This document provides an overview of a Microsoft course on implementing distributed Active Directory Domain Services deployments. It covers:
- Deploying multiple domains and forests to meet organizational needs like security isolation, incompatible schemas, or multinational requirements.
- Configuring trusts between domains and forests, including transitive parent-child trusts within a forest and selective two-way trusts between forests.
- Upgrading existing AD DS environments to Windows Server 2012 R2 through in-place upgrades or introducing new domain controllers.
- Migrating user and group accounts between forests while maintaining access through SID history during inter-forest migrations.
The document includes demonstrations and exercises on implementing child domains, configuring forest
Windows Server 2012 R2 Jump Start - IntroPaulo Freitas
The document outlines an agenda for introducing new features of Windows Server 2012 R2 over two days. Day 1 will cover server virtualization, cloud optimized networking, and storage enhancements. Day 2 focuses on server management and automation improvements, virtual desktop infrastructure (VDI), access and information protection, and enhancements to the web application and platform. The document also discusses challenges IT organizations face around efficient datacenter operations and opportunities around offering differentiated cloud services and enabling mobile access. It summarizes new capabilities in various Windows Server 2012 R2 areas like virtualization, networking, storage, management, development, access and information protection, and VDI.
The document announces a two-day event to introduce new features of Windows Server 2012 R2 and System Center 2012 R2. It provides an agenda that will cover topics like server virtualization, networking, storage, server management/automation, access/information protection, and virtual desktop infrastructure. The document encourages attendees to download hands-on labs and previews of the new products and register for a related online training course in July.
1. Windows Server overview
2. Key business solutions
3. Get the most out of your IT investment
4. Be prepared for the unexpected
5. Get scalable storage without spending a fortune
6. Enable remote access while protecting business data
7. Why pay more?
8. A great time to modernize your server
9. Get started
Selecting a SQL Server Cloud Platform - IaaS, Amazon RDS or Azure SQL DB?Christopher Foot
RDX takes a deep-dive look into the three cloud platforms we have available for SQL Server – SQL Server on IaaS, Amazon RDS for SQL Server and Azure SQL DB. We evaluate features, costs, migration utilities, toolsets, ongoing support requirements and the pros and cons of each architecture. Learn from experts who support dozens of systems on all 3 platforms!
Active Directory is Microsoft's directory service that is the successor to LAN Manager domains. It aims to provide open standards, high scalability, simplified administration and compatibility with existing Windows NT systems and applications. Active Directory uses a hierarchical structure with domains, trees and forests. It contains objects like users, groups, computers and distribution lists. Changes are replicated between domain controllers to provide multi-master replication. Active Directory relies on DNS and requires at least two domain controllers. It is an important part of Microsoft's strategy with many applications now integrating with it.
This document summarizes a presentation about deploying Big Data as a Service (BDaaS) in the enterprise. It discusses how BDaaS can address conflicting needs of data scientists wanting flexibility and IT wanting control. It defines different types of BDaaS and requirements for enterprise deployment such as multi-tenancy, security, and application support. The presentation covers design decisions for BDaaS including running Hadoop/Spark unmodified using containers for isolation. It provides details on the implementation including network architecture, storage, and image management. It also discusses performance testing results and demos the BDaaS platform.
This document discusses hosting SharePoint on Microsoft Azure infrastructure services (IaaS). It covers Azure virtual machines, virtual networks, load balancing, availability sets and storage for hosting SharePoint farms in Azure. It also discusses hybrid SharePoint scenarios using site-to-site VPN or ExpressRoute for connectivity to on-premises networks. Best practices are provided for SQL Server configuration and storage optimization when hosting SharePoint in Azure.
This document discusses hosting SharePoint on Azure. It provides an example reference architecture of a hybrid on-premises and Azure environment for a SharePoint farm. It shows the farm designed across multiple cloud services, with web and application servers in one availability set, database servers in another, and Active Directory in a third. It provides sizing and configuration recommendations for roles and virtual machines in each tier.
Windows Server 2012 R2 Jump Start - IntroPaulo Freitas
The document outlines an agenda for introducing new features of Windows Server 2012 R2 over two days. Day 1 will cover server virtualization, cloud optimized networking, and storage enhancements. Day 2 focuses on server management and automation improvements, virtual desktop infrastructure (VDI), access and information protection, and enhancements to the web application and platform. The document also discusses challenges IT organizations face around efficient datacenter operations and opportunities around offering differentiated cloud services and enabling mobile access. It summarizes new capabilities in various Windows Server 2012 R2 areas like virtualization, networking, storage, management, development, access and information protection, and VDI.
The document announces a two-day event to introduce new features of Windows Server 2012 R2 and System Center 2012 R2. It provides an agenda that will cover topics like server virtualization, networking, storage, server management/automation, access/information protection, and virtual desktop infrastructure. The document encourages attendees to download hands-on labs and previews of the new products and register for a related online training course in July.
1. Windows Server overview
2. Key business solutions
3. Get the most out of your IT investment
4. Be prepared for the unexpected
5. Get scalable storage without spending a fortune
6. Enable remote access while protecting business data
7. Why pay more?
8. A great time to modernize your server
9. Get started
Selecting a SQL Server Cloud Platform - IaaS, Amazon RDS or Azure SQL DB?Christopher Foot
RDX takes a deep-dive look into the three cloud platforms we have available for SQL Server – SQL Server on IaaS, Amazon RDS for SQL Server and Azure SQL DB. We evaluate features, costs, migration utilities, toolsets, ongoing support requirements and the pros and cons of each architecture. Learn from experts who support dozens of systems on all 3 platforms!
Active Directory is Microsoft's directory service that is the successor to LAN Manager domains. It aims to provide open standards, high scalability, simplified administration and compatibility with existing Windows NT systems and applications. Active Directory uses a hierarchical structure with domains, trees and forests. It contains objects like users, groups, computers and distribution lists. Changes are replicated between domain controllers to provide multi-master replication. Active Directory relies on DNS and requires at least two domain controllers. It is an important part of Microsoft's strategy with many applications now integrating with it.
This document summarizes a presentation about deploying Big Data as a Service (BDaaS) in the enterprise. It discusses how BDaaS can address conflicting needs of data scientists wanting flexibility and IT wanting control. It defines different types of BDaaS and requirements for enterprise deployment such as multi-tenancy, security, and application support. The presentation covers design decisions for BDaaS including running Hadoop/Spark unmodified using containers for isolation. It provides details on the implementation including network architecture, storage, and image management. It also discusses performance testing results and demos the BDaaS platform.
This document discusses hosting SharePoint on Microsoft Azure infrastructure services (IaaS). It covers Azure virtual machines, virtual networks, load balancing, availability sets and storage for hosting SharePoint farms in Azure. It also discusses hybrid SharePoint scenarios using site-to-site VPN or ExpressRoute for connectivity to on-premises networks. Best practices are provided for SQL Server configuration and storage optimization when hosting SharePoint in Azure.
This document discusses hosting SharePoint on Azure. It provides an example reference architecture of a hybrid on-premises and Azure environment for a SharePoint farm. It shows the farm designed across multiple cloud services, with web and application servers in one availability set, database servers in another, and Active Directory in a third. It provides sizing and configuration recommendations for roles and virtual machines in each tier.
The document discusses IBM Spectrum Scale's unified file and object access feature. It allows data to be accessed as both files and objects within the same namespace without data copies. This enables use cases like running analytics directly on object data using Hadoop/Spark without data movement. It also allows publishing analytics results back as objects. The feature supports common user authentication for both file and object access and flexible identity management modes. A demo is shown of uploading a file as object, running analytics on it, and downloading the results as object.
The document discusses Active Directory Domain Services (AD DS) and identity management. It introduces Active Directory components like domains, forests, domain controllers, organizational units and sites. It describes how Active Directory stores identity information and enables authentication, authorization and access control. It also discusses Active Directory replication and functional levels.
The document presents the Dell EqualLogic PS Series storage solution. It discusses the PS Series arrays which provide reliable hardware, easy setup and management software, and on-demand scalability. The PS Series offers comprehensive data management features at no additional cost. It also details how the PS Series provides a virtualized SAN that can scale out performance and capacity through adding additional arrays.
