain: Target domain: The source The target domain must be domain must be ADMT 3.2 and Active Directory running running PES 3.1 Migration Tool Windows Server Windows Server installation version 3.2 2003, Windows 2003, Windows errors on Server 2008, or Server 2008, or Windows Server Windows Server Windows Server 2012 2008 R2 2008 R2 http://support.microsoft.com/kb/2753560/en-us
Troubleshooting Domain Controller Deployment General Methodology for Troubleshooting Domain Controller Configuration •Tools and Commands •Logging Options http://technet.microsoft.com/en- us/library/jj592690.aspx
Demo - Troubleshooting
Q&A
Thank you

Recommended

Upgrading from Windows Server 2008 / 2008 R2 to Windows Server 2012
Upgrading from Windows Server 2008 / 2008 R2 to Windows Server 2012Upgrading from Windows Server 2008 / 2008 R2 to Windows Server 2012
Upgrading from Windows Server 2008 / 2008 R2 to Windows Server 2012Harold Wong
 
Skype for business mobility
Skype for business mobilitySkype for business mobility
Skype for business mobilityFabrizio Volpe
 
Skype for business understanding what is new, preview or unchanged
Skype for business understanding what is new, preview or unchangedSkype for business understanding what is new, preview or unchanged
Skype for business understanding what is new, preview or unchangedFabrizio Volpe
 
Deploying lync evaluating costs and complexities
Deploying lync evaluating costs and complexitiesDeploying lync evaluating costs and complexities
Deploying lync evaluating costs and complexitiesFabrizio Volpe
 
Hybrid Clouds: “Silver Bullet” of the Cloud Computing?
Hybrid Clouds: “Silver Bullet” of the Cloud Computing?Hybrid Clouds: “Silver Bullet” of the Cloud Computing?
Hybrid Clouds: “Silver Bullet” of the Cloud Computing?Fabrizio Volpe
 
Forefront Unified Access Gateway 2010: An Introduction To Enterprise Features
Forefront Unified Access Gateway 2010: An Introduction To Enterprise FeaturesForefront Unified Access Gateway 2010: An Introduction To Enterprise Features
Forefront Unified Access Gateway 2010: An Introduction To Enterprise FeaturesFabrizio Volpe
 
Lync server overview (Inroduction) US English
Lync server overview (Inroduction) US EnglishLync server overview (Inroduction) US English
Lync server overview (Inroduction) US EnglishFabrizio Volpe
 
Planning, deploying and managing a microsoft vdi infrastructure (slides tra...
Planning, deploying and managing a microsoft vdi infrastructure (slides tra...Planning, deploying and managing a microsoft vdi infrastructure (slides tra...
Planning, deploying and managing a microsoft vdi infrastructure (slides tra...Fabrizio Volpe
 

Recommended

Upgrading from Windows Server 2008 / 2008 R2 to Windows Server 2012
Upgrading from Windows Server 2008 / 2008 R2 to Windows Server 2012Upgrading from Windows Server 2008 / 2008 R2 to Windows Server 2012
Upgrading from Windows Server 2008 / 2008 R2 to Windows Server 2012Harold Wong
 
Skype for business mobility
Skype for business mobilitySkype for business mobility
Skype for business mobilityFabrizio Volpe
 
Skype for business understanding what is new, preview or unchanged
Skype for business understanding what is new, preview or unchangedSkype for business understanding what is new, preview or unchanged
Skype for business understanding what is new, preview or unchangedFabrizio Volpe
 
Deploying lync evaluating costs and complexities
Deploying lync evaluating costs and complexitiesDeploying lync evaluating costs and complexities
Deploying lync evaluating costs and complexitiesFabrizio Volpe
 
Hybrid Clouds: “Silver Bullet” of the Cloud Computing?
Hybrid Clouds: “Silver Bullet” of the Cloud Computing?Hybrid Clouds: “Silver Bullet” of the Cloud Computing?
Hybrid Clouds: “Silver Bullet” of the Cloud Computing?Fabrizio Volpe
 
Forefront Unified Access Gateway 2010: An Introduction To Enterprise Features
Forefront Unified Access Gateway 2010: An Introduction To Enterprise FeaturesForefront Unified Access Gateway 2010: An Introduction To Enterprise Features
Forefront Unified Access Gateway 2010: An Introduction To Enterprise FeaturesFabrizio Volpe
 
