Presentation is loading. Please wait.

Presentation is loading. Please wait.

What’s New in Active Directory: Windows Server 2008 R2 Brian Desmond Thursday, March 4 th, 2009.

Published byZakary James Modified over 9 years ago

Similar presentations

Presentation on theme: "What’s New in Active Directory: Windows Server 2008 R2 Brian Desmond Thursday, March 4 th, 2009."— Presentation transcript:

1 What’s New in Active Directory: Windows Server 2008 R2 Brian Desmond Thursday, March 4 th, 2009

2 About Brian Chicago based Active Directory & Exchange consultant – Moran Technology Consulting MS MVP for Active Directory since 2003 Author of Active Directory, 4 th Ed from O’Reilly e-mail: brian.desmond@morantechnology.combrian.desmond@morantechnology.com e-mail: brian@briandesmond.combrian@briandesmond.com website & blog: www.briandesmond.comwww.briandesmond.com

3 Agenda  Active Directory Recycle Bin Managed Service Accounts Offline Domain Join Authentication Mechanism Assurance Active Directory PowerShell Active Directory Administrative Center

4 Active Directory Recycle Bin Problem: – Accidental deletions cause downtime – Restoring is complicated – Primary AD Disaster Recovery scenario Solution – Online restoration of object and all attributes

5 Object Lifecycle Tombstoned Object Deleted ObjectRecycled ObjectGarbage Collected Live Object 180 days (default)

6 Recycle Bin Prerequisites New Terms Deleted Object – Objects currently in the recycle bin Recycled Object – Objects after the recycle bin Equivalent to a legacy tombstone Requirements Windows Server 2008 R2 Forest Functional Level AD LDS – new 2008 R2 “Application Mode” Recycle Bin optional feature enabled

7 RECYCLE BIN DEMO

8 Agenda Active Directory Recycle Bin  Managed Service Accounts Offline Domain Join Authentication Mechanism Assurance Active Directory PowerShell Active Directory Administrative Center

9 Service Account Issues Key problems – Infinite lifetime – Elevated rights Passwords – Set once and never rotated – IT personnel take passwords with them

10 Managed Service Accounts Automatic management – Passwords – Service Principal Names Integrated support – Service Control Manager – IIS 7.5 Application Pools

11 Agenda Active Directory Recycle Bin Managed Service Accounts  Offline Domain Join Authentication Mechanism Assurance Active Directory PowerShell Active Directory Administrative Center

12 Offline Domain Join Problem – Domain join requires network connectivity – Domain join requires a reboot to complete Solution – Offline domain join enables pre-provisioning of computer accounts – Computer account info is injected into machine while it is offline – Machine processes injected data at boot and becomes a full domain member without reboot I think a flowchart slide would be advantageous to this topic

13 Agenda Active Directory Recycle Bin Managed Service Accounts Offline Domain Join  Authentication Mechanism Assurance Active Directory PowerShell Active Directory Administrative Center

14 Auth Mechanism Assurance Feature enables securing resources based on authentication mechanism – Requiring smartcard logon – Requiring high encryption certificates Mapping occurs in AD – Certificate OID is mapped to a SID – SID is injected into user’s token at logon

15 Auth Mechanism Assurance Authentication Assurance requires “compound” ACLs to be useful Need to allow for ALLOW “Brian Desmond” – AND REQUIRE High Assurance Certificate Use tool like Active Directory Federation Services to implement this

16 Auth Mechanism Assurance High Assurance Sales Users We want users who meet both criteria

17 Agenda Active Directory Recycle Bin Managed Service Accounts Offline Domain Join Authentication Assurance  Active Directory PowerShell Active Directory Administrative Center

18 Active Directory PowerShell Replaces numerous disjointed administrative tools Single point of entry for administrative tasks – End-to-End manageability with other roles such as Exchange, Group Policy, etc Communicates with AD via a Web Service – Web service will be made available for pre Windows Server 2008 R2 domain controllers

19 PowerShell Advantages Consistent vocabulary and syntax – Verbs: Add, New, Get, Set, Remove, Clear … – Nouns: ADObject, ADUser, ADComputer, ADDomain, ADForest, ADGroup, ADAccount, ADDomainController, etc Easily discovered – No need to find, install, or learn other tools, utilities or commands Flexible output – Output from one cmdlet easily consumed by another PowerShell Providers – Brings file system like navigation to Active Directory

20 LDAP AD Web Services S.DS.P / S.DS.AM / S.DS.AD AD PowerShell MUX WCF.NET WPF.NET Windows Server 2008 R2 WCF. NET Windows Server 2008 ADUC/ADSS/ADDT WSHWSH ADSI LDAP MMC … GUI DS RPC-Based Protocols … DSRSAM CLI AD Core DS RPC-Based Protocols … … DSR SAM AD Admin Center GUI BPA

