Migrating Windows XP to Windows 7: Get it done using Microsoft Deployment Tools<br />Harold Wong<br />IT Pro Evangelist <b...
Event Schedule<br />8:30am – Introduction and Welcome<br />8:45am –Session 1: Migrating Windows XP to Windows 7: <br />   ...
Migrating Windows XP to Windows 7: <br />
Agenda<br />Windows Easy Transfer<br />Deployment Tools<br />Using USMT Hard-link Migration<br />Summary of Deployment Sol...
Windows Easy Transfer<br />Easily Move Files and Settings<br />Supports Windows 2000, Windows XP and Windows Vista<br />Tr...
Demo<br />Windows Easy Transfer <br />
Deployment Tools<br />Automated Installation Toolkit (AIK)<br />User State Migration Tool (USMT)<br />Microsoft Deployment...
Automated Installation Toolkit (AIK)<br />Windows System Image Manager (WSIM)<br />ImageX<br />Deployment Image Servicing ...
User State Migration Tool<br />Migrates Files and Settings<br />Computer Replacement and Computer Refresh Migrations<br />...
Microsoft Deployment Toolkit 2010<br />Unified tools and processes <br />Reduced deployment time<br />“Lite-touch” deploym...
“Lite-Touch” High-Volume Deployment<br />Client Migration Store – AIK and USMT<br />Connected to WORKGROUP<br />Source Com...
Demo<br />“Lite-Touch” High-Volume Deployment using the User State Migration Tool’s (USMT) Scanstate and Loadstate<br />
“Zero-Touch” High-Volume Deployment<br />Migration Store Server<br />Decommission<br />Destination Computer<br />Use Log-o...
Summary of Deployment Solutions<br />Slide 14<br />
Summary<br />Many Deployment Tools and options for all scenarios from a single PC to 1,000s<br />Easy Transfer makes it si...
TechNet Plus Direct Subscription<br />The ultimate resource for IT professionals. TechNet Plus provides convenient access ...
IT Pro Momentum Invitation<br />A Microsoft program focused on supporting “early adopters” – IT professionals who bet on t...
Momentum 2009 Products<br />
Resources for Windows 7 Deployment<br />Windows 7 Deployment Guide<br />http://technet.microsoft.com/en-us/library/dd34933...
Break Time:  15 minutes<br />
Securing Windows® 7 in a Windows Server® 2008 R2 Environment<br />
What Will We Cover?<br />Better Together<br />User Interface Improvements<br />DirectAccess and Terminal Services Gateway<...
Agenda<br />Reviewing Network Access Protection<br />Examining Deployment Improvements<br />Exploring Configuration and Ma...
Business and Technical Benefits<br />Reduce the risk of network security threats<br />
Business and Technical Benefits<br />Reduce the risk of network security threats<br />Safeguard sensitive data and intelle...
Business and Technical Benefits<br />Reduce the risk of network security threats<br />Safeguard sensitive data and intelle...
Remediation<br />Servers<br />Example: Patch<br />Network Access Protection<br />Corporate Network<br />Policy Servers<br ...
Remediation<br />Servers<br />Example: Patch<br />Network Access Protection<br />Corporate Network<br />Policy Servers<br ...
Remediation<br />Servers<br />Example: Patch<br />Network Access Protection<br />Corporate Network<br />Policy Servers<br ...
Remediation<br />Servers<br />Example: Patch<br />Network Access Protection<br />Corporate Network<br />Policy Servers<br ...
Remediation<br />Servers<br />Example: Patch<br />Network Access Protection<br />Corporate Network<br />Policy Servers<br ...
Demonstration: Configuring NAP<br /><ul><li>Configure PKI
Install NAP
Configure Basics</li></li></ul><li>Agenda<br />Reviewing Network Access Protection<br />Examining Deployment Improvements<...
NPS Updates<br />NPS Templates<br />Network Policy Server<br />Logging Improvements<br />UTF-8<br />
Agenda<br />Reviewing Network Access Protection<br />Examining Deployment Improvements<br />Exploring Configuration and Ma...