This document discusses virtualizing big data in the cloud using Delphix data virtualization software. It begins with an introduction of the presenter and their background. It then discusses trends in cloud adoption, including how most enterprises now use a hybrid cloud strategy. It also discusses how big data projects are increasingly being deployed in the cloud. The document demonstrates how Delphix can be used to virtualize flat files containing big data, eliminating duplication and enabling features like snapshots and cloning. It shows how files can be provisioned from a source to targets, including the cloud, and refreshed or rewound when needed. In summary, the document illustrates how Delphix virtualizes big data files to simplify deployment and management in cloud environments.
Cloud's Hidden Impact on IT Support OrganizationsChristopher Foot
The rapid growth of cloud offerings are providing organizations with cost effective alternatives to on-premises systems. When calculating TCO and return on their cloud investment, savvy decision makers must also factor in costs that include staff training, new organizational roles and responsibilities, policy and procedure changes, modifications to application design, build and change management processes as well as the impact cloud applications will have on existing support toolsets.
The last slide includes a link to the YouTube Webinar of this presentation.
Kellyn Pot'Vin-Gorman presented on copy data management and virtualization for DBAs. She discussed how virtualization can be used to provision databases more quickly and easily for tasks like patching and testing without needing to copy large amounts of physical data. She also covered how command line interfaces can be used to automate some of these processes.
Dell EqualLogic virtualized iSCSI SANs optimize virtualization and cloud deployments by providing a scale-out storage architecture that simplifies storage networking. It enhances consolidation ROI by reducing costs and simplifying virtual server deployments. The EqualLogic architecture allows scalable, flexible networked storage that load balances across SAN resources without disruptions.
VMworld 2013: Dell Solutions for VMware Virtual SAN VMworld
VMworld 2013
Sheetal Kochavara, VMware
Bryan Martin, Dell Inc.
Learn more about VMworld and register at http://www.vmworld.com/index.jspa?src=socmed-vmworld-slideshare
Domain Services for Windows: Best Practices for Windows InteroperabilityNovell
Attend this session to learn how Domain Services for Windows can help you enhance Windows interoperability. Find out how to design trees and forests for Domain Services for Windows, how to integrate it into existing Novell eDirectory trees, how to leverage deployment methods that support application access and much more. We'll also discuss how you can deploy Domain Services for Windows with Citrix, VMware and NetApp.
An RDX Insights Series Presentation that analyzes the most significant areas of database vendor competition. Competitive evaluations include public vs private cloud, the three leading public cloud offerings, NoSQL vs relational, open source vs commercial and the traditional DBMS vendors vs all competitors.
Active Directory (AD) is a centralized directory service that provides a single point of access for network resources. It utilizes standards like LDAP and DNS to organize users, groups, computers, policies and other objects in a hierarchical structure. Key components of AD include domains, trees, forests, organizational units, and sites. Domains define the boundaries for authentication, administration and replication. Trees and forests connect related domains. Organizational units help organize objects. Sites represent physical network locations and define replication scopes.
Lock, Stock and Backup: Data GuaranteedJervin Real
Percona Live 2017 - the decisions you need to make, the tools we recommend, the process you need to consider for a successful backup implementation for your MySQL services.
This document provides an overview and agenda for Domain Services for Windows (DSfW). DSfW allows users from an eDirectory tree to access resources on an Active Directory forest using a cross-forest trust. The document discusses what DSfW is, prerequisites for implementation, deployment scenarios including a new domain configuration and adding DSfW to an existing eDirectory tree, and a demonstration of deployment. It also covers DSfW in later versions of Open Enterprise Server and support for third-party applications like Citrix.
This document provides an overview and agenda for a training on Active Directory fundamentals. It will cover logical and physical concepts of Active Directory including domains, trees, forests, sites, replication and operations masters. It will also cover DNS, organizational units and using Active Directory to manage users, computers, groups and other network resources. The training will include demonstrations of working with domains, trusts, organizational units, sites, global catalogs, replication and DNS.
(1) Amazon Redshift is a fully managed data warehousing service in the cloud that makes it simple and cost-effective to analyze large amounts of data across petabytes of structured and semi-structured data. (2) It provides fast query performance by using massively parallel processing and columnar storage techniques. (3) Customers like NTT Docomo, Nasdaq, and Amazon have been able to analyze petabytes of data faster and at a lower cost using Amazon Redshift compared to their previous on-premises solutions.
IBM Spectrum scale object deep dive trainingSmita Raut
This document provides an overview and agenda for a presentation on object storage capabilities in IBM Spectrum Scale. The summary includes:
1. The agenda covers object protocol, administration including installation methods, object authentication, storage policies, unified file and object, multiregion, S3, creating containers/buckets and objects, and problem determination.
2. Administration of object protocol can be done through the Spectrum Scale installation toolkit or CLI commands. This includes enabling features like S3 and multiregion.
3. Authentication for object access can be configured with options like Active Directory, LDAP, local authentication, or an external Keystone service.
Organizations looking to the cloud now have more vendor offerings and architecture choices available to them than ever before. In order to correctly select and implement the most appropriate cloud based DBMS architecture for their shops, technology pros must create and execute a well-thought out, detailed analysis of the competing offerings.
In addition, they must consider the impact cloud based DBMS systems, like any new architecture, will have on their support environment. Changes to policies and procedures, security controls, staff roles and responsibilities, change management processes and support documentation must be evaluated.
Group of independent servers interconnected through a dedicated network to work as one centralized data processing resource.
Clusters are capable of performing multiple complex instructions by distributing workload across all connected servers.
Clustering improves the system's availability to users, its aggregate performance, and overall tolerance to faults and component failures.
The document summarizes Novell's roadmap for Open Enterprise Server 2 (OES2), including upcoming support pack 3 (SP3). SP3 will include enhancements to Domain Services for Windows, CIFS, QuickFinder, and iFolder. It also discusses the "Remote Office Appliance" which will help centrally manage remote sites. Long term, Novell is focusing on simplification, interoperability, and the "Ponderosa" vision of decoupling workloads and deploying appliances for the cloud or on-premise.
This document provides an overview of Module 4 which covers implementing distributed Active Directory Domain Services deployments. It includes 3 lessons: an overview of distributed AD DS deployments; deploying a distributed AD DS environment; and configuring AD DS trusts. The lessons discuss topics such as AD DS components, domain and forest boundaries, reasons for multiple domains/forests, integrating on-premises AD DS with cloud services, upgrading and migrating AD DS, and configuring different types of trusts within and between forests.
This document provides an overview of Active Directory Domain Services (AD DS) and instructions for installing domain controllers. It covers the following key points:
- AD DS has both logical components like domains, forests and organizational units, as well as physical components like domain controllers and global catalog servers.
- A domain controller authenticates users, authorizes access, and holds a copy of the domain database. At least two domain controllers are recommended for availability.
- Domain controllers use Kerberos authentication and the global catalog stores partial attributes for objects across forests to enable cross-forest queries.
- Installing a domain controller can be done from Server Manager, on Server Core, by upgrading an existing controller, or using install
The document discusses IBM Spectrum Scale's unified file and object access feature. It allows data to be accessed as both files and objects within the same namespace without data copies. This enables use cases like running analytics directly on object data using Hadoop/Spark without data movement. It also allows publishing analytics results back as objects. The feature supports common user authentication for both file and object access and flexible identity management modes. A demo is shown of uploading a file as object, running analytics on it, and downloading the results as object.
The document discusses Active Directory Domain Services (AD DS) and identity management. It introduces Active Directory components like domains, forests, domain controllers, organizational units and sites. It describes how Active Directory stores identity information and enables authentication, authorization and access control. It also discusses Active Directory replication and functional levels.
The document presents the Dell EqualLogic PS Series storage solution. It discusses the PS Series arrays which provide reliable hardware, easy setup and management software, and on-demand scalability. The PS Series offers comprehensive data management features at no additional cost. It also details how the PS Series provides a virtualized SAN that can scale out performance and capacity through adding additional arrays.
This document discusses virtualizing big data in the cloud using Delphix data virtualization software. It begins with an introduction of the presenter and their background. It then discusses trends in cloud adoption, including how most enterprises now use a hybrid cloud strategy. It also discusses how big data projects are increasingly being deployed in the cloud. The document demonstrates how Delphix can be used to virtualize flat files containing big data, eliminating duplication and enabling features like snapshots and cloning. It shows how files can be provisioned from a source to targets, including the cloud, and refreshed or rewound when needed. In summary, the document illustrates how Delphix virtualizes big data files to simplify deployment and management in cloud environments.
