TurboCharge Your Active Directory Implementation

1,694 views

Published on

Active Directory and all that you can do with it has come a long way in the last ten years. Are you really using everything that is in there to get the best bang for your buck?

Learn how to make your life easier with things like the Active Directory RecycleBin to save you from those “oops” moments we’ve all encountered.
Explore how the improved management interfaces including PowerShell support will make administration less time consuming and more automated.
Implement multiple password policies and enhanced Group Policies to keep the security group and user community in harmony.
On top of all that, architectural changes like Read Only Domain Controllers, Server Core implementations and Offline Domain Join capabilities can make you a hero, keep your organization more secure and save you time – it just gets better.

If you are ready to transition your cushy family sedan implementation of Active Directory into a tweaked out street-legal sports coupe – this demo intensive scenario session is for you. Come learn what you need to know to get your Active Directory firing on all cylinders and map out the road to Active Directory nirvana.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,694
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
62
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

TurboCharge Your Active Directory Implementation

  1. 1.
  2. 2. Turbo Charge Your Active Directory Implementation<br />Rick Claus<br />Sr. Technical Evangelist<br />Microsoft Canada<br />rick.claus@microsoft.com<br />Twitter: @RicksterCDN<br />SESSION CODE: WSV330<br />
  3. 3. Turbo Charge your Active Directory Implementation<br />Active Directory and all that you can do with it has come a long way in the last ten years. Are you really using everything that is in there to get the best bang for your buck? <br /><ul><li>Learn how to make your life easier with things like the Active Directory RecycleBin to save you from those “oops” moments we’ve all encountered.
  4. 4. Explore how the improved management interfaces including PowerShell support will make administration less time consuming and more automated.
  5. 5. Implement multiple password policies and enhanced Group Policies to keep the security group and user community in harmony.
  6. 6. On top of all that, architectural changes like Read Only Domain Controllers, Server Core implementations and Offline Domain Join capabilities can make you a hero, keep your organization more secure and save you time – it just gets better. </li></ul>If you are ready to transition your cushy family sedan implementation of Active Directory into a tweaked out street-legal sports coupe – this demo intensive scenario session is for you. Come learn what you need to know to get your Active Directory firing on all cylinders and map out the road to Active Directory nirvana. <br />
  7. 7. Agenda – Real Simple…<br />Set the stage – where’s Active Directory at with you?<br />Intro Session Scenario – Contosoinc.<br />Demos<br />More Demos…<br />Even More Demos!<br />Action Plan<br />
  8. 8. Active Directory is 10 years old…<br />Where were you 10 years ago?<br />What did your network look like?<br />User<br />U1<br />U2<br />resource<br />resource<br />resource<br />R1<br />R2<br />R3<br />R4<br />R5<br />R6<br />UR2<br />UR5<br />UR4<br />User<br />+<br />Resources<br />User<br />+<br />Resources<br />User<br />+<br />Resources<br />UR1<br />Active Directory Solved a LOT of issues<br />UR3<br />
  9. 9. Now the party is over…. <br />When was the last time AD design / functionality revisited?<br />
  10. 10. How did you get your Active Directory?<br />Designed it yourself<br />Had consulting assistance<br />Not involved with project<br />Inherited it after it was done<br />Just moved into role – no idea on design choices<br />
  11. 11. 58% are missing out<br />on solutions that can<br />make their lives easier!<br />
  12. 12. Scenario for this session – Contoso Bank<br />You are Admin @ Contoso<br />Your environment is the following:<br />Running Active Directory @ 2003 levels<br />Multiple regional offices<br />Basic functionality of AD<br />Multiple DCs<br />Multi-Master DNS<br />Site design correctly implemented<br />
  13. 13. “Challenges” at Contoso<br />Multiple skill levels of admins<br />Security at remote offices<br />Deployment of new workstations<br />CIO / CEO / users / admins with one password policy<br />