Multiple SHV Policy<br />A single server can now enforce a number of different health policies using a single system healt...
New NAP Client User Interface<br />Messaging Integration with Action Center Tray Icon<br />Integration with Windows 7 Acti...
Agenda<br />Reviewing Network Access Protection<br />Examining Deployment Improvements<br />Exploring Configuration and Ma...
Integration Improvements<br />Remote Desktop Gateway<br />Microsoft Confidential<br />
Integration Improvements<br />Remote Desktop Gateway<br />DirectAccess<br />Microsoft Confidential<br />
Integration Improvements<br />Remote Desktop Gateway<br />DirectAccess<br />Microsoft® Forefront™ code name Stirling<br />...
DirectAccess Technical Details<br />IPv6 Devices<br />IPv4 Devices<br />IT desktop management<br />IPv6 Transition Service...
DirectAccess Technical Details<br />IPv6 Devices<br />IPv4 Devices<br />IT desktop management<br />IPv6 Transition Service...
DirectAccess Technical Details<br />Direct connectivity to IPv6-based Intranet resources<br />IPv6 Devices<br />IPv4 Devic...
DirectAccess Technical Details<br />Direct connectivity to IPv6-based Intranet resources<br />IPv6 Devices<br />IPv4 Devic...
Demonstration: Direct Access - End User Experience<br /><ul><li>DirectAccess</li></li></ul><li>Session Summary<br />Better...
Break Time:  15 minutes<br />
Active Directory Domain Services in Windows Server 2008 R2 Technical Overview<br />
What Will We Cover?<br />Identity Management and Simplified Management Capabilities <br />Improved Management of User Acco...
What Will We Cover? <br />Identity Management and Simplified Management Capabilities <br />Improved Management of User Acc...
Agenda<br />Active Directory Overview <br />Active Directory Management <br />Managing Active Directory Deployments<br />I...
Solutions That  Address IT Pro Challenges<br />New Windows PowerShell cmdlets<br />Console Enhancements<br />
Solutions That  Address IT Pro Challenges<br />New Windows PowerShell cmdlets<br />Console Enhancements<br />Task-Oriented...
Solutions That  Address IT Pro Challenges<br />New Windows PowerShell cmdlets<br />Console Enhancements<br />Task-Oriented...
Solutions That  Address IT Pro Challenges<br />Windows Server 2008 R2 <br />Forest Functional Level<br />New Windows Power...
Agenda<br />Active Directory Overview <br />Active Directory Management<br />Managing Active Directory Deployments<br />Id...
Active Directory Administrative Center<br />Customizable GUI <br />
Active Directory Administrative Center<br />Customizable GUI <br />
Active Directory Administrative Center<br />Customizable GUI <br />
Demonstration Environment<br />
Create an Organizational Unit<br />Create a User<br />Create a New Group and Add a User<br />Demonstration: Creating Objec...
Active Directory Recycle Bin<br />Reduces Downtime and Effort<br />AD Objects Are Preserved<br />Functional for AD DS and ...
Active Directory Recycle Bin—Notes<br />Reduces Downtime and Effort<br />AD Objects Are Preserved<br />Functional for AD D...
Active Directory Recycle Bin—Notes<br />Reduces Downtime and Effort<br />AD Objects Are Preserved<br />Functional for AD D...
Enable Active Directory Recycle Bin<br />View Objects That Are in the Deleted Objects Container<br />Restore Deleted Objec...
Agenda<br />Active Directory Overview <br />Active Directory Management <br />Managing Active Directory Deployments<br />I...
Best Practices Analyzer<br />1<br />BPA Run Time<br />
Best Practices Analyzer<br />AD DS BPA<br /> Windows PowerShell<br /> Script<br />1<br />BPA Run Time<br />
AD DS BPA  scans verify:<br /><ul><li>DNS rules
Operation master connectivity rules
Operation master ownership rules
Number of controllers in the domain
Required services rules
Replication configurations rules
W32time configuration rules
Virtual machine configuration rules</li></ul>Best Practices Analyzer<br />AD DS BPA<br /> Windows PowerShell<br /> Script<...
