Windows Server 2012 Richard Oertle Subject Matter Expert / Instructor October 25 th, 2012
Windows Server 2012 New Features and Certifications Certification Changes Microsoft Certified Solution Expert in Windows Server 2012 Microsoft Certified Solution Administrator in Windows Server 2012 Administration Changes Screen and Navigation changes PowerShell changes Version 3.0 with 2400 cmdlets
Starting from the beginning: Become an MCSA Pass the following 3 tests to gain the equivalent of passing the test Installing and Configuring Windows Server® Administering Windows Server® Configuring Advanced Windows Server® 2012 Services Then consider continuing on for an MCSE in the 3 previous categories of Desktop, Private cloud or Server Administration
Upgrading from MCITP to MCSE Must renew MCSE status every three years! MCITP upgrade test is (course 20417) MCITP accepted certifications includes: Lync Administrator SharePoint Administrator Desktop Administrator Enterprise Messaging Administrator Windows Server 2008 Administrator
Pass the upgrade test THEN: Take and pass the specialist area tests shown below Determine which of 3 MCSE specialist areas to focus on: MCSE in Server Infrastructure Designing and Implementing a Server Infrastructure Implementing an Advanced Server Infrastructure MCSE in Desktop Infrastructure Implementing a Desktop Infrastructure Implementing Desktop Application Environments
MCSE Information continued MCSE in Private Cloud Infrastructure Monitoring and Operating a Private Cloud with System Center 2012, Course (5 days) Configuring and Deploying a Private Cloud with System Center 2017, Course (5 days)
Some of the New Administration features of Windows Server 2012
Active Directory Administrative Center, is a task-oriented tool based on Windows PowerShell
Password Settings Objects You can use fine-grained password policies to specify multiple password policies within a single domain Fine-grained password policies: Apply only to user objects (or inetOrgPerson objects) and global security groups Cannot be applied to an OU directly Do not interfere with custom password filters that you might use in the same domain
Configuring Password Settings Objects Windows Server 2012 provides two tools for configuring PSOs Windows PowerShell cmdlets New-ADFineGrainedPasswordPolicy Add-FineGrainedPasswordPolicySubject Active Directory Administrative Center Is a graphical user interface Uses Windows PowerShell cmdlets to create and manage PSOs
Managed Service Account Use to automate password and SPN management for service accounts used by services and applications Requires a Windows Server 2008 R2 or Windows Server 2012 server installed with:. NET Framework 3.5.x Active Directory module for Windows PowerShell Recommended to run with AD DS configured at the Windows Server 2008 R2 functional level or higher Can be used in a Windows Server 2003 or 2008 AD DS environment: With Windows Server 2008 R2 schema updates With Active Directory Management Gateway Service
Group Managed Service Accounts Group managed service accounts extend the capability of standard managed service accounts by: Enabling an MSA to be used on more than one computer in the domain Storing MSA authentication information on domain controllers Group MSA requirements: Must have at least one Windows Server 2012 domain controller Must have a KDS root key created for the domain
The Central Store The Central Store: Is a central repository for ADMX and ADML files Is stored in SYSVOL Must be created manually Is detected automatically by Windows Vista or Windows Server 2008 Windows Vista or Windows Server 2008 workstation ADMX files Domain controller with SYSVOL Domain controller with SYSVOL
Group Policy Preferences Group Policy preferences expand the range of configurable settings within a GPO Group Policy preferences: Enable IT professionals to configure, deploy, and manage settings that were not manageable by using Group Policy Can be created, deleted, replaced, or updated Are natively supported on Windows Server 2008 and Vista SP2 or newer
Comparing Group Policy Preferences and GPO Settings Group Policy SettingsGroup Policy Preferences Strictly enforce policy settings by writing the settings to areas of the registry that standard users cannot modify Are written to the normal locations in the registry that the application or operating system feature uses to store the setting Typically disable the user interface for settings that Group Policy is managing Do not cause the application or operating system feature to disable the user interface for the settings they configure Refresh policy settings at a regular interval Refresh preferences by using the same interval as Group Policy settings by default
Group policy Management Editor Allows editing of the ADMX file Extends the functionality of GPMC
Features of Group Policy Preferences Is used to configure additional options that control the behavior of a Group Policy preference item Targeting Features Determines to which users and computers a preference item applies Common Tab
Deploying a Cloned Virtualized Domain Controller You can safely clone an existing virtual domain controller by: 1. Creating a DcCloneConfig.xml file and storing it in the AD DS database location 2. Taking the VDC offline and exporting it 3. Creating a new virtual machine by importing the exported VDC Export the VDC Import the VDC DcCloneConfig.xml to AD DS database location