Lync server overview (Inroduction) US English
Lync server overview (Inroduction) US EnglishLync server overview (Inroduction) US English
Lync server overview (Inroduction) US EnglishFabrizio Volpe
 
Planning, deploying and managing a microsoft vdi infrastructure (slides tra...
Planning, deploying and managing a microsoft vdi infrastructure (slides tra...Planning, deploying and managing a microsoft vdi infrastructure (slides tra...
Planning, deploying and managing a microsoft vdi infrastructure (slides tra...Fabrizio Volpe
 
Private cloud infrastructure configure and deploy 24 hiapc fabrizio volpe
Private cloud infrastructure configure and deploy 24 hiapc fabrizio volpePrivate cloud infrastructure configure and deploy 24 hiapc fabrizio volpe
Private cloud infrastructure configure and deploy 24 hiapc fabrizio volpeFabrizio Volpe
 
Infrastructure components configure and deploy 24 hiapc fabrizio volpe
Infrastructure components configure and deploy 24 hiapc fabrizio volpeInfrastructure components configure and deploy 24 hiapc fabrizio volpe
Infrastructure components configure and deploy 24 hiapc fabrizio volpeFabrizio Volpe
 
Lync Server 2010: High Availability [I3004]
Lync Server 2010: High Availability [I3004] Lync Server 2010: High Availability [I3004]
Lync Server 2010: High Availability [I3004] Fabrizio Volpe
 
Lync Server 2010: Introduzione [I2001]
Lync Server 2010: Introduzione [I2001]Lync Server 2010: Introduzione [I2001]
Lync Server 2010: Introduzione [I2001]Fabrizio Volpe
 
Lync server 2010 overview
Lync server 2010 overviewLync server 2010 overview
Lync server 2010 overviewFabrizio Volpe
 
4. tmg 2010 e uag 2010
4. tmg 2010 e uag 20104. tmg 2010 e uag 2010
4. tmg 2010 e uag 2010Fabrizio Volpe
 
3. email relay fpe
3. email relay fpe3. email relay fpe
3. email relay fpeFabrizio Volpe
 
2. secure web gateway
2. secure web gateway2. secure web gateway
2. secure web gatewayFabrizio Volpe
 
1. introduzione a TMG
1. introduzione a TMG1. introduzione a TMG
1. introduzione a TMGFabrizio Volpe
 
System center virtual machine manager self service portal 2.0
System center virtual machine manager self service portal 2.0System center virtual machine manager self service portal 2.0
System center virtual machine manager self service portal 2.0Fabrizio Volpe
 
Pianificare, realizzare e gestire una infrastruttura Microsoft VDI
Pianificare, realizzare e gestire una infrastruttura Microsoft VDIPianificare, realizzare e gestire una infrastruttura Microsoft VDI
Pianificare, realizzare e gestire una infrastruttura Microsoft VDIFabrizio Volpe
 
Community Days 2012 - Tecnologie di desktop virtualization
Community Days 2012 - Tecnologie di desktop virtualization Community Days 2012 - Tecnologie di desktop virtualization
Community Days 2012 - Tecnologie di desktop virtualization Fabrizio Volpe
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 

More Related Content

More from Fabrizio Volpe

Private cloud infrastructure configure and deploy 24 hiapc fabrizio volpe
Private cloud infrastructure configure and deploy 24 hiapc fabrizio volpePrivate cloud infrastructure configure and deploy 24 hiapc fabrizio volpe
Private cloud infrastructure configure and deploy 24 hiapc fabrizio volpeFabrizio Volpe
 
Infrastructure components configure and deploy 24 hiapc fabrizio volpe
Infrastructure components configure and deploy 24 hiapc fabrizio volpeInfrastructure components configure and deploy 24 hiapc fabrizio volpe
Infrastructure components configure and deploy 24 hiapc fabrizio volpeFabrizio Volpe
 
Lync Server 2010: High Availability [I3004]
Lync Server 2010: High Availability [I3004] Lync Server 2010: High Availability [I3004]
Lync Server 2010: High Availability [I3004] Fabrizio Volpe
 
Lync Server 2010: Introduzione [I2001]
Lync Server 2010: Introduzione [I2001]Lync Server 2010: Introduzione [I2001]
Lync Server 2010: Introduzione [I2001]Fabrizio Volpe
 
Lync server 2010 overview
Lync server 2010 overviewLync server 2010 overview
Lync server 2010 overviewFabrizio Volpe
 