Best Practices Analyzer—Notes<br />AD DS BPA  scans verify:<br /><ul><li>DNS rules
Operation master connectivity rules
Operation master ownership rules
Number of controllers in the domain
Required services rules
Replication configurations rules
Upcoming SlideShare
Loading in …5
×

Q1 Southern California Session Slides

1,244 views
1,145 views

Published on

Slide deck from Events in Irvine, Los Angeles and San Diego on September 9, 10, and 11. The three sessions covered Migration from Windows XP to Windows 7, Securing Windows 7 and New Features in Windows Server 2008 R2 Directory Services.

Published in: Technology, News & Politics
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,244
On SlideShare
0
From Embeds
0
Number of Embeds
4
Actions
Shares
0
Downloads
55
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Q1 Southern California Session Slides

  1. 1. Migrating Windows XP to Windows 7: Get it done using Microsoft Deployment Tools<br />Harold Wong<br />IT Pro Evangelist <br />Microsoft Corporation<br />blogs.technet.com/haroldwong<br />
  2. 2. Event Schedule<br />8:30am – Introduction and Welcome<br />8:45am –Session 1: Migrating Windows XP to Windows 7: <br /> Get it done using Microsoft Deployment Tools<br />9:40 – Break <br />9:55 –Session 2: Securing Windows 7 in a Windows Server 2008 R2 Environment<br />10:40 – Break <br />10:55 –Session 3: New Features in Windows Server 2008 R2 Directory Services<br />– Drawing <br />Afternoon MSDN will be here so stick around if you can <br />
  3. 3. Migrating Windows XP to Windows 7: <br />
  4. 4. Agenda<br />Windows Easy Transfer<br />Deployment Tools<br />Using USMT Hard-link Migration<br />Summary of Deployment Solutions<br />
  5. 5. Windows Easy Transfer<br />Easily Move Files and Settings<br />Supports Windows 2000, Windows XP and Windows Vista<br />Transfer done with:<br />Cable<br />USB Drive<br />Between Computers in a Network<br />
  6. 6. Demo<br />Windows Easy Transfer <br />
  7. 7. Deployment Tools<br />Automated Installation Toolkit (AIK)<br />User State Migration Tool (USMT)<br />Microsoft Deployment Toolkit (MDT 2010)<br />
  8. 8. Automated Installation Toolkit (AIK)<br />Windows System Image Manager (WSIM)<br />ImageX<br />Deployment Image Servicing and Management (DISM) <br />Windows Preinstallation Environment (WinPE) <br />User State Migration Tool (USMT)<br />
  9. 9. User State Migration Tool<br />Migrates Files and Settings<br />Computer Replacement and Computer Refresh Migrations<br />Scriptable<br />Hard-Link Migration Store<br />Benefits and Limitations<br />
  10. 10. Microsoft Deployment Toolkit 2010<br />Unified tools and processes <br />Reduced deployment time<br />“Lite-touch” deployments leveraging Windows deployment tools<br />“Zero-touch” deployments leveraging System Center Configuration Manager 2007 and Windows deployment tools. <br />Support for Windows 7, Windows Server R2<br />. <br />
  11. 11. “Lite-Touch” High-Volume Deployment<br />Client Migration Store – AIK and USMT<br />Connected to WORKGROUP<br />Source Computer<br />Run ScanStateand copies user state to shared folder on Windows 7 Client<br />Destination Computer<br />RunLoadStateon new Windows 7 platform and restores Windows XP user state from shared folder on Windows 7 Client<br />Destination Computer<br />RunLoadStateon new Widows 7 platform and restores Windows Vista user state from shared folder on Windows 7 Client<br />Source Computer<br />Run ScanStateand copies user state to shared folder on Windows 7 Client<br />
  12. 12. Demo<br />“Lite-Touch” High-Volume Deployment using the User State Migration Tool’s (USMT) Scanstate and Loadstate<br />