21 POWERSHELL DEMO

22 Agenda Active Directory Recycle Bin Managed Service Accounts Offline Domain Join Authentication Mechanism Assurance Active Directory PowerShell  Active Directory Administrative Center

23 AD Administrative Center New Active Directory UI written from the ground up – Task based interface – Interface designed with progressive disclosure in mind All UI tasks are frontends to AD PowerShell Interface supports multiple domains, forests

24 ADAC DEMO

25 Best Practices Analyzer Rules based Active Directory Health Check – Detect common misconfigurations – Prevent common support calls Rules updated by Microsoft quarterly Integrated with Server Manager

26 What’s New? Windows Server 2008 coverage: – Read Only Domain Controllers (RODCs) – Fine Grained Password Policies (FGPPs) – Auditing and security improvements – Windows Server 2008 upgrade procedure – DNS enhancements (such as GlobalName zones) Exchange 2007 integration & scripting Windows PowerShell & Active Directory.NET Active Directory programming New user interface features Lots of new diagrams and figures Active Directory, 4 th Edition Best selling Active Directory title Learn More! www.briandesmond.com/ad4/ www.briandesmond.com/ad4/

27 Resources www.activedir.org – mailing list www.activedir.org Windows Hi-Ed mailing list www.briandesmond.com Microsoft TechNet Forums

28 Questions?

29 www.morantechnology.com

Download ppt "What’s New in Active Directory: Windows Server 2008 R2 Brian Desmond Thursday, March 4 th, 2009."

Similar presentations

Copyright line. Configuring Server Roles in Windows 2008 Exam Objectives New Roles in 2008 New Roles in 2008 Read-Only Domain Controllers (RODCs) Read-Only.

Copyright line. Configuring Server Roles in Windows 2008 Exam Objectives New Roles in 2008 New Roles in 2008 Read-Only Domain Controllers (RODCs) Read-Only.
What’s New in Windows Server 2008 AD?

What’s New in Windows Server 2008 AD?
By Rashid Khan Lesson 5-Directory Assistance: Administration Using Active Directory Users and Computers.

By Rashid Khan Lesson 5-Directory Assistance: Administration Using Active Directory Users and Computers.
IP ADDRESS MANAGEMENT [IPAM]

IP ADDRESS MANAGEMENT [IPAM]
What’s New in Active Directory in Windows Server 2012 Dean Wells Active Directory Product Group Microsoft SIA312.

What’s New in Active Directory in Windows Server 2012 Dean Wells Active Directory Product Group Microsoft SIA312.
Brian Desmond Moran Technology Consulting www.morantechnology.com www.briandesmond.com.

Brian Desmond Moran Technology Consulting
Windows Server “Longhorn” RDP Airlift. Managing AD with PowerShell; Creating custom administrative consoles Dmitry Sotnikov CTO, Windows Management Quest.

Windows Server “Longhorn” RDP Airlift. Managing AD with PowerShell; Creating custom administrative consoles Dmitry Sotnikov CTO, Windows Management Quest.
Chapter 6 Introducing Active Directory

Chapter 6 Introducing Active Directory
3.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.

3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.
Administering Active Directory

Administering Active Directory
Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.

Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.
Lesson 14: Creating and Managing Active Directory Users and Computers

Lesson 14: Creating and Managing Active Directory Users and Computers
Windows Server 2012 What’s new ? AuthorKrzysztof Pytko Wroclaw 2012

Windows Server 2012 What’s new ? AuthorKrzysztof Pytko Wroclaw 2012
Understanding Active Directory

Understanding Active Directory
A centralized system.  Active Directory is Microsoft's trademarked directory service, an integral part of the Windows architecture. Like other directory.

A centralized system.  Active Directory is Microsoft's trademarked directory service, an integral part of the Windows architecture. Like other directory.
HalFILE 3.0 Active Directory Integration. halFILE 3.0 AD – What is it? Centralized organization of network objects and security – servers, computers,

HalFILE 3.0 Active Directory Integration. halFILE 3.0 AD – What is it? Centralized organization of network objects and security – servers, computers,
Chapter 7 WORKING WITH GROUPS.

Chapter 7 WORKING WITH GROUPS.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 12: Managing and Implementing Backups and Disaster Recovery.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 12: Managing and Implementing Backups and Disaster Recovery.
© 2005 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Advanced Samba Administration Part.

© 2005 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Advanced Samba Administration Part.
Module 8: Designing Active Directory Disaster Recovery in Windows Server 2008.

Module 8: Designing Active Directory Disaster Recovery in Windows Server 2008.

Similar presentations

Ads by Google