  14. 14. Let’s get to it!<br />Tweak & Tune your AD with the following:<br />Upgrade / Migrate to 2008 R2<br />Lookin’ at Server Core and RODC options<br />Active Directory RecycleBin<br />Support Multiple PW Policies<br />Better Service Account Management<br />Improved Management Tools<br />Offline Domain Join for deployments<br />
  15. 15. Upgrade or Migration?<br />X86 = NO DIRECT “in place”UPGRADE PATH<br />:-(<br />
  16. 16. Active Directory® and DNS Migration <br />Migration<br />Post-Migration (Optional)<br />Pre-Migration<br />Migration planning<br /><ul><li>Number of network interface cards (NICs)</li></ul>Make destination server a domain controller<br />Transfer FSMO roles<br />Migrate IP address and rename servers<br />Perform verification steps<br />Retire source server<br />Roll back migration<br />Troubleshoot migration<br />Manually migrate DNS server settings<br />Prepare source server<br /><ul><li>Back up
  17. 17. Collect migration data</li></ul>Prepare destination server<br /><ul><li>Install Windows Server 2008 R2
  18. 18. Assign temporary server name
  19. 19. Assign temporary IP address
  20. 20. Join domain</li></li></ul><li>Windows Server Migration Tools<br />Source Server<br />Destination Server<br />Temp Storage<br />Export Settings<br />Import Settings<br />Import-SmigServerSetting<br />Receive-SmigServerData<br />Export-SmigServerSetting<br />Send-SmigServerData<br />Transfer Data and Shares<br />
  21. 21. Upgrade / Migration<br />You just have to do it. You won’t regret it.<br />Demo<br />
  22. 22. Seize the Opportunity<br />Doing same thing can lead to same results<br />Core Installs of Server 2008 R2 vs full installs<br />Physical or Virtual?<br />Read Only Domain Controllers?<br />Minimize impact on rollout process<br />
  23. 23. Server Core Domain Controllers<br />Reduced Software <br />Maintenance<br />Minimal Server Installation<br />~1GB<br />Easier to Secure, Manage, and Maintain<br />Supports Key Infrastructure Roles<br />Supports Unattended Installation<br />Reduced Management<br />Reduced Attack Surface<br />Less Disk Space Required<br />
  24. 24. Refine / Redesign<br />Deploying Core DCs with Remote Management<br />Demo<br />
  25. 25. Implement AD “oops” Recycle Bin<br />Ever had someone with too many rights?<br />“Lost” anything in AD and needed it back?<br />
  26. 26. Active Directory Recycle Bin<br />Reduces Downtime and Effort<br />AD Objects Are Preserved<br />Functional for AD DS and AD LDS<br />Use LDP.exe or Windows PowerShell Cmdlets<br />Setup Requirements<br />Adprep must be used for Windows Server 2003 and Windows Server 2008 forest<br />All domain controllers in your Active Directory forest are running Windows Server 2008 R2<br />Raise the functional level of your Active Directory forest to Windows Server 2008 R2<br />The process of enabling Active Directory Recycle Bin is irreversible. After you enable Active Directory Recycle Bin in your environment, you cannot disable it.<br />
  27. 27. Implement “oops” RecycleBin<br />Keep from #clausing yourself<br />Demo<br />
  28. 28. Updating Password Policy<br />Why?<br />Complexity = circumvention<br />Find right level of usability<br />Requirements for Multiple policies?<br />Old way = domains<br />New way = Password Settings Object<br />Password<br />IL0veMyK1ds!<br />
  29. 29. Secure PW Policy<br />Creating Password Setting Objects<br />Demo<br />
  30. 30. How About Service Accounts?<br />Less Disruption of Service<br />Reduce Recurrent Administrative Tasks<br />Domain-Based Service Accounts Managed by AD<br />Enhanced Security<br />Managed Service<br />Account<br />Administrative Benefits<br />Virtual Accounts<br />Create class domain accounts<br />Accounts are now reset automatically<br />SPN management tasks are not completed<br />Can be delegated to non-administrators<br />Local Accounts<br />SQL<br />IIS<br />
  31. 31. Securing Service Accounts<br />Simplifying password management for Service Accounts<br />Demo<br />
  32. 32. Managing AD – your options… <br />Updated Server Manager: Provides a unified experience for adding, configuring, and managing servers<br />New in Windows Server 2008 R2!<br />Over 15 new role services and features added<br />New configurations added for Scan Server, AD CS, and Remote Desktop Services<br />Remoting and Windows PowerShell<br />Integration with BPA<br />
  33. 33. Managing AD – your options…<br />Active Directory Administrative Center<br />Customizable GUI <br />
  34. 34. New ways to Manage AD<br />A plethora of tools - what fits for you?<br />Demo<br />