  13. 13. “Zero-Touch” High-Volume Deployment<br />Migration Store Server<br />Decommission<br />Destination Computer<br />Use Log-on Script, batch file or non-Microsoft technology to run LoadStateon new Windows 7 platform and restores Windows XP user state from server<br />Source Computer<br />Use Log-on Script, batch file or non-Microsoft technology to run ScanStateand copies user state to network server<br />Source Computer<br />Use Log-on Script, batch file or non-Microsoft technology to run ScanStateand copies user state to network server<br />Destination Computer<br />Use Log-on Script, batch file or non-Microsoft technology to runLoadStateon new Windows 7 platform and restores Windows Vista user state from server<br />Source Computer<br />Use Log-on Script, batch file or non-Microsoft technology to run ScanStateand copies user state to network server<br />
  14. 14. Summary of Deployment Solutions<br />Slide 14<br />
  15. 15. Summary<br />Many Deployment Tools and options for all scenarios from a single PC to 1,000s<br />Easy Transfer makes it simple to move user data<br />New Hard-link Migration Option in USMT<br />
  16. 16. TechNet Plus Direct Subscription<br />The ultimate resource for IT professionals. TechNet Plus provides convenient access to full-version Microsoft evaluation software—without time limits! The annual subscription also includes Professional Support incidents, a technical information library, and many other resources for evaluating, deploying, and maintaining Microsoft software.<br />Microsoft software licensed for evaluation purposes.<br />Beta software. <br />Professional Support Incidents.<br />Managed Newsgroup Support. <br />Technical resources for Microsoft products.. <br />Microsoft eLearning courses.<br />Online Concierge Chat. <br />Want a 25% Discount on a new Subscription?<br />Use Discount Code TMSAM04<br />
  17. 17. IT Pro Momentum Invitation<br />A Microsoft program focused on supporting “early adopters” – IT professionals who bet on the newest technologies to drive business value for their companies and advance in their careers <br />Are you?<br />Interested in learning more about the newest Microsoft technologies?<br />Need help to evaluate different Microsoft products and features? <br />Willing to test and pilot in production Microsoft beta products?<br />Would like to have access to exclusive forums and Microsoft product support?<br />Want to share your early adoption experience with the IT Pro community world-wide?<br />If you answered ‘yes’ for all the questions above, IT Pro Momentum can help!<br />Send email with “Add to Momentum” in the subject<br />Harold.wong@microsoft.com<br />
  18. 18. Momentum 2009 Products<br />
  19. 19. Resources for Windows 7 Deployment<br />Windows 7 Deployment Guide<br />http://technet.microsoft.com/en-us/library/dd349337(WS.10).aspx<br />Microsoft Deployment Toolkit 2010<br />https://connect.microsoft.com/content/content.aspx?ContentID=12463&SiteID=14<br />
  20. 20. Break Time: 15 minutes<br />
  21. 21. Securing Windows® 7 in a Windows Server® 2008 R2 Environment<br />
  22. 22. What Will We Cover?<br />Better Together<br />User Interface Improvements<br />DirectAccess and Terminal Services Gateway<br />Health Policies<br />
  23. 23. Agenda<br />Reviewing Network Access Protection<br />Examining Deployment Improvements<br />Exploring Configuration and Management<br />Viewing Network Access Protection Integration Improvements<br />
  24. 24. Business and Technical Benefits<br />Reduce the risk of network security threats<br />
  25. 25. Business and Technical Benefits<br />Reduce the risk of network security threats<br />Safeguard sensitive data and intellectual property<br />
  26. 26. Business and Technical Benefits<br />Reduce the risk of network security threats<br />Safeguard sensitive data and intellectual property<br />Extend the value of existing investments<br />