Cloud's Hidden Impact on IT Support OrganizationsChristopher Foot
The rapid growth of cloud offerings are providing organizations with cost effective alternatives to on-premises systems. When calculating TCO and return on their cloud investment, savvy decision makers must also factor in costs that include staff training, new organizational roles and responsibilities, policy and procedure changes, modifications to application design, build and change management processes as well as the impact cloud applications will have on existing support toolsets.
The last slide includes a link to the YouTube Webinar of this presentation.
Kellyn Pot'Vin-Gorman presented on copy data management and virtualization for DBAs. She discussed how virtualization can be used to provision databases more quickly and easily for tasks like patching and testing without needing to copy large amounts of physical data. She also covered how command line interfaces can be used to automate some of these processes.
Dell EqualLogic virtualized iSCSI SANs optimize virtualization and cloud deployments by providing a scale-out storage architecture that simplifies storage networking. It enhances consolidation ROI by reducing costs and simplifying virtual server deployments. The EqualLogic architecture allows scalable, flexible networked storage that load balances across SAN resources without disruptions.
VMworld 2013: Dell Solutions for VMware Virtual SAN VMworld
VMworld 2013
Sheetal Kochavara, VMware
Bryan Martin, Dell Inc.
Learn more about VMworld and register at http://www.vmworld.com/index.jspa?src=socmed-vmworld-slideshare
Domain Services for Windows: Best Practices for Windows InteroperabilityNovell
Attend this session to learn how Domain Services for Windows can help you enhance Windows interoperability. Find out how to design trees and forests for Domain Services for Windows, how to integrate it into existing Novell eDirectory trees, how to leverage deployment methods that support application access and much more. We'll also discuss how you can deploy Domain Services for Windows with Citrix, VMware and NetApp.
An RDX Insights Series Presentation that analyzes the most significant areas of database vendor competition. Competitive evaluations include public vs private cloud, the three leading public cloud offerings, NoSQL vs relational, open source vs commercial and the traditional DBMS vendors vs all competitors.
Active Directory (AD) is a centralized directory service that provides a single point of access for network resources. It utilizes standards like LDAP and DNS to organize users, groups, computers, policies and other objects in a hierarchical structure. Key components of AD include domains, trees, forests, organizational units, and sites. Domains define the boundaries for authentication, administration and replication. Trees and forests connect related domains. Organizational units help organize objects. Sites represent physical network locations and define replication scopes.
Lock, Stock and Backup: Data GuaranteedJervin Real
Percona Live 2017 - the decisions you need to make, the tools we recommend, the process you need to consider for a successful backup implementation for your MySQL services.
This document provides an overview and agenda for Domain Services for Windows (DSfW). DSfW allows users from an eDirectory tree to access resources on an Active Directory forest using a cross-forest trust. The document discusses what DSfW is, prerequisites for implementation, deployment scenarios including a new domain configuration and adding DSfW to an existing eDirectory tree, and a demonstration of deployment. It also covers DSfW in later versions of Open Enterprise Server and support for third-party applications like Citrix.
This document provides an overview and agenda for a training on Active Directory fundamentals. It will cover logical and physical concepts of Active Directory including domains, trees, forests, sites, replication and operations masters. It will also cover DNS, organizational units and using Active Directory to manage users, computers, groups and other network resources. The training will include demonstrations of working with domains, trusts, organizational units, sites, global catalogs, replication and DNS.
(1) Amazon Redshift is a fully managed data warehousing service in the cloud that makes it simple and cost-effective to analyze large amounts of data across petabytes of structured and semi-structured data. (2) It provides fast query performance by using massively parallel processing and columnar storage techniques. (3) Customers like NTT Docomo, Nasdaq, and Amazon have been able to analyze petabytes of data faster and at a lower cost using Amazon Redshift compared to their previous on-premises solutions.
IBM Spectrum scale object deep dive trainingSmita Raut
This document provides an overview and agenda for a presentation on object storage capabilities in IBM Spectrum Scale. The summary includes:
1. The agenda covers object protocol, administration including installation methods, object authentication, storage policies, unified file and object, multiregion, S3, creating containers/buckets and objects, and problem determination.
2. Administration of object protocol can be done through the Spectrum Scale installation toolkit or CLI commands. This includes enabling features like S3 and multiregion.
3. Authentication for object access can be configured with options like Active Directory, LDAP, local authentication, or an external Keystone service.
Organizations looking to the cloud now have more vendor offerings and architecture choices available to them than ever before. In order to correctly select and implement the most appropriate cloud based DBMS architecture for their shops, technology pros must create and execute a well-thought out, detailed analysis of the competing offerings.
In addition, they must consider the impact cloud based DBMS systems, like any new architecture, will have on their support environment. Changes to policies and procedures, security controls, staff roles and responsibilities, change management processes and support documentation must be evaluated.
Group of independent servers interconnected through a dedicated network to work as one centralized data processing resource.
Clusters are capable of performing multiple complex instructions by distributing workload across all connected servers.
Clustering improves the system's availability to users, its aggregate performance, and overall tolerance to faults and component failures.
The document summarizes Novell's roadmap for Open Enterprise Server 2 (OES2), including upcoming support pack 3 (SP3). SP3 will include enhancements to Domain Services for Windows, CIFS, QuickFinder, and iFolder. It also discusses the "Remote Office Appliance" which will help centrally manage remote sites. Long term, Novell is focusing on simplification, interoperability, and the "Ponderosa" vision of decoupling workloads and deploying appliances for the cloud or on-premise.
This document provides an overview of Module 4 which covers implementing distributed Active Directory Domain Services deployments. It includes 3 lessons: an overview of distributed AD DS deployments; deploying a distributed AD DS environment; and configuring AD DS trusts. The lessons discuss topics such as AD DS components, domain and forest boundaries, reasons for multiple domains/forests, integrating on-premises AD DS with cloud services, upgrading and migrating AD DS, and configuring different types of trusts within and between forests.
This document provides an overview of Active Directory Domain Services (AD DS) and instructions for installing domain controllers. It covers the following key points:
- AD DS has both logical components like domains, forests and organizational units, as well as physical components like domain controllers and global catalog servers.
- A domain controller authenticates users, authorizes access, and holds a copy of the domain database. At least two domain controllers are recommended for availability.
- Domain controllers use Kerberos authentication and the global catalog stores partial attributes for objects across forests to enable cross-forest queries.
- Installing a domain controller can be done from Server Manager, on Server Core, by upgrading an existing controller, or using install
Many Windows shops want to move to the cloud, but are overwhelmed by the numerous options. In this talk we will take a look at how to move your Active Directory environment into AWS and provide some tips and tricks on how to make the most of the options available.
Many Windows shops want to move to the cloud, but are overwhelmed by the numerous options. In this talk we will take a look at how to move your Active Directory environment into AWS and provide some tips and tricks on how to make the most of the options available.
Active Directory Domain Services (AD DS) is an identity and access management solution that stores information about users and groups, authenticates identities using Kerberos authentication, and controls access. It consists of an Active Directory data store, domain controllers that perform authentication and other services, domains, forests, trees, and functional levels. Installing AD DS requires permissions, network configuration, server requirements, and following the installation process which can be done in advanced mode or from installation media. Domain controller roles include global catalog servers and operations masters, and time synchronization is provided by the PDC emulator and Windows Time service.
This document provides an overview of Active Directory Domain Services (AD DS). It discusses both the physical and logical components of AD DS, including domain controllers, global catalog servers, the data store, replication, sites, domains, trees, forests, organizational units, trusts, and common AD DS objects. The key takeaway is that AD DS provides centralized management of users, computers, and other resources on a network through authentication, authorization, and directory services.
Active Directory Domain Services (AD DS) provides identity and access management functionality for enterprise networks. It stores information about users, computers, and services; authenticates users and computers; and provides access to enterprise resources. Setting up a new Active Directory domain requires planning the domain name and DNS configuration, preparing server IP settings and DNS server addresses, and choosing locations for the AD data store and SYSVOL files. The domain controller installation process configures these components to establish the new Active Directory domain.
ADDS (Active directory Domain Service) in side serverBilalMehmood44
This document provides an overview of Active Directory Domain Services (AD DS). It discusses the logical and physical components of AD DS, including domain controllers, global catalog servers, the AD DS data store, replication, sites, domains, trees, and organizational units. It describes how AD DS uses LDAP as a protocol and provides centralized management, single sign-on access, and integrated security for a network.
This document provides an overview of Active Directory Domain Services (AD DS). It describes the physical components of AD DS including domain controllers, the global catalog, and replication. It also describes the logical components including domains, forests, organizational units, and trusts. AD DS provides centralized management of users, computers, and policies on a network. It uses domains and forests to group resources and uses replication to keep information synchronized across domain controllers.