  35. 35. Windows PowerShell™ 2.0 – Manage for Scale<br />Active Directory Module in Windows Server 2008 R2<br />A Windows PowerShell module<br />Manage AD domains and Lightweight Directory Services (LDS) configuration sets<br />AD Database Mounting Tool instance<br />New Functionality<br />Special Considerations<br />Active Directory module provider <br />Active Directory module cmdlets<br />Windows PowerShell Integrated Scripting Environment (ISE)<br />Out-GridView cmdlet<br />Performance counters<br />Only installs on Windows Server 2008 R2<br />At least one Windows Server 2008 R2 domain controller or LDS configuration set<br />Windows 7 and Report Server Administration Tools (RSAT)<br />
  36. 36. Manage for scale<br />Obligatory PowerShell CLI Goodness <br />Demo<br />
  37. 37. Djoin.exe<br />Reduces time and effort for large-scale deployments<br />Establishes trust between operating system and Active Directory Domain<br />Advantages<br />AD state changes are completed without network traffic to the computer<br />Computer state changes are completed without any network traffic to a domain controller<br />Each change can be completed at different times<br />Special Considerations<br />Run on Windows® 7 or Windows Server 2008 R2<br />Must have user rights to join workstation to the domain<br />Defaults target domain controller running a version of Windows Server 2008 R2<br />Offline Domain Joins<br />
  38. 38. Offline Domain Joins<br />Simplify your desktop deployment automation!<br />Demo<br />
  39. 39. Action Plan<br />Start your Migration planning!<br />Do Your Research<br />Align functionality with Business Needs<br />Get started now. No really. Get started!<br />I <3 AD<br />
  40. 40. Related Content<br />WSV201 - 10 Hot Topics Every IT Admin Needs to Know about Windows Server 2008 R2<br />WSV301 - Administrators’ Idol: Windows and Active Directory Best Practices<br />WSV332 – Windows Server 2008 R2 Deployment with Microsoft Deployment Toolkit (MDT)<br />WSV334 – Windows Server 2008 R2: Tips on Automating and Managing the Breadth of Your IT Environment <br />WSV08-HOL - What’s New in Active Directory (V3.0)<br />WSV10-HOL - Deploying Windows Server 2008 R2 with Microsoft Deployment Toolkit (MDT) 2010 <br />WSV07-INT - New Remote Management Technologies in Windows Server 2008 R2<br />WSV09-INT - Server Deployment and Maintenance in Windows Server 2008 R2<br />TLC-54 - Windows PowerShell and Server Management<br />TLC-61 - Windows Server Solutions<br />
  41. 41. Resources<br />Required Slide<br />Learning<br />Sessions On-Demand & Community<br />Microsoft Certification & Training Resources<br />www.microsoft.com/teched<br />www.microsoft.com/learning<br />Resources for IT Professionals<br />Resources for Developers<br />http://microsoft.com/technet<br />http://microsoft.com/msdn<br />
  42. 42. Required Slide<br />Complete an evaluation on CommNet and enter to win!<br />
  43. 43. Sign up for Tech·Ed 2011 and save $500 starting June 8 – June 31st<br />http://northamerica.msteched.com/registration<br /> <br />You can also register at the North America 2011 kiosk located at registrationJoin us in Atlanta next year<br />
  44. 44. © 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.<br />The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.<br />
  45. 45. Apendix: Resources and Links<br />edge.technet.com<br />Active Directory Domain Services and DNS Server Migration Guide<br />http://technet.microsoft.com/en-us/library/dd379558(WS.10).aspx<br />Migrate Server roles to Windows 2008 R2<br />http://technet.microsoft.com/en-us/library/dd365353(WS.10).aspx<br />What’s New in AD in Windows Server 2008 R2<br />http://technet.microsoft.com/en-us/library/dd378796(WS.10).aspx<br />What’s New in Windows Server Manager in Windows 2008 R2<br />http://technet.microsoft.com/en-us/library/dd378896(WS.10).aspx<br />What’s New in Server 2008 R2 AD DCs<br />http://technet.microsoft.com/en-us/magazine/ff679947.aspx<br />Active Directory Recycle Bin – Step by Step<br />http://technet.microsoft.com/en-us/library/dd392261(WS.10).aspx<br />AD Fine Grained Password and Lockout Policy Step by Step<br />http://technet.microsoft.com/en-us/library/cc770842(WS.10).aspx<br />Ask the Directory Services Team Blog (Ned Pyle – you’re my hero)<br />http://blogs.technet.com/b/askds<br />Active Directory Recycle Bin (Joey Snow on Edge)<br />http://edge.technet.com/Media/Active-Directory-Recycle-Bin/<br />blogs.technet.com/canitpro<br />www.energizedtech.com<br />poshoholic.com<br />

×