  27. 27. Remediation<br />Servers<br />Example: Patch<br />Network Access Protection<br />Corporate Network<br />Policy Servers<br />such as: Patch, AV<br />1<br />DHCP, VPN<br />Switch/Router <br />Windows<br />Client<br />Restricted<br />Network<br />NPS<br />Client requests access to network and presents current health state<br />1<br />
  28. 28. Remediation<br />Servers<br />Example: Patch<br />Network Access Protection<br />Corporate Network<br />Policy Servers<br />such as: Patch, AV<br />1<br />2<br />DHCP, VPN<br />Switch/Router <br />Windows<br />Client<br />Restricted<br />Network<br />NPS<br />DHCP, VPN or Switch/Router relays health status to Microsoft Network Policy Server (RADIUS)<br />2<br />
  29. 29. Remediation<br />Servers<br />Example: Patch<br />Network Access Protection<br />Corporate Network<br />Policy Servers<br />such as: Patch, AV<br />3<br />1<br />2<br />DHCP, VPN<br />Switch/Router <br />Windows<br />Client<br />Restricted<br />Network<br />NPS<br />Network Policy Server (NPS) validates against IT-defined health policy<br />3<br />
  30. 30. Remediation<br />Servers<br />Example: Patch<br />Network Access Protection<br />Corporate Network<br />Policy Servers<br />such as: Patch, AV<br />3<br />1<br />2<br />Not policy compliant<br />4<br />DHCP, VPN<br />Switch/Router <br />Windows<br />Client<br />Restricted<br />Network<br />NPS<br />If not policy compliant, client is put in a restricted VLAN and given access to fix up resources to download patches, configurations, signatures (Repeat 1-4)<br />4<br />
  31. 31. Remediation<br />Servers<br />Example: Patch<br />Network Access Protection<br />Corporate Network<br />Policy Servers<br />such as: Patch, AV<br />3<br />1<br />2<br />Not policy compliant<br />4<br />DHCP, VPN<br />Switch/Router <br />Windows<br />Client<br />Restricted<br />Network<br />NPS<br />Policy compliant<br />5<br />If policy compliant, client is granted full access to corporate network<br />5<br />
  32. 32. Demonstration: Configuring NAP<br /><ul><li>Configure PKI
  33. 33. Install NAP
  34. 34. Configure Basics</li></li></ul><li>Agenda<br />Reviewing Network Access Protection<br />Examining Deployment Improvements<br />Exploring Configuration and Management<br />Viewing Network Access Protection Integration Improvements<br />
  35. 35. NPS Updates<br />NPS Templates<br />Network Policy Server<br />Logging Improvements<br />UTF-8<br />
  36. 36. Agenda<br />Reviewing Network Access Protection<br />Examining Deployment Improvements<br />Exploring Configuration and Management<br />Viewing Network Access Protection Integration Improvements<br />
  37. 37. Multiple SHV Policy<br />A single server can now enforce a number of different health policies using a single system health validator (SHV)<br />Requires SHV updates for Windows Server 2008 R2<br />
  38. 38. New NAP Client User Interface<br />Messaging Integration with Action Center Tray Icon<br />Integration with Windows 7 Action Center<br />
  39. 39. Agenda<br />Reviewing Network Access Protection<br />Examining Deployment Improvements<br />Exploring Configuration and Management<br />Viewing Network Access Protection Integration Improvements<br />
  40. 40. Integration Improvements<br />Remote Desktop Gateway<br />Microsoft Confidential<br />
  41. 41. Integration Improvements<br />Remote Desktop Gateway<br />DirectAccess<br />Microsoft Confidential<br />
  42. 42. Integration Improvements<br />Remote Desktop Gateway<br />DirectAccess<br />Microsoft® Forefront™ code name Stirling<br />Microsoft Confidential<br />
  43. 43. DirectAccess Technical Details<br />IPv6 Devices<br />IPv4 Devices<br />IT desktop management<br />IPv6 Transition Services<br />Internet<br />DirectAccess<br />Server<br />IPSec encryption and authentication. 2 Tunnels are established - DirectAccess Server acts as gateway<br />Supports variety of remote network protocols<br />Windows 7 Client<br />