AWS re:Invent 2016: Best Practices for Integrating Active Directory with AWS ...Amazon Web Services
Active Directory (AD) is essential for Windows workloads in the cloud. AWS offers customers multiple ways to integrate AD with cloud workloads like EC2, RDS, and AWS Enterprise Applications: AWS Directory Service for Microsoft Active Directory (Enterprise Edition) as a managed service and Active Directory running on AWS EC2 Windows instances. Which option is right for you? This session will discuss the key deployment considerations for each option to help you identify which best meets your project goals, and the effort involved. The session will cover options for integrating with your on-premises directory, port and security considerations, application considerations, and best practices.
WIN302-Deep Dive on Active Directory From One to Many AWS RegionsAmazon Web Services
Enterprise organizations often require a global Active Directory footprint to support their Windows based workloads. This session will describe best practices for deploying Active Directory on AWS. Starting with a single VPC we will expand to many VPC’s in many Regions, thus demonstrating AWS capabilities to support a global Active Directory environment.
WIN302-Deep Dive on Active Directory From One to Many AWS Regions.pdfAmazon Web Services
The document discusses deploying Active Directory Domain Services (AD DS) across multiple AWS regions. It covers considerations for designing a multi-region AD DS architecture on AWS such as high availability, security, networking, IP addressing, and global catalog configuration. The presentation includes examples of single region/single VPC, single region/multiple VPCs, and multiple regions/single VPC deployment options for AD DS on AWS. It concludes with a demonstration of a multi-region AD DS architecture spanning two regions connected by an inter-region VPN.
SEC306 Using Microsoft Active Directory Across On-Premises and AWS Cloud Wind...Amazon Web Services
Do you have questions on how to best use Microsoft Active Directory with your AWS Windows workloads? Do you need a deep-dive on securely setting up trusts between your on-premises Active Directory and your AWS Directory Services for Microsoft Active Directory? This session will help you understand the differences between AWS Directory Service for Microsoft AD, building your own Microsoft Active Directory on Amazon EC2, or joining your cloud resources to your on-premises Active Directory over a direct network connection. After this session you will be an expert on how to setup single sign-on for your cloud applications and resources, using Group Policy for your EC2 systems, and how to securely configure trusts across your on-premises and AWS Cloud Active Directories.
Best Practices for Active Directory with AWS Workloads | AWS Public Sector Su...Amazon Web Services
This document provides an overview and comparison of options for using Active Directory with AWS workloads. It discusses deploying Active Directory on EC2 instances managed by the customer, using AWS Managed Microsoft Active Directory (AMAD), or connecting to an on-premises Active Directory. AMAD provides a fully managed solution and easier integration with AWS services, while an on-premises solution requires opening ports and managing availability but provides full control. The document provides guidance on choosing an appropriate solution based on factors like management needs, application requirements, and network connectivity.
A domain controller is a server that authenticates users and enforces security policies on a network domain. It stores user account information and allows access to domain resources. The primary responsibilities of a domain controller are to authenticate users when they log in and check their credentials to grant or deny network access. Domain controllers are typically deployed in clusters to ensure high availability. In Microsoft Windows environments, one domain controller acts as the primary domain controller while others act as backup domain controllers.
1. The document discusses implementing Active Directory Domain Services (AD DS) sites and replication, including configuring AD DS sites, site links, and intersite replication.
2. It describes tools for monitoring AD DS replication such as Repadmin and Dcdiag and best practices for deploying read-only domain controllers.
3. The lab scenario involves optimizing AD DS replication between a London HQ site and branch office sites in Toronto and a test site to address slow sign-ins and resource access.
Microsoft Windows Server 2012 R2 Overview - Presented by AtidanDavid J Rosenthal
This document summarizes a presentation about Windows Server 2012 R2. It begins with an agenda that includes trends, challenges, capabilities, and momentum. It then discusses customer challenges around scalability, manageability, applications, and access. Next it outlines capabilities in virtualization, storage, networking, management, web/apps, access/security, and VDI. Examples of customer deployments and testimonials are provided. It concludes by recommending further resources on Windows Server and cloud optimization.
Directory Synchronization Single Sign-On in Office 365InnoTech
Directory synchronization and single sign-on in Office 365 allows organizations to synchronize their on-premises Active Directory with Office 365 and implement single sign-on for user authentication. The key steps include activating directory synchronization in the Office 365 admin center, preparing Active Directory, installing the directory synchronization tool, and configuring single sign-on using AD FS for federated authentication. This provides a single set of credentials for users to access both on-premises and Office 365 resources.
Microsoft SQL Server 2014 Platform for Hybrid Cloud - Level 300 deck - From A...David J Rosenthal
SQL Server 2014 introduces new hybrid cloud capabilities that allow customers to use Windows Azure as a disaster recovery site. Key features include the ability to backup SQL Server databases to Windows Azure storage and deploy secondary availability group replicas in Windows Azure virtual machines. This provides customers low-cost, geo-redundant disaster recovery without having to manage secondary hardware. Case studies describe how various companies can leverage these hybrid cloud SQL Server 2014 capabilities for disaster recovery and other use cases.
How information systems are built or acquired puts information, which is what they should be about, in a secondary place. Our language adapted accordingly, and we no longer talk about information systems but applications. Applications evolved in a way to break data into diverse fragments, tightly coupled with applications and expensive to integrate. The result is technical debt, which is re-paid by taking even bigger "loans", resulting in an ever-increasing technical debt. Software engineering and procurement practices work in sync with market forces to maintain this trend. This talk demonstrates how natural this situation is. The question is: can something be done to reverse the trend?
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUpanagenda
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-und-domino-lizenzkostenreduzierung-in-der-welt-von-dlau/
DLAU und die Lizenzen nach dem CCB- und CCX-Modell sind für viele in der HCL-Community seit letztem Jahr ein heißes Thema. Als Notes- oder Domino-Kunde haben Sie vielleicht mit unerwartet hohen Benutzerzahlen und Lizenzgebühren zu kämpfen. Sie fragen sich vielleicht, wie diese neue Art der Lizenzierung funktioniert und welchen Nutzen sie Ihnen bringt. Vor allem wollen Sie sicherlich Ihr Budget einhalten und Kosten sparen, wo immer möglich. Das verstehen wir und wir möchten Ihnen dabei helfen!
Wir erklären Ihnen, wie Sie häufige Konfigurationsprobleme lösen können, die dazu führen können, dass mehr Benutzer gezählt werden als nötig, und wie Sie überflüssige oder ungenutzte Konten identifizieren und entfernen können, um Geld zu sparen. Es gibt auch einige Ansätze, die zu unnötigen Ausgaben führen können, z. B. wenn ein Personendokument anstelle eines Mail-Ins für geteilte Mailboxen verwendet wird. Wir zeigen Ihnen solche Fälle und deren Lösungen. Und natürlich erklären wir Ihnen das neue Lizenzmodell.
Nehmen Sie an diesem Webinar teil, bei dem HCL-Ambassador Marc Thomas und Gastredner Franz Walder Ihnen diese neue Welt näherbringen. Es vermittelt Ihnen die Tools und das Know-how, um den Überblick zu bewahren. Sie werden in der Lage sein, Ihre Kosten durch eine optimierte Domino-Konfiguration zu reduzieren und auch in Zukunft gering zu halten.
Diese Themen werden behandelt
- Reduzierung der Lizenzkosten durch Auffinden und Beheben von Fehlkonfigurationen und überflüssigen Konten
- Wie funktionieren CCB- und CCX-Lizenzen wirklich?
- Verstehen des DLAU-Tools und wie man es am besten nutzt
- Tipps für häufige Problembereiche, wie z. B. Team-Postfächer, Funktions-/Testbenutzer usw.
- Praxisbeispiele und Best Practices zum sofortigen Umsetzen
5th LF Energy Power Grid Model Meet-up SlidesDanBrown980551
5th Power Grid Model Meet-up
It is with great pleasure that we extend to you an invitation to the 5th Power Grid Model Meet-up, scheduled for 6th June 2024. This event will adopt a hybrid format, allowing participants to join us either through an online Mircosoft Teams session or in person at TU/e located at Den Dolech 2, Eindhoven, Netherlands. The meet-up will be hosted by Eindhoven University of Technology (TU/e), a research university specializing in engineering science & technology.