Overview of the Active Directory Module for Windows PowerShell The Active Directory module for Windows PowerShell provides full administrative functionality in these areas: User management Computer management Group management OU management Password policy management Searching and modifying objects Forest and domain management Domain controller and operations masters management Managed service account management Site replication management Central access and claims management
Windows PowerShell Web Access Allows remote management of computers by running Windows PowerShell sessions in a web browser. Powershell replaces tab completion with Visual Studio style drop down options Many former scripts are now compiled into cmdlets
Polls
What Is NTDSUtil? With NTDSUtil you can: Manage and control single master operations Perform AD DS database maintenance Perform offline defragmentation Create and mount snapshots Move database files Maintain domain controller metadata Reset Directory Services Restore Mode password
Creating AD DS Snapshots Create a snapshot of Active Directory NTDSUtil Mount the snapshot to a unique port NTDSUtil Expose the snapshot Right-click the root node of Active Directory Users and Computers, and choose Connect to Domain Controller Enter serverFQDN:port View (read-only) snapshot Cannot directly restore data from the snapshot Recover data Connect to the mounted snapshot, and export/reimport objects with LDIFDE Restore a backup from the same date as the snapshot Manually reenter data
Configuring the Active Directory Recycle Bin? Active Directory Recycle Bin provides a way to restore deleted objects without AD DS downtime Uses Windows PowerShell with Active Directory Module or the Active Directory Administrative Center to restore objects
Dynamic Access Control Dynamic Access Control provides: A safety net over all file server-based resources Data identification Access control to files File access auditing Optional RMS protection integration
What Is FSRM? FSRM Enables the following functionality: Storage quota management File screening management Storage reports management Classification management File management tasks
Using FSRM to Manage Quotas, File Screens, and Storage Reports What Is Quota Management? What Are Quota Templates? Monitoring Quota Usage What Is File Screening Management? What Are File Groups? What Are a File Screen Templates and File Screen Exceptions? What Are Storage Reports? What Is a Report Task? Demonstration: How to Use FSRM to Manage Quotas, File Screens, and Generate On-Demand Storage Reports
Monitoring Quota Usage You can monitor quota usage by: Viewing quota information in the FSRM console Generating a quota usage report Creating soft quotas Using the Get-FSRMQuota Windows PowerShell cmdlet
File Screening Management File screen management provides a method for controlling the types of files that can be saved on file servers File screen management consists of: Creating file screens Defining file screen templates Creating file screen exceptions Creating file groups
Storage Reports Storage reports provide information about file usage on a file server Types of storage reports include: Duplicate Files File Screening Audit Files by File Group, Owner, or Property Folders by Property Large Files Quota Usage Least and most recently accessed files
Classification Management Classification management enables you to create and assign classification properties to files using an automated mechanism Payroll.rpt Classification Property Classification Rule IsConfidential File Management Task
Classification Properties A Classification Properties is a configurable value that can be assigned to a file Classification properties can be any of the following: Yes/No Date/Time Number Multiple choice list Ordered list String Multi-String
Options for Storage Optimization in Windows Server 2012 Storage optimization features include: File access auditing Features on Demand Data deduplication NFS data stores
Implementing IPAM What Is IPAM? IPAM Architecture Requirements for IPAM Implementation Managing IP Addressing Using IPAM IPAM Management and Monitoring Considerations for Implementing IPAM
What Is IPAM? IPAM facilitates IP management in organizations with complex networks by enabling administration and monitoring of DHCP and DNS
Managing IP Addressing Using IPAM IP address blocks IP address ranges IP addresses IP inventory IP address range groups You can view and manage the IP address space using the following views: DNS and DHCP servers DHCP scopes DNS zone monitoring Server groups You can monitor the IP address space using the following views:
IPAM Management and Monitoring With IPAM, you can: Monitor IP address space utilization Monitor DNS and DHCP health Configure many DHCP properties and values from the IPAM console Use the event catalog to view a centralized repository for all configuration changes
What Is iSCSI? iSCSI transmits SCSI commands over IP networks iSCSI client that runs the iSCSI Initiator TCP/IP protocol iSCSI Target Server Storage Array
iSCSI Target Server and iSCSI Initiator
Considerations for Implementing iSCSI Storage Deploy the solution on fast networks Design a highly available network infrastructure for your iSCSI storage solution. Design an appropriate security strategy for the iSCSI storage solution Follow the vendor-specific best practices for different types of deployments The iSCSI storage solution team must contain IT administrators from different areas of specialization Design application-specific iSCSI storage solutions together with application specific administrators, such as Exchange Server and SQL Server administrators Consider the following when designing your iSCSI storage solution:
Thank You! Back to Rinchen Stick around for Raffle and Q&As