  44. 44. DirectAccess Technical Details<br />IPv6 Devices<br />IPv4 Devices<br />IT desktop management<br />IPv6 Transition Services<br />AD Group Policy, NAP, software updates<br />Internet<br />DirectAccess<br />Server<br />IPSec encryption and authentication. 2 Tunnels are established - DirectAccess Server acts as gateway<br />Supports variety of remote network protocols<br />Windows 7 Client<br />
  45. 45. DirectAccess Technical Details<br />Direct connectivity to IPv6-based Intranet resources<br />IPv6 Devices<br />IPv4 Devices<br />IT desktop management<br />Native IPv6 with IPSec<br />IPv6 Transition Services<br />AD Group Policy, NAP, software updates<br />Internet<br />DirectAccess<br />Server<br />IPSec encryption and authentication. 2 Tunnels are established - DirectAccess Server acts as gateway<br />Supports variety of remote network protocols<br />Windows 7 Client<br />
  46. 46. DirectAccess Technical Details<br />Direct connectivity to IPv6-based Intranet resources<br />IPv6 Devices<br />IPv4 Devices<br />Support IPv4 via 6to4 transition services or NAT-PT<br />IT desktop management<br />Native IPv6 with IPSec<br />IPv6 Transition Services<br />AD Group Policy, NAP, software updates<br />Internet<br />DirectAccess<br />Server<br />IPSec encryption and authentication. 2 Tunnels are established - DirectAccess Server acts as gateway<br />Supports variety of remote network protocols<br />Windows 7 Client<br />
  47. 47. Demonstration: Direct Access - End User Experience<br /><ul><li>DirectAccess</li></li></ul><li>Session Summary<br />Better Together<br />User Interface Improvements<br />DirectAccess and Terminal Services Gateway<br />Health Policies<br />
  48. 48. Break Time: 15 minutes<br />
  49. 49. Active Directory Domain Services in Windows Server 2008 R2 Technical Overview<br />
  50. 50. What Will We Cover?<br />Identity Management and Simplified Management Capabilities <br />Improved Management of User Accounts<br />Enhanced Windows Management Deployments<br />
  51. 51. What Will We Cover? <br />Identity Management and Simplified Management Capabilities <br />Improved Management of User Accounts<br />Enhanced Windows Management Deployments<br />
  52. 52. Agenda<br />Active Directory Overview <br />Active Directory Management <br />Managing Active Directory Deployments<br />Identity and Access Management <br />
  53. 53. Solutions That Address IT Pro Challenges<br />New Windows PowerShell cmdlets<br />Console Enhancements<br />
  54. 54. Solutions That Address IT Pro Challenges<br />New Windows PowerShell cmdlets<br />Console Enhancements<br />Task-Oriented<br />Better Management <br />
  55. 55. Solutions That Address IT Pro Challenges<br />New Windows PowerShell cmdlets<br />Console Enhancements<br />Task-Oriented<br />Better Management <br />Analyzers Expanded to All Core Windows Server 2008 R2 Roles<br />
  56. 56. Solutions That Address IT Pro Challenges<br />Windows Server 2008 R2 <br />Forest Functional Level<br />New Windows PowerShell cmdlets<br />Console Enhancements<br />Deals with Accidental Object Deletion<br />Deals with Mapping of Various Properties<br />Deals with Pre-Provisioning of Computer Accounts<br />Deals with Managed Service Accounts<br />Task-Oriented<br />Better Management <br />Analyzers Expanded to All Core Windows Server 2008 R2 Roles<br />
  57. 57. Agenda<br />Active Directory Overview <br />Active Directory Management<br />Managing Active Directory Deployments<br />Identity and Access Management <br />
  58. 58. Active Directory Administrative Center<br />Customizable GUI <br />
  59. 59. Active Directory Administrative Center<br />Customizable GUI <br />