Power Grid Model
The global energy transition is placing new and unprecedented demands on Distribution System Operators (DSOs). Alongside upgrades to grid capacity, processes such as digitization, capacity optimization, and congestion management are becoming vital for delivering reliable services.
Power Grid Model is an open source project from Linux Foundation Energy and provides a calculation engine that is increasingly essential for DSOs. It offers a standards-based foundation enabling real-time power systems analysis, simulations of electrical power grids, and sophisticated what-if analysis. In addition, it enables in-depth studies and analysis of the electrical power grid’s behavior and performance. This comprehensive model incorporates essential factors such as power generation capacity, electrical losses, voltage levels, power flows, and system stability.
Power Grid Model is currently being applied in a wide variety of use cases, including grid planning, expansion, reliability, and congestion studies. It can also help in analyzing the impact of renewable energy integration, assessing the effects of disturbances or faults, and developing strategies for grid control and optimization.
What to expect
For the upcoming meetup we are organizing, we have an exciting lineup of activities planned:
-Insightful presentations covering two practical applications of the Power Grid Model.
-An update on the latest advancements in Power Grid -Model technology during the first and second quarters of 2024.
-An interactive brainstorming session to discuss and propose new feature requests.
-An opportunity to connect with fellow Power Grid Model enthusiasts and users.
For the full video of this presentation, please visit: https://www.edge-ai-vision.com/2024/06/temporal-event-neural-networks-a-more-efficient-alternative-to-the-transformer-a-presentation-from-brainchip/
Chris Jones, Director of Product Management at BrainChip , presents the “Temporal Event Neural Networks: A More Efficient Alternative to the Transformer” tutorial at the May 2024 Embedded Vision Summit.
The expansion of AI services necessitates enhanced computational capabilities on edge devices. Temporal Event Neural Networks (TENNs), developed by BrainChip, represent a novel and highly efficient state-space network. TENNs demonstrate exceptional proficiency in handling multi-dimensional streaming data, facilitating advancements in object detection, action recognition, speech enhancement and language model/sequence generation. Through the utilization of polynomial-based continuous convolutions, TENNs streamline models, expedite training processes and significantly diminish memory requirements, achieving notable reductions of up to 50x in parameters and 5,000x in energy consumption compared to prevailing methodologies like transformers.
Integration with BrainChip’s Akida neuromorphic hardware IP further enhances TENNs’ capabilities, enabling the realization of highly capable, portable and passively cooled edge devices. This presentation delves into the technical innovations underlying TENNs, presents real-world benchmarks, and elucidates how this cutting-edge approach is positioned to revolutionize edge AI across diverse applications.
Discover top-tier mobile app development services, offering innovative solutions for iOS and Android. Enhance your business with custom, user-friendly mobile applications.
Skybuffer SAM4U tool for SAP license adoptionTatiana Kojar
Manage and optimize your license adoption and consumption with SAM4U, an SAP free customer software asset management tool.
SAM4U, an SAP complimentary software asset management tool for customers, delivers a detailed and well-structured overview of license inventory and usage with a user-friendly interface. We offer a hosted, cost-effective, and performance-optimized SAM4U setup in the Skybuffer Cloud environment. You retain ownership of the system and data, while we manage the ABAP 7.58 infrastructure, ensuring fixed Total Cost of Ownership (TCO) and exceptional services through the SAP Fiori interface.
Essentials of Automations: Exploring Attributes & Automation ParametersSafe Software
Building automations in FME Flow can save time, money, and help businesses scale by eliminating data silos and providing data to stakeholders in real-time. One essential component to orchestrating complex automations is the use of attributes & automation parameters (both formerly known as “keys”). In fact, it’s unlikely you’ll ever build an Automation without using these components, but what exactly are they?
Attributes & automation parameters enable the automation author to pass data values from one automation component to the next. During this webinar, our FME Flow Specialists will cover leveraging the three types of these output attributes & parameters in FME Flow: Event, Custom, and Automation. As a bonus, they’ll also be making use of the Split-Merge Block functionality.
You’ll leave this webinar with a better understanding of how to maximize the potential of automations by making use of attributes & automation parameters, with the ultimate goal of setting your enterprise integration workflows up on autopilot.
Main news related to the CCS TSI 2023 (2023/1695)Jakub Marek
An English 🇬🇧 translation of a presentation to the speech I gave about the main changes brought by CCS TSI 2023 at the biggest Czech conference on Communications and signalling systems on Railways, which was held in Clarion Hotel Olomouc from 7th to 9th November 2023 (konferenceszt.cz). Attended by around 500 participants and 200 on-line followers.
The original Czech 🇨🇿 version of the presentation can be found here: https://www.slideshare.net/slideshow/hlavni-novinky-souvisejici-s-ccs-tsi-2023-2023-1695/269688092 .
The videorecording (in Czech) from the presentation is available here: https://youtu.be/WzjJWm4IyPk?si=SImb06tuXGb30BEH .
For the full video of this presentation, please visit: https://www.edge-ai-vision.com/2024/06/how-axelera-ai-uses-digital-compute-in-memory-to-deliver-fast-and-energy-efficient-computer-vision-a-presentation-from-axelera-ai/
Bram Verhoef, Head of Machine Learning at Axelera AI, presents the “How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-efficient Computer Vision” tutorial at the May 2024 Embedded Vision Summit.
As artificial intelligence inference transitions from cloud environments to edge locations, computer vision applications achieve heightened responsiveness, reliability and privacy. This migration, however, introduces the challenge of operating within the stringent confines of resource constraints typical at the edge, including small form factors, low energy budgets and diminished memory and computational capacities. Axelera AI addresses these challenges through an innovative approach of performing digital computations within memory itself. This technique facilitates the realization of high-performance, energy-efficient and cost-effective computer vision capabilities at the thin and thick edge, extending the frontier of what is achievable with current technologies.
In this presentation, Verhoef unveils his company’s pioneering chip technology and demonstrates its capacity to deliver exceptional frames-per-second performance across a range of standard computer vision networks typical of applications in security, surveillance and the industrial sector. This shows that advanced computer vision can be accessible and efficient, even at the very edge of our technological ecosystem.
Generating privacy-protected synthetic data using Secludy and MilvusZilliz
During this demo, the founders of Secludy will demonstrate how their system utilizes Milvus to store and manipulate embeddings for generating privacy-protected synthetic data. Their approach not only maintains the confidentiality of the original data but also enhances the utility and scalability of LLMs under privacy constraints. Attendees, including machine learning engineers, data scientists, and data managers, will witness first-hand how Secludy's integration with Milvus empowers organizations to harness the power of LLMs securely and efficiently.
Northern Engraving | Nameplate Manufacturing Process - 2024Northern Engraving
Manufacturing custom quality metal nameplates and badges involves several standard operations. Processes include sheet prep, lithography, screening, coating, punch press and inspection. All decoration is completed in the flat sheet with adhesive and tooling operations following. The possibilities for creating unique durable nameplates are endless. How will you create your brand identity? We can help!
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfChart Kalyan
A Mix Chart displays historical data of numbers in a graphical or tabular form. The Kalyan Rajdhani Mix Chart specifically shows the results of a sequence of numbers over different periods.
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectorsDianaGray10
Join us to learn how UiPath Apps can directly and easily interact with prebuilt connectors via Integration Service--including Salesforce, ServiceNow, Open GenAI, and more.
The best part is you can achieve this without building a custom workflow! Say goodbye to the hassle of using separate automations to call APIs. By seamlessly integrating within App Studio, you can now easily streamline your workflow, while gaining direct access to our Connector Catalog of popular applications.
We’ll discuss and demo the benefits of UiPath Apps and connectors including:
Creating a compelling user experience for any software, without the limitations of APIs.
Accelerating the app creation process, saving time and effort
Enjoying high-performance CRUD (create, read, update, delete) operations, for
seamless data management.
Speakers:
Russell Alfeche, Technology Leader, RPA at qBotic and UiPath MVP
Charlie Greenberg, host
Digital Banking in the Cloud: How Citizens Bank Unlocked Their MainframePrecisely
Inconsistent user experience and siloed data, high costs, and changing customer expectations – Citizens Bank was experiencing these challenges while it was attempting to deliver a superior digital banking experience for its clients. Its core banking applications run on the mainframe and Citizens was using legacy utilities to get the critical mainframe data to feed customer-facing channels, like call centers, web, and mobile. Ultimately, this led to higher operating costs (MIPS), delayed response times, and longer time to market.