4. tmg 2010 e uag 2010
4. tmg 2010 e uag 20104. tmg 2010 e uag 2010
4. tmg 2010 e uag 2010Fabrizio Volpe
 
System center virtual machine manager self service portal 2.0
System center virtual machine manager self service portal 2.0System center virtual machine manager self service portal 2.0
System center virtual machine manager self service portal 2.0Fabrizio Volpe
 
Pianificare, realizzare e gestire una infrastruttura Microsoft VDI
Pianificare, realizzare e gestire una infrastruttura Microsoft VDIPianificare, realizzare e gestire una infrastruttura Microsoft VDI
Pianificare, realizzare e gestire una infrastruttura Microsoft VDIFabrizio Volpe
 
Community Days 2012 - Tecnologie di desktop virtualization
Community Days 2012 - Tecnologie di desktop virtualization Community Days 2012 - Tecnologie di desktop virtualization
Community Days 2012 - Tecnologie di desktop virtualization Fabrizio Volpe
 

More from Fabrizio Volpe (12)

Private cloud infrastructure configure and deploy 24 hiapc fabrizio volpe
Private cloud infrastructure configure and deploy 24 hiapc fabrizio volpePrivate cloud infrastructure configure and deploy 24 hiapc fabrizio volpe
Private cloud infrastructure configure and deploy 24 hiapc fabrizio volpe
 
Infrastructure components configure and deploy 24 hiapc fabrizio volpe
Infrastructure components configure and deploy 24 hiapc fabrizio volpeInfrastructure components configure and deploy 24 hiapc fabrizio volpe
Infrastructure components configure and deploy 24 hiapc fabrizio volpe
 
Lync Server 2010: High Availability [I3004]
Lync Server 2010: High Availability [I3004] Lync Server 2010: High Availability [I3004]
Lync Server 2010: High Availability [I3004]
 
Lync Server 2010: Introduzione [I2001]
Lync Server 2010: Introduzione [I2001]Lync Server 2010: Introduzione [I2001]
Lync Server 2010: Introduzione [I2001]
 
Lync server 2010 overview
Lync server 2010 overviewLync server 2010 overview
Lync server 2010 overview
 
4. tmg 2010 e uag 2010
4. tmg 2010 e uag 20104. tmg 2010 e uag 2010
4. tmg 2010 e uag 2010
 
3. email relay fpe
3. email relay fpe3. email relay fpe
3. email relay fpe
 
2. secure web gateway
2. secure web gateway2. secure web gateway
2. secure web gateway
 
1. introduzione a TMG
1. introduzione a TMG1. introduzione a TMG
1. introduzione a TMG
 
System center virtual machine manager self service portal 2.0
System center virtual machine manager self service portal 2.0System center virtual machine manager self service portal 2.0
System center virtual machine manager self service portal 2.0
 
Pianificare, realizzare e gestire una infrastruttura Microsoft VDI
Pianificare, realizzare e gestire una infrastruttura Microsoft VDIPianificare, realizzare e gestire una infrastruttura Microsoft VDI
Pianificare, realizzare e gestire una infrastruttura Microsoft VDI
 
Community Days 2012 - Tecnologie di desktop virtualization
Community Days 2012 - Tecnologie di desktop virtualization Community Days 2012 - Tecnologie di desktop virtualization
Community Days 2012 - Tecnologie di desktop virtualization
 

Recently uploaded

Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 

Recently uploaded (20)

Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 

It3004 windows server 2012 upgrading active directory

  • 1. IT3004 - Windows Server 2012: Fabrizio Volpe MVP Directory Upgrading Active Directory Services 2011 & 2012 (Italy) MCITP
  • 2. Agenda • Nuove Funzionalità e Miglioramenti • Scenari Cloud e Federation per i Directory Services • Upgrade Domain Controllers a Windows Server 2012 • I Passaggi Successivi
  • 3. Nuove Funzionalità e Miglioramenti Recycle Bin Dynamic Simplified Deployment User Interface Access Control Active Directory Virtualization Safe Active Directory PowerShell History Technology Based Activation Viewer User Interface Fine-Grained Password Rapid Deployment Kerberos Enhancements Policy User Interface Active Directory Active Directory Group Managed Service Replication & Topology Platform Changes Accounts Cmdlets
  • 4. Simplified Deployment • Solution – integrate preparation steps into the promotion process • automate the pre-requisites between each of them – validate environment-wide pre- requisites before beginning deployment – integrated with Server Manager and remotable – built on Windows PowerShell for command-line and UI consistency – configuration wizard aligns to the most common deployment scenarios
  • 5. Demo -Windows Server 2012 Domain Controller With GUI
  • 6. Simplified Deployment: Cosa Cambia ? Streamline the deployment process Minimize odds of deployment failures Optimize for common deployment Minimize number of touch-points paths Bring consistency with other Windows Gain UI-consistency by leveraging an Server roles deployment experiences enhanced command-line experience
  • 7. Install From Media Create Full NoDefrag %s • Create IFM media without defragmenting for a full AD DC or an AD/LDS instance Windows Server 2012 into folder %s adds two additional options to the Ntdsutil.exe command- Create Sysvol Full NoDefrag %s line tool for the IFM (IFM • Create IFM media with SYSVOL and without Media Creation) menu defragmenting for a full AD DC into folder %s
  • 8. Simplified Deployment • Requirements – Windows Server 2012 – target forest must be Windows Server 2003 functional level or greater – introducing the first Windows Server 2012 DC requires Enterprise Admin and Schema Admin privileges – subsequent DCs require only Domain Admin privileges within the target domain • Altre features impiegate – DC Promotion Retry Logic – Enhanced Install-from-media (IFM) options – AD FS V2.1 in-the-box
  • 9. Virtualization-Safe Technology • Background – common virtualization operations such as creating snapshots or copying VMs/VHDs can rollback the state of a virtual DC – introduces USN bubbles leading to permanently divergent state causing: • lingering objects • inconsistent passwords • inconsistent attribute values • schema mismatches if the Schema FSMO is rolled back – the potential also exists for security principals to be created with duplicate SIDs
  • 11. Che succede se il VM-Generation ID è stato modificato Before any changes are made to the local active directory database the server checks to see what its ‘VM-Generation ID’ is, if it is not what it is expecting then it will do several things. The first thing that will be done is the local RID pool will be invalidated and a new RID pool will be requested from the RID master. Next the invocation ID will be increased so that the when replication happens even though the USN would be the same the domain controllers invocation ID would be different meaning the other domain controllers would accept the update and replicate.
  • 12. Rapid Deployment – DC Cloning DC Cloning Promote and configure ONLY once Easier and faster to deploy replica DCs Minimizes dependencies/interactions between hypervisor administrators and Active Directory administrators when deploying DCs
  • 13. Prepare the environment Step 1: Validate that the hypervisor supports VM-Generation ID and therefore, cloning Step 2: Verify the PDC emulator role is hosted by a domain controller that runs Windows Server 2012 and that it is online and reachable by the cloned domain controller during cloning.
  • 14. Prepare the source domain controller Step 3: Authorize the source domain controller for cloning Step 4: Remove incompatible services or programs or add them to the CustomDCCloneAllowList.xml file. Step 5: Create DCCloneConfig.xml Step 6: Take the source domain controller offline
  • 15. Create the cloned domain controller Step 7: Copy or export the source VM and add the XML if not already copied Step 8: Create a new virtual machine from the copy Step 9: Start the new virtual machine to commence cloning
  • 16. Steps for deploying a clone virtualized domain controller • Prerequisites • Step 1: Grant the source virtualized domain controller the permission to be cloned • Step 2: Run Get- ADDCCloningExcludedApplicationList cmdlet • Step 3: Run New-ADDCCloneConfigFile • Step 4: Export and then import the virtual machine of the source domain controller
  • 17. Demo - DC Cloning
  • 18. Active Directory Platform Change • Improved allocation and scale of RIDs (relative identifiers), deferred index creation • Kerberos enhancements and support for Kerberos claims in AD FS