  60. 60. Active Directory Administrative Center<br />Customizable GUI <br />
  61. 61. Demonstration Environment<br />
  62. 62. Create an Organizational Unit<br />Create a User<br />Create a New Group and Add a User<br />Demonstration: Creating Objects Using Active Directory Administrative Center<br />
  63. 63. Active Directory Recycle Bin<br />Reduces Downtime and Effort<br />AD Objects Are Preserved<br />Functional for AD DS and AD LDS<br />Use LDP.exe or Windows PowerShell Cmdlets<br />
  64. 64. Active Directory Recycle Bin—Notes<br />Reduces Downtime and Effort<br />AD Objects Are Preserved<br />Functional for AD DS and AD LDS<br />Use LDP.exe or Windows PowerShell Cmdlets<br />Setup Requirements<br />Adprep must be used for Windows Server 2003 and Windows Server 2008 forest<br />All domain controllers in your Active Directory forest are running Windows Server 2008 R2<br />Raise the functional level of your Active Directory forest to Windows Server 2008 R2<br />
  65. 65. Active Directory Recycle Bin—Notes<br />Reduces Downtime and Effort<br />AD Objects Are Preserved<br />Functional for AD DS and AD LDS<br />Use LDP.exe or Windows PowerShell Cmdlets<br />Setup Requirements<br />Adprep must be used for Windows Server 2003 and Windows Server 2008 forest<br />All domain controllers in your Active Directory forest are running Windows Server 2008 R2<br />Raise the functional level of your Active Directory forest to Windows Server 2008 R2<br />In this release, the process of enabling Active Directory Recycle Bin is irreversible. After you enable Active Directory Recycle Bin in your environment, you cannot disable it.<br />
  66. 66. Enable Active Directory Recycle Bin<br />View Objects That Are in the Deleted Objects Container<br />Restore Deleted Objects<br />Demonstration: Working with the Active Directory Recycle Bin<br />
  67. 67. Agenda<br />Active Directory Overview <br />Active Directory Management <br />Managing Active Directory Deployments<br />Identity and Access Management <br />
  68. 68. Best Practices Analyzer<br />1<br />BPA Run Time<br />
  69. 69. Best Practices Analyzer<br />AD DS BPA<br /> Windows PowerShell<br /> Script<br />1<br />BPA Run Time<br />
  70. 70. AD DS BPA scans verify:<br /><ul><li>DNS rules
  71. 71. Operation master connectivity rules
  72. 72. Operation master ownership rules
  73. 73. Number of controllers in the domain
  74. 74. Required services rules
  75. 75. Replication configurations rules
  76. 76. W32time configuration rules
  77. 77. Virtual machine configuration rules</li></ul>Best Practices Analyzer<br />AD DS BPA<br /> Windows PowerShell<br /> Script<br />1<br />BPA Run Time<br />
  78. 78. Best Practices Analyzer—Notes<br />AD DS BPA scans verify:<br /><ul><li>DNS rules
  79. 79. Operation master connectivity rules
  80. 80. Operation master ownership rules
  81. 81. Number of controllers in the domain
  82. 82. Required services rules
  83. 83. Replication configurations rules
  84. 84. W32time configuration rules
  85. 85. Virtual machine configuration rules</li></ul>Schema<br />2<br />BPA Run Time<br />AD DS BPA<br /> Windows PowerShell<br /> Script<br />Document<br />1<br />BPA Run Time<br />
  86. 86. Best Practices Analyzer—Notes<br />AD DS BPA scans verify:<br /><ul><li>DNS rules
  87. 87. Operation master connectivity rules
  88. 88. Operation master ownership rules
  89. 89. Number of controllers in the domain
  90. 90. Required services rules
  91. 91. Replication configurations rules
  92. 92. W32time configuration rules
  93. 93. Virtual machine configuration rules</li></ul>Schema<br />2<br />BPA Run Time<br />AD DS BPA<br /> Windows PowerShell<br /> Script<br />Document<br />3<br />BPA Run Time<br />AD DS BPA<br />Rules Set<br />1<br />BPA Run Time<br />