Ever-changing customer expectations demand more modern digital experiences, and the bank needed to find a solution that could provide real-time data to its customer channels with low latency and operating costs. Join this session to learn how Citizens is leveraging Precisely to replicate mainframe data to its customer channels and deliver on their “modern digital bank” experiences.
Programming Foundation Models with DSPy - Meetup SlidesZilliz
Prompting language models is hard, while programming language models is easy. In this talk, I will discuss the state-of-the-art framework DSPy for programming foundation models with its powerful optimizers and runtime constraint system.
2. Module Overview
• Overview of Distributed AD DS Deployments
• Deploying a Distributed AD DS Environment
• Configuring AD DS Trusts
3. Lesson 1: Overview of Distributed AD DS
Deployments
• Discussion: AD DS Components Overview
• Overview of Domain and Forest Boundaries in an
AD DS Structure
• Why Implement Multiple Domains?
• Why Implement Multiple Forests?
• Integrating On-Premises AD DS with Cloud
Services
• Implementing Windows Azure AD
• DNS Requirements for Complex AD DS
Environments
4. Discussion: AD DS Components Overview
• What is an AD DS domain?
• What is an AD DS tree?
• What is an AD DS forest?
• What is a trust relationship?
• What is the global catalog?
5. Overview of Domain and Forest Boundaries in an
AD DS Structure
AD DS object Boundary type
Domain Domain partition replication
Administrative permissions
Group Policy application
Auditing
Password and account policies
Domain DNS zone replication
Forest Security boundary
Schema partition replication
Configuration partition replication
Global catalog replication
Forest DNS zone replication
6. Why Implement Multiple Domains?
Organizations may choose to deploy multiple
domains to meet:
• Domain replication requirements
• DNS namespace requirements
• Distributed administration requirements
• Forest administrative group security requirements
• Resource domain requirements
7. Why Implement Multiple Forests?
Organizations may choose to deploy multiple
forests to meet:
• Security isolation requirements
• Incompatible schema requirements
• Multinational requirements
• Extranet security requirements
• Business merger or divestiture requirements
8. Integrating On-Premises AD DS with Cloud
Services
• Windows Azure AD:
• Is a shared environment
• Updating and upgrading is maintained by Microsoft
• Can synchronize with on-premises AD DS
• Does not support AD DS integrated applications
• AD in Windows Azure:
• Is a private environment
• Updating and upgrading is the responsibility of the
customer
• Can be part of on-premises AD DS
• Supports AD DS-aware applications
10. DNS Requirements for Complex AD DS
Environments
When implementing DNS in a complex AD DS
environment, you should:
• Verify the DNS client configuration
• Verify and monitor DNS name resolution
• Optimize DNS name resolution between multiple
namespaces
• Use AD DS integrated DNS zones
• Consider deploying a GlobalNames zone
• Design interoperability for DNS in Windows Azure and on-
premise
11. Lesson 2: Deploying a Distributed AD DS
Environment
• Demonstration: Installing a Domain Controller in a
New Domain in an Existing Forest
• AD DS Domain Functional Levels
• AD DS Forest Functional Levels
• Upgrading a Previous Version of AD DS to
Windows Server 2012 R2
• Migrating to Windows Server 2012 R2 AD DS from
a Previous Version
12. Demonstration: Installing a Domain Controller in
a New Domain in an Existing Forest
In this demonstration, you will see how to:
• Configure an AD DS domain controller
• Access the AD DS domain controller
13. AD DS Domain Functional Levels
New functionality requires that domain controllers
are running a particular version of Windows
• Windows Server 2003
• Windows Server 2008
• Windows Server 2008 R2
• Windows Server 2012
• Windows Server 2012 R2
• Cannot raise functional level while domain
controllers are running previous Windows Server
versions
• Cannot add domain controllers running previous
Windows Server versions after raising functional
level
14. AD DS Forest Functional Levels
Windows Server 2003:
• Forest trusts
• Domain rename
• Linked-value replication
• Support for RODCs
• Improved KCC
• Conversion of inetOrgPerson objects to user objects
• Deactivation and redefinition of attributes and object classes
Windows Server 2008:
• No new features; sets minimum level for all new domains
Windows Server 2008 R2:
• Active Directory Recycle Bin
Windows Server 2012:
• No new features; sets minimum level for all new domains
Windows Server 2012 R2:
• No new features; sets minimum level for all new domains
15. Upgrading a Previous Version of AD DS to
Windows Server 2012 R2
Options to upgrade AD DS to Windows Server 2012 R2:
• In-place upgrade (from Windows Server 2008, Windows Server 2008
R2 or Windows 2012)
• Only domain controllers running Windows Server 2008 x64,
Windows Server 2008 R2, or Windows 2012 can be upgraded
• Introduce a new Windows Server 2012 R2 server into the domain
and promote it to be a domain controller
• This option is recommended
• Both options require that the schema is at the Windows Server 2012
R2 level
• The Active Directory Domain Services Installation Wizard will
upgrade the schema automatically when run with appropriate
permissions
• ADPrep is available
16. Migrating to Windows Server 2012 R2 AD DS
from a Previous Version
fabrikam.net Adatum.com
Security Principals that are
migrated:
• User accounts
• Managed service accounts
• Computer accounts
• Groups
Accounts get new
SIDs, but resource
access is maintained
by using SID History
Inter-forest migration
17. Migrating to Windows Server 2012 R2 AD DS
from a Previous Version
Security Principals that are
migrated:
• User accounts
• Managed service accounts
• Computer accounts
• Groups
Accounts get new SIDs,
but resource access is
maintained by using
SID History
Department IT
distinguishedName CN=April Reagan,OU=IT,DC=fabrikam,DC=net
givenName April
name April Reagan
objectSID S-1-5-21-322346712-1256085132-1900709958-1375
Department IT
distinguishedName CN=April Reagan,OU=IT,DC=Adatum,DC=com
givenName April
name April Reagan
objectSID S-1-5-21-433457823-2367196243-2011810069-2486
sIDHistory S-1-5-21-322346712-1256085132-1900709958-1375
NEW
fabrikam.net Adatum.com
18. Lesson 3: Configuring AD DS Trusts
• Overview of Different AD DS Trust Types
• How Trusts Work Within a Forest
• How Trusts Work Between Forests
• Configuring Advanced AD DS Trust Settings
• Demonstration: Configuring a Forest Trust
19. Trust type Transitive? Color
P/C - Parent-child Yes Purple
R - Tree root Yes Black
E - External (domain or Kerberos realm) No Red/Dashed
S - Shortcut Yes Green/Dotted
F - Forest (complete or selective) Yes Blue
CONTOSO
(Windows NT 4.0 domain)
Engineering (Kerberos realm)
Overview of Different AD DS Trust Types
P/C
P/C
R
S
Separate Forest
P/C P/C
F
E
E
21. How Trusts Work Between Forests
What Is a Forest Trust?
A forest trust is a one-way or two-way trust relationship
between the forest root domains of two forests
asia.tailspintoys.com sales.wideworldimporters.com
tailspintoys.com
europe.tailspintoys.com
wideworldimporters.com
22. Configuring Advanced AD DS Trust Settings
Security considerations in forest trusts:
• SID filtering
• Selective authentication
• Name suffix routing
An incorrectly configured trust can allow
unauthorized access to resources
23. Demonstration: Configuring a Forest Trust
In this demonstration, you will see how to:
• Configure DNS Name Resolution by using a conditional
forwarder
• Configure a two-way selective forest trust
24. Lab: Implementing Distributed AD DS
Deployments
• Exercise 1: Implementing Child Domains in AD DS
• Exercise 2: Implementing Forest Trusts
Logon Information
Virtual Machines 20412D-LON-DC1,
20412D-TOR-DC1,
20412D-LON-SVR2,
20412D-TREY-DC1
User Name: AdatumAdministrator
Password: Pa$$w0rd
Estimated Time: 45 minutes
25. Lab Scenario
A. Datum Corporation has deployed a single AD DS
domain with all the domain controllers located in its
London datacenter. As the company has grown and added
branch offices with large numbers of users, it is becoming
increasingly apparent that the current AD DS environment
does not meet company requirements. The network team
is concerned about the amount of AD DS–related network
traffic that is crossing WAN links, which are becoming
highly utilized.
The company has also become increasingly integrated with
partner organizations, some of which need access to
shared resources and applications that are located on the
A. Datum internal network. The security department at A.
Datum wants to ensure that the access for these external
users is as secure as possible.