  • 19. Active Directory forest in Windows Azure
  • 20. Active Directory forest in Windows Azure You can install Windows Server 2012, but be aware that the virtualized domain controller safeguards that are built into Windows Server 2012 are not available on Windows Azure Virtual Networks. The virtualized domain controller safeguards require support for VM- GenerationID, which Windows Azure Virtual Networks do not provide at the present time http://www.windowsazure.com/en- us/manage/services/networking/active-directory- forest/
  • 21. Active Directory Federation Role description • Simplified, secured identity federation and Web single sign-on (SSO) capabilities. – Federation Service role service – Federation Service Proxy role – Web Agent role services
  • 22. Active Directory Federation in Windows 2012 Integration with Dynamic Access Control scenarios Improved installation experience using Server Additional Windows PowerShell cmdlet
  • 23. Active Directory cloud deployments Remote PowerShell • Cloud-based servers can be promoted to domain controllers Active Directory is Deployment with Cloning
  • 24. Upgrade Domain Controllers a Windows Server 2012 System requirements for installing AD DS on Windows Server 2012 • On domain controllers that you plan to upgrade to Windows Server 2012, make sure that the drive that hosts the Active Directory database (NTDS.DIT) has at least 20% free disk space before you begin the operating system upgrade Tipologia di Installazione • Server Core • Full • Minimal Server Interface
  • 25. Upgrade Domain Controllers a Windows Server 2012 Supported in-place upgrade paths • Domain controllers that run Windows Server 2008 or Windows Server 2008 R2 can be upgraded to Windows Server 2012 • You cannot upgrade domain controllers that run Windows Server 2003.
  • 26. Upgrade Domain Controllers a Windows Server 2012 Functional level features and requirements
  • 27. Upgrade Domain Controllers a Windows Server 2012 Operations master roles
  • 28. Migrare AD a Windows Server 2012 Upgrading forests and • Using the new Server Manager domains Deploying new replica • Using the new Server Manager DCs Managing AD DS • PowerShell History Viewer using AD • AD Recycle bin GUI Administrative Center • Fine Grained Password Policy GUI
  • 29. Scenari di Upgrade Da Windows 2003 a Windows 2012 Da Windows 2008 a Windows 2012
  • 30. Demo – Upgrade To Windows 2012 DC
  • 31. I Passaggi Successivi • Best Practices Analyzer (BPA)
  • 32. Promoting a Domain Controller with PowerShell • Install the Active Directory Domain Services role • Prerequisite Checks • Promoting the DC • Best Practices Analyzer
  • 33. Demo - Promoting a Domain Controller with PowerShell
  • 34. Limiti di BPA e Prerequisites Checker No check on other No inventory of Microsoft existing application applications or or services on the DC 3rd party applications
  • 35. Best Practices for Implementing Schema Updates • Test your forest recovery plans. • Test your schema extensions in your recovery environment and in any other test/non-production environments
  • 36. Planning • Infrastructure Planning and Design documents – http://www.microsoft.com/en- us/download/details.aspx?id=732 • Impatto delle nuove funzionalità – Active Directory Web Services (ADWS) – Virtualized Domain Controller Cloning – Dynamic Access Control (DAC) & Kerberos Flexible Authentication Secure Tunneling (FAST or AKA Kerberos armoring)
  • 37. Summary of Minimum Requirements With this deployed… ... these features become available • New Active Directory Administrative Center • Windows PowerShell History Viewer + First Windows Server 2012 domain- • • Graphical Recycle Bin and FGPP management Richer authorization through DAC & FCI member • Active Directory-based Activation (or Windows 8 with RSAT installed) • Requires Windows Server 2012 schema extensions • Active Directory Replication & Topology Cmdlets • AD FS (v2.1) • Simplified Deployment and Preparation • Dynamic Access Control policies and claims • Kerberos Claims in AD FS (v2.1) • Cross-domain Kerberos Constrained + First Windows Server 2012 DC Delegation • Group Managed Service Accounts • Virtualization-Safe for the Windows Server 2012 DC • requires Hypervisor support for VM-Gen-ID • Rapid virtual DC deployment through DC- + Windows Server 2012 DC holds PDC cloning FSMO role • requires Hypervisor support for VM-Gen-ID
  • 38. Migrazione e Ristrutturazione Source domain: Target domain: The source The target domain must be domain must be ADMT 3.2 and Active Directory running running PES 3.1 Migration Tool Windows Server Windows Server installation version 3.2 2003, Windows 2003, Windows errors on Server 2008, or Server 2008, or Windows Server Windows Server Windows Server 2012 2008 R2 2008 R2 http://support.microsoft.com/kb/2753560/en-us
  • 39. Troubleshooting Domain Controller Deployment General Methodology for Troubleshooting Domain Controller Configuration •Tools and Commands •Logging Options http://technet.microsoft.com/en- us/library/jj592690.aspx
  • 41. Q&A

Editor's Notes

  1. http://technet.microsoft.com/en-us/library/hh994618
  2. http://technet.microsoft.com/en-us/library/hh994618