  94. 94. Best Practices Analyzer—Notes<br />AD DS BPA scans verify:<br /><ul><li>DNS rules
  95. 95. Operation master connectivity rules
  96. 96. Operation master ownership rules
  97. 97. Number of controllers in the domain
  98. 98. Required services rules
  99. 99. Replication configurations rules
  100. 100. W32time configuration rules
  101. 101. Virtual machine configuration rules</li></ul>Schema<br />2<br />BPA Run Time<br />AD DS BPA<br /> Windows PowerShell<br /> Script<br />Document<br />3<br />BPA Run Time<br />AD DS BPA<br />Report<br />AD DS BPA<br />Rules Set<br />1<br />BPA Run Time<br />AD DS BPA<br />Guidance<br />
  102. 102. Agenda<br />Active Directory Overview <br />Active Directory Management <br />Managing Active Directory Deployments<br />Identity and Access Management <br />
  103. 103. Offline Domain Join<br />Djoin.exe<br />Reduces time and effort for large-scale deployments<br />Establishes trust between operating system and Active Directory Domain<br />
  104. 104. Offline Domain Join<br />Djoin.exe<br />Reduces time and effort for large-scale deployments<br />Establishes trust between operating system and Active Directory Domain<br />Advantages<br />AD state changes are completed without network traffic to the computer<br />Computer state changes are completed without any network traffic to a domain controller<br />Each change can be completed at different times<br />
  105. 105. Offline Domain Join —Notes<br />Djoin.exe<br />Reduces time and effort for large-scale deployments<br />Establishes trust between operating system and Active Directory Domain<br />Advantages<br />AD state changes are completed without network traffic to the computer<br />Computer state changes are completed without any network traffic to a domain controller<br />Each change can be completed at different times<br />Special Considerations<br />Run on Windows® 7 or Windows Server 2008 R2<br />Must have user rights to join workstation to the domain<br />Defaults target domain controller running a version of Windows Server 2008 R2<br />
  106. 106. Perform an Offline Domain Join<br />Demonstration: Using Offline Domain Join<br />
  107. 107. Management of Service Accounts<br />Less Disruption of Service<br />Reduce Recurrent Administrative Tasks<br />Domain-Based Service Accounts Managed by AD<br />Enhanced Security<br />Local Accounts<br />SQL<br />IIS<br />
  108. 108. Management of Service Accounts<br />Less Disruption of Service<br />Reduce Recurrent Administrative Tasks<br />Domain-Based Service Accounts Managed by AD<br />Enhanced Security<br />Managed Service<br />Account<br />Local Accounts<br />SQL<br />IIS<br />
  109. 109. Management of Service Accounts<br />Less Disruption of Service<br />Reduce Recurrent Administrative Tasks<br />Domain-Based Service Accounts Managed by AD<br />Enhanced Security<br />Managed Service<br />Account<br />Virtual Accounts<br />Local Accounts<br />SQL<br />IIS<br />
  110. 110. Management of Service Accounts<br />Less Disruption of Service<br />Reduce Recurrent Administrative Tasks<br />Domain-Based Service Accounts Managed by AD<br />Enhanced Security<br />Administrative Benefits<br />Create class domain accounts<br />Accounts are now reset automatically<br />SPN management tasks are not completed<br />Can be delegated to non-administrators<br />Managed Service<br />Account<br />Virtual Accounts<br />Local Accounts<br />SQL<br />IIS<br />
  111. 111. Session Summary<br /><ul><li>Active Directory Domain Services improves management capabilities that automate Active Directory tasks
  112. 112. The new Active Directory Administrative Console and Windows PowerShell module allow for flexible discovery and output
  113. 113. Use and implement the new features of Windows Server 2008 R2 Domain Services</li>

×