26. Lab Scenario
As one of the senior network administrators at A. Datum,
you are responsible for implementing an AD DS
infrastructure that will meet the company requirements. You
are responsible for planning an AD DS domain and forest
deployment that will provide optimal services for both
internal and external users, while addressing the security
requirements at A. Datum.
27. Lab Review
• Why did you configure a delegated subdomain
record in DNS on LON-DC1 before adding the
child domain na.adatum.com?
• What are the alternatives to creating a delegated
subdomain record in the previous question?
• When you create a forest trust, why would you
create a selective trust instead of a complete trust?
28. Module Review and Takeaways
• Common Issues and Troubleshooting Tips
Editor's Notes
Presentation: 60 minutes
Lab: 45 minutes
After completing this module, the students will be able to:
Describe the components of distributed Active Directory® Domain Services (AD DS) deployments.
Describe how to deploy a distributed AD DS deployment.
Explain how to configure AD DS trusts.
Required materials
To teach this module, you need the Microsoft® Office PowerPoint® file 20412D_04.pptx.
Important: We recommend that you use Office PowerPoint 2007 or a newer version to display the slides for this course. If you use PowerPoint Viewer or an earlier version of PowerPoint, all the features of the slides might not display correctly.
Preparation tasks
To prepare for this module:
Read all of the materials for this module.
Practice performing the lab exercises.
Work through the Module Review and Takeaways section, and determine how you will use this section to reinforce student learning and promote knowledge transfer to on-the-job performance.
Provide a brief overview of the module content.
The module begins with a discussion of the components of an AD DS environment. You should use this module overview to assess the students’ understanding of these concepts: domains, trees, forests, and the global catalog.
The main purpose of this topic is to assess the students’ competency level, and to ensure they have sufficient knowledge of AD DS before you embark on more advanced content.
Question: What is an AD DS domain?
Answer
An AD DS domain is a logical grouping of user, computer, and group objects for the purpose of management and security. All of these objects are stored in the AD DS database, and a copy of this data is stored on every domain controller in the AD DS domain. Because of this, the AD DS database is fault-tolerant, and clients can access AD DS domain information at any AD DS domain controller in the AD DS domain. AD DS provides a searchable hierarchical directory, and provides a framework for applying configuration and security settings for objects in the enterprise. You can use AD DS and Group Policy Objects (GPOs) to apply configuration and security settings to user and computer accounts.
Question: What is an AD DS domain tree?
Answer
An AD DS domain tree is a collection of one or more AD DS domains that form a contiguous namespace. For instance, if the first domain in the forest is adatum.com, you could create an additional domain as a child domain in that namespace. An example is atl.adatum.com.
Sometimes it is beneficial to have more than one domain in the forest. When you add a domain to an existing forest, you can add it as a child domain to an existing domain. This adds the domain to the domain tree. You can also create the domain as a new domain tree in the forest. An example of this would be if A. Datum Corporation, an established company with an AD DS forest named adatum.com, acquired a company called Fabrikam, Inc. An additional tree called fabrikam.com could be created in the adatum.com forest. Although the new domain is a new domain tree and accompanying new namespace, it still is integrated with the existing forest.
Question: What is an AD DS forest?
Answer
An AD DS forest is a collection of one or more AD DS trees. Each AD DS tree will contain one or more AD DS domains. The AD DS forest is the outermost boundary for the AD DS security and administration.
Question: What are trust relationships?
Answer
Trust relationships (trusts) are authentication pipelines between different domains. Some trusts are generated automatically as part of the domain installation process, and others are trusts that you create manually for various reasons. Trust relationships form the framework that allows resource sharing between domains, and they also provide the structure that supports authentication between domains.
Question: What is the global catalog?
Answer
The global catalog provides a central directory of every object in the forest, and is unique in each AD DS forest. Unlike the individual domain partitions that store a complete writeable attribute set for all objects in the domain, the global catalog is a read-only list of some attributes for every object in the forest. The global catalog makes it easy to locate objects from different domains in a multidomain forest. For example, Microsoft® Exchange Server uses the global catalog to locate all email recipients in a forest.
In a complex AD DS environment, it is essential that the students understand how the various components—such as organizational units (OUs), domains, and forests—form boundaries for authentication, resource access, and searches.
This topic describes the types of boundaries AD DS domains and forests provide. Mention that these boundaries usually form the criteria for why organizations choose to deploy multiple domains or forests. The next two topics cover this in more detail.
Emphasize the fact that the forest is the only real security boundary in AD DS. Within an AD DS forest, domains do not provide a complete security boundary, because accounts such as the Enterprise Admins group from the forest root domain have administrative permissions in each domain.
Discuss the different reasons why organizations might decide to deploy multiple domains, but also emphasize that there are rarely good technical reasons to deploy multiple domains. A single domain can contain millions of objects, and you can configure administrative autonomy at an OU level. You can provide multiple user principal names (UPNs) for users within a domain. In most cases, organizations create multiple domains for business reasons, not for technical reasons.
Use this slide to discuss some of the reasons to implement multiple AD DS forests. Explain that in some cases, the business requirements may dictate different choices than technical requirements would dictate. Stress the importance of thorough planning and proper change control procedures, especially where AD DS schema modifications are planned.
Discuss the difference between Windows Azure AD and installing Active Directory in Windows Azure. Discuss the special considerations for deploying Active Directory in Windows Azure.
Discuss how to set up Windows Azure AD.
Ask the students what makes DNS name resolution more complicated in an AD DS environment that includes multiple namespaces. Then ask them how they would resolve these issues. The students should be able to identify the options for optimizing name resolution in this environment. If they cannot do so, refer them to the topic in Module 1 where this was covered.
Provide a brief overview of the lesson content.
Preparation Steps
Start 20412D-LON-DC1, and sign in as Adatum\Administrator with the password Pa$$w0rd.
Start 20412D-TOR-DC1, and sign in as Adatum\Administrator with the password Pa$$w0rd.
Demonstration Steps
Install the AD DS binaries on TOR-DC1
On TOR-DC1, in the Server Manager, click Add Roles and Features.
In the Add Roles and Features Wizard, click Next.
On the Select installation type page, ensure that Role-based or feature-based installation is selected, and then click Next.
On the Select destination server page, ensure that Select a server from the pool is selected. In the Server Pool page, verify that TOR-DC1.Adatum.com is highlighted, and then click Next.
On the Select server roles page, select the Active Directory Domain Services check box, click Add Features, and then click Next.
On the Select features page, click Next.
On the Active Directory Domain Services page, review the message, and then click Next.
On the Confirm installation selections page, review the message, and then click Install. Installation will take several minutes.
On the Results page, click Promote this server to a domain controller. The wizard continues.
Configure TOR-DC1 as an AD DS domain controller using the AD DS Installation Wizard
On the Deployment Configuration page, select the Add a new domain to an existing forest option, and then, next to Select domain type, confirm that Child Domain is selected.
In the Parent domain name field, verify that Adatum.com is listed.
In the New domain name box, type NA, and then click Next.
On the Domain Controller Options page, ensure that Windows Server 2012 R2 is selected as the
Domain functional level, that Domain Name System (DNS) server is selected, and that Global Catalog (GC) is selected.
In the Type the Directory Services Restore Mode (DSRM) password text boxes, type Pa$$w0rd in both boxes, and then click Next.
On the DNS Options page, click Next.
On the following three windows (Additional Options, Paths, and Review Options), click Next. In the Prerequisites Check window, click Install.
Review the information, and allow TOR-DC1 to reboot as an AD DS domain controller in the new AD DS domain that you created in the AD DS forest.
Sign in to TOR-DC1 as NA\Administrator with the password Pa$$w0rd, and review some of the AD DS tools to confirm the installation of the new domain.
Describe the different AD DS functional levels, and have the students consider the advantages of upgrading to the highest possible level. Point out to the students that many businesses are still running their AD DS domains at a lower functional level than they could. For example, it is not unusual to find that a company is running AD DS domains in Microsoft Windows 2000 Server native mode, when all of the AD DS domain controllers are running Windows Server 2003 or newer.
Point out that some options for enabling Kerberos support for clients are enabled as soon as you install Windows Server 2012 domain controllers in a domain, but the features specifically mentioned in the text are only enabled at the Windows Server 2012 domain functional level.
Describe the process of using the Active Directory Migration Tool (ADMT) or a similar utility. Explain the SID-History attribute, and run the ldp.exe tool to demonstrate how to view all the configured attributes for an object.
Discuss migration complexity. Mention different aspects that make migrations complex, such as maintaining access to resources in both forests or domains, cleaning up permissions after the migration, and migrating users, clients, or groups in batches, because most companies are not able to migrate them simultaneously.
You might want to draw a diagram adding domains and trusts, and use it to describe each of the trust types as you proceed. Do not go into detail about shortcut trusts at this stage, because this will be discussed in the next topic. Forest trusts have a separate section as well.
The slide is presented in three clicks.
The slide begins by showing the default trusts in a forest. The purple lines represent parent-child trusts, while the black line represents a tree-root trust. The double arrowheads represent that these are two-way trusts.
The first click shows a forest trust that has been created by an administrator; the trust is represented with a blue line, with a double arrowhead representing a two-way trust.
The second click shows the external trusts that have been created by an administrator. The trusts are represented with dashed red lines, with one arrowhead to represent a one-way trust. The trusts depicted have been established between a Kerberos realm and an NT 4.0 domain.
The last click shows a shortcut trust has been created by an administrator between two domains in a forest. The trust is represented by a dotted green line, with a double arrowhead representing a two-way trust.
This is a build slide in six clicks.
The initial slide shows the AD DS environment, which consists of a single AD DS forest with two domain trees: adatum.com and fabrikam.com. The two child domains, EU.adatum.com and ESP.fabrikam.com, are located physically in the same city in Spain, EU. There is frequent resource sharing between these two AD DS domains. The parent AD DS domains, Adatum.com and Fabrikam.com, exist in North American cities. Although there are transitive trust relationships between all the AD DS domains in the AD DS forest, there is no direct authentication link between EU.adatum.com and ESP.fabrikam.com.
On the first click, the slide shows the authentication process that is required when a user from client computer CL1 wishes to access a file on file server D.
On the second click, CL1 contacts the local AD DS domain controller CL 1 and is referred to the AD DS domain controller 2 next in line.
On the third click, the AD DS domain controller 2 refers CL1 to the AD DS domain controller 3, in fabrikam.com.
On the fourth click, the AD DS domain controller 3 refers CL1 to the AD DS domain controller 4 in ESP.fabrikam.com.
On the fifth click, CL1 uses the ticket issued by the AD DS domain controller 4 to contact the file server D, located in ESP.farikam.com.
On the sixth and last click, a shortcut trust is established between ESP.fabrikam.com and EU.adatum.com. Now that CL1 has received a ticket from the local AD DS domain controller 1, it can contact the AD DS domain controller 4 in the ESP.fabrikam.com AD DS domain, and then receive a ticket to access the file server D.
In this scenario, without the shortcut trust in place, several communications will have to travel to North America and back. The network link may not be fast or 100 percent reliable, or it could be expensive. Therefore, the shortcut trust improves performance in more than one way.
Open Active Directory Domains and Trusts. Show where you can create a new trust relationship, and how you can choose different types: for example, forest and domain.
If the students want more information on this subject, show the following links to illustrate where they can obtain resources.
Additional Reading: For more information on configuring SID filter quarantining on external trusts, see http://go.microsoft.com/fwlink/?LinkId=270030
For more information on enabling selective authentication over a forest trust, see http://go.microsoft.com/fwlink/?LinkId=270046
For more information on name-suffix routing, see http://go.microsoft.com/fwlink/?LinkId=270047
Explain to the students that in the lab they will configure a selective forest trust between adatum.com and treyresearch.net. They also will enable users to authenticate to the LON-SVR2 server, and they will test it.
Preparation Steps
Start 20412D-LON-DC1, and sign in as Adatum\Administrator with the password Pa$$w0rd. LON-DC1 has an IP address of 172.16.0.10, and is configured to use itself as the primary DNS server.
Start 20412D-TREY-DC1, and sign in as treyresearch\Administrator with the password Pa$$w0rd. TREY-DC1 has an IP address of 172.16.10.10, and is configured to use itself as the primary DNS server.
Demonstration Steps
Configure DNS name resolution by using a conditional forwarder
On LON-DC1, in Server Manager, click the Tools menu, and in the drop-down list, click DNS. The DNS manager opens.
In the DNS Manager, expand LON-DC1, click and then right-click Conditional Forwarders, and then click New Conditional Forwarder.
In the New Conditional Forwarder window, in the DNS Domain: box, type TreyResearch.net.
In the IP addresses of the master servers: text box, type 172.16.10.10. Click in the open space, and then click OK. (If an error displays, ignore it).
Close the DNS Manager.
Switch to TREY-DC1, and repeat steps 1 through 5. Use the domain name Adatum.com with the IP address 172.16.0.10.
Configure a two-way selective forest trust
In LON-DC1, from the Tools menu, click Active Directory Domains and Trusts.
When the Active Directory Domains and Trusts window opens, right-click Adatum.com, and then
click Properties.
In the Adatum.com Properties dialog box, on the Trusts tab, click New Trust.
In the New Trust Wizard, click Next.
On the Trust Name page, in the Name text box, type treyresearch.net, and then click Next.
In the New Trust Wizard, click Forest trust, and then click Next.
In the Direction of Trust page, click Two-way, and then click Next.
In the Sides of Trust page, click Both this domain and the specified domain, and then click Next.
In the User name: text box, type Administrator. In the Password text box, type Pa$$w0rd, and then click Next.
In the Outgoing Trust Authentication Level--Local Forest page, click Selective authentication, and then click Next.
In the Outgoing Trust Authentication Level-Specified Forest page, click Selective authentication, and then click Next.
In the Trust Selections Complete page, click Next.
In the Trust Creation Complete page, click Next.
In the Confirm Outgoing Trust page, click Yes, confirm the outgoing trust, and then click Next.
In the Confirm Incoming Trust page, click Yes, confirm the incoming trust, and then click Next.
On the Completing the New Trust Wizard page, click Finish.
In the Adatum.com Properties dialog box, click OK.
Tell the students to ensure that LON-DC1 is running before they start the other machines.
Exercise 1: Implementing Child Domains in AD DS
A. Datum has decided to deploy a new domain in the adatum.com forest for the North American region. The first domain controller will be deployed in Toronto, and the domain name will be na.adatum.com. You need to configure and install the new domain controller.
Exercise 2: Implementing Forest Trusts
A. Datum is working on several high-priority projects with a partner organization named Trey Research. To simplify the process of enabling access to resources located in the two organizations, companies have deployed a WAN between London and Munich, where Trey Research is located. You now need to implement and validate a forest trust between the two forests, and configure the trust to allow access to only selected servers in London.
Question: Why did you configure a delegated subdomain record in DNS on LON-DC1 before adding the child domain na.adatum.com?
Answer: Why did you configure a delegated subdomain record in DNS on LON-DC1 before adding the child domain na.adatum.com?
Question: What are the alternatives to creating a delegated subdomain record in the previous question?
Answer: On LON-DC1, you could create a stub zone for na.adatum.com to provide an up-to-date list of the DNS servers for the na.adatum.com DNS domain. You also could configure on LON-DC1 a secondary DNS zone file for na.adatum.com, but that would entail more DNS replication traffic.
Question: When you create a forest trust, why would you create a selective trust instead of a complete trust?
Answer: You would create a selective trust instead of a complete trust if you did not require a full link-up between two forests, but wanted a strictly controlled amount of interactivity.
Common Issues and Troubleshooting Tips
Common Issue: You receive error messages such as: DNS lookup failure, RPC server unavailable, domain does not exist, or domain controller could not be found.
Troubleshooting Tip: Usually, these errors are caused by a DNS record lookup failure or incorrectly configured firewall. Ensure that at least two working DNS servers are available on the network. Ensure that every computer has at least two DNS servers that are configured in the network configuration.
Verify that DNS servers are able to successfully resolve queries for DNS records outside of their DNS domain (for instance, Internet addresses). Use various troubleshooting tools such as nslookup, dnslint, DCdiag, netdiag, repadmin, replmon, and Event Viewer.
Common Issue: User cannot be authenticated to access resources on another AD DS domain or Kerberos realm.
Troubleshooting Tip: Use the Active Directory Domains and Trusts console, (Domain.msc), or the command-line tool Netdom to validate trust relationships. If necessary, reset the trust password. Check to ensure that trust relationships are configured for the right direction.
Verify that all AD DS domain controllers have registered all of the correct SRV records in the DNS database. (You can restart the netlogon service on an AD DS domain controller to force it to reregister the SRV records in the DNS database.)