Czy są zmiany w AD Domain Services Windows 2012 Andrzej Kokociński

Slides:



Advertisements
Similar presentations
AD for Windows 2012 Deeper Dive - Dynamic Access Control and Domain Controller Cloning JONATHAN CORE – DOMAIN CONTROLLER CLONING KEITH BREWER – DYNAMIC.
Advertisements

IP ADDRESS MANAGEMENT [IPAM]
Active Directory Virtualization Safeguards and Domain Controller Cloning with Windows Server 2012 Manu Pushpendran Program Manager Microsoft Corporation.
What’s New in Active Directory: Windows Server 2008 R2 Brian Desmond Thursday, March 4 th, 2009.
What’s New in Active Directory in Windows Server 2012 Dean Wells Active Directory Product Group Microsoft SIA312.
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
Lesson 16: Configuring Domain Controllers
1 Week #1 Objectives Review clients, servers, and Windows network models Differentiate among the editions of Server 2008 Discuss the new Windows Server.
1 Week #1 Objectives Review clients, servers, and Windows network models Differentiate among the editions of Server 2008 Discuss the new Windows Server.
Chapter 6 Introducing Active Directory
3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.
1 Chapter 1 Introduction to Windows Server Two main goals for Net Admin Make network resources available to users Files, folders, printers, etc.
By Rashid Khan Lesson 4-Preparing to Serve: Understanding Microsoft Networking.
Chapter 4 Introduction to Active Directory and Account Management
Lesson 14: Creating and Managing Active Directory Users and Computers
3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.
Windows Server 2012 What’s new ? AuthorKrzysztof Pytko Wroclaw 2012
Windows Server 2012 Richard Oertle Subject Matter Expert / Instructor October 25 th, 2012.
DANIEL PETRI, PREMIER FIELD ENGINEER, MICROSOFT. TakeawaysNew AD Features Agenda AD Enhancements Areas of Investment / Our Broad Goals Summary of Requirements.
AI-B301 Topics A quick note: There is a lot of information in this session, too much in fact! Slides are heavy and designed for you to review. We’ll.
Understanding Active Directory
Installing a New Windows Server 2008 Domain Controller in a New Windows Server 2008 R2.
Active Directory in Windows Server 2012, 2012 R2, and beyond
Vikram Thakur Introduction to Active Directory Structure.
Microsoft ® Official Course Module 12 Monitoring, Managing, and Recovering AD DS.
System Center 2012 Setup The components of system center App Controller Data Protection Manager Operations Manager Orchestrator Service.
Course 6425A Module 9: Implementing an Active Directory Domain Services Maintenance Plan Presentation: 55 minutes Lab: 75 minutes This module helps students.
Chapter 4 Introduction to Active Directory and Account Management
Module 2 Creating Active Directory ® Domain Services User and Computer Objects.
WGUiSW IDOL Windows Server 2012 Active Directory: Domain Services What’s new in Active Directory: Domain Services?
Session 6 Windows Platform Dina Alkhoudari. Learning Objectives What is Active Directory Logical components of active directory Physical components of.
Advanced Deployment and Administration of AD DS
MCTS Guide to Configuring Microsoft Windows Server 2008 Active Directory Chapter 3: Introducing Active Directory.
Managing Active Directory Domain Services Objects
Module 6: Designing Active Directory Security in Windows Server 2008.
What’s New in Active Directory in Windows Server 2012 Pete WSV312.
Module 9: Active Directory Domain Services. Overview Describe new features in AD DS List manageability and reliability enhancements in AD DS.
Chapter 18: Windows Server 2008 R2 and Active Directory Backup and Maintenance BAI617.
Managing User and Service Accounts
SERVER I SLIDE: 6. SERVER I Topics: Objective 4.3: Deploy and configure the DNS service Objective 5.1: Install domain controllers.
Active Directory Operations Masters. Overview  Active Directory updates generally multimaster Changes can be made on any DC  Some exceptions — single.
September 18, 2002 Windows 2000 Server Active Directory By Jerry Haggard.
Maintaining Active Directory Domain Services
Microsoft ® Official Course Module 3 Managing Active Directory Domain Services Objects.
Module 15 Managing Windows Server® 2008 Backup and Restore.
Global Catalog and Flexible Single Master Operations (FSMO) Roles
Module 2 Creating Active Directory ® Domain Services User and Computer Objects.
Introduction to Active Directory Domain Services
What’s New in Active Directory in Windows Server 2012 Samuel Devasahayam Active Directory Product Group Microsoft Ulf Simon-Weidner Senior Consultant,
1 Active Directory Administration Tasks And Tools Active Directory Administration Tasks Active Directory Administrative Tools Using Microsoft Management.
Installing Domain Controllers Dcpromo RIP Provides XML file and PowerShell command to automate adding the role Can be run remotely.
Installing a Domain Controller
Configuring, Managing and Maintaining Windows Server® 2008 Servers Course 6419A.
Global Catalog and Flexible Single Master Operations (FSMO) Roles BAI516.
Module 14: Advanced Topics and Troubleshooting. Microsoft ® Windows ® Small Business Server (SBS) 2008 Management Console (Advanced Mode) Managing Windows.
MCSE: Windows Server 2003 Active Directory Planning, Implementation, and Maintenance Study Guide, Second Edition (70-294) Chapter 1: Overview of the Active.
Active Directory Domain Services (AD DS). Identity and Access (IDA) – An IDA infrastructure should: Store information about users, groups, computers and.
Windows Server 2012 Active Directory - what’s in it for me? Tony Murray, Directory Services MVP.
Administering Windows Server. Microsoft Corporation is an American multinational corporation headquartered in Redmond, Washington, that develops,
Windows Server 2012: How hot can it be? Show me! Chris Spanougakis MCT MVP [DS] IT Consultant / Trainer SystemPlus IT Consulting & Training.
Nivo 300 Windows server Roles and features - Luka Manojlovic Jure Purgar.
Administering Windows Server Question Answer.
MCSA Windows Server 2012 Pass Upgrading Your Skills to MCSA Windows Server 2012 Exam By The Help Of Exams4Sure Get Complete File From
UFIT Infrastructure Self-Service. Service Offerings And Changes Virtual Machine Hosting Self service portal Virtual Machine Backups Virtual Machine Snapshots.
Managing User and Service Accounts
Global Catalog and Flexible Single Master Operations (FSMO) Roles
Samuel Devasahayam Active Directory Product Group Microsoft
Windows Server 2012.
ACTIVE DIRECTORY RECYCLE BIN
BACHELOR’S THESIS DEFENSE
Presentation transcript:

Czy są zmiany w AD Domain Services Windows 2012 Andrzej Kokociński

Agenda Old time AD 2008/2003 Virtualized Domain Controllers Domain Controller Cloning Active Directory Administrative Center Recycle Bin

Background – common virtualization operations such as backing up/restoring – Active Directory, this can introduce USN bubbles leading to permanently divergent state causing: lingering objects inconsistent passwords inconsistent attribute values schema mismatches if the Schema FSMO is rolled back – the potential also exists for security principals to be created with duplicate SIDs

How Domain Controllers are Impacted

Windows Server 2012 provides the following functionality for virtual domain controllers: Safe cloning Safe snapshot restore Implementing virtualized domain controllers provides the following benefits: Rapid domain controller deployment Scalable provisioning of domain controllers Quick replacement or recovery of domain controllers Easy provisioning of test environments

VM-GenerationID

You can safely clone an existing virtual domain controller by: 1. Creating a DcCloneConfig.xml file and storing it in the AD DS database location 2. Taking the VDC offline and exporting it 3. Creating a new virtual machine by importing the exported VDC Export the VDC Import the VDC DcCloneConfig.xml to AD DS database location

Domain Controller Cloning

1. Identify suitable source virtual DC 2. Authorize source DC by adding it to ‘Cloneable Domain Controllers’ group Pre-provisioned with Control Access Right (CAR) on domain-NC object (domain head) 3. Run New-ADDCCloneConfigfile Verifies pre-requisites, e.g. PDC FSMO is running Windows Server 2012 (more later on this) Verifies authorization (by checking group membership) Let’s you specify name, IP address, DNS servers, site, etc. Provide an empty file to auto-generate values Sample file provided in box at %windir%\system32\SampleDCCloneConfig.xml Schema file provided in box at %windir%\system32\DCCloneConfigSchema.xsd 4. Run Get-ADDCCloningExcludedApplicationList [-generateXML] 5. Shutdown and export source DC 6. Restart source DC 7. Import clone of source DC as many times as desired and start clone VMs

Virtualization-Safe Technology Virtual DCs use a VM GenerationID Whenever a snapshot is rolled back, GenerationID is changed DC checks during reboot, and for each write in DIT If changed, protection steps are initiated Virtual DCs use a VM GenerationID Whenever a snapshot is rolled back, GenerationID is changed DC checks during reboot, and for each write in DIT If changed, protection steps are initiated Requirements Windows Server 2012 DCs hosted on hypervisor platform that supports GenerationID: Hyper-V 3.0 3rd-party Hypervisors

Active Directory administration snap-ins consist of four different MMC consoles: Active Directory Users and Computers Active Directory Sites and Services Active Directory Domains and Trusts Active Directory Schema

Active Directory Administrative Center is a task- oriented tool based on Windows PowerShell

Recycle Bin User Interface Introduced with Windows Server 2008 R2 allows administrators to recover deleted objects such as users, groups, OUs Typically high-priority In the past, IT pros were required to enable and use the Recycle Bin through PowerShell commands Complex, not easy to remember or use

Recycle Bin User Interface Introduced with Windows Server 2008 R2 allows administrators to recover deleted objects such as users, groups, OUs Typically high-priority In the past, IT pros were required to enable and use the Recycle Bin through PowerShell commands Complex, not easy to remember or use Introduced with Windows Server 2008 R2 allows administrators to recover deleted objects such as users, groups, OUs Typically high-priority In the past, IT pros were required to enable and use the Recycle Bin through PowerShell commands Complex, not easy to remember or use

Active Directory Recycle Bin provides a way to restore deleted objects without AD DS downtime Uses Windows PowerShell with Active Directory Module or the Active Directory Administrative Center to restore objects

Fine-Grained Password Policy UI Introduced with Windows Server 2008, allows more granular management of password-policies Manually create password-settings objects (PSOs) In the past, IT pros were required to enable and use Fine- Grained Password Policies through ADSIEDIT or by importing LDIF files Complex, time consuming, not easy to remember or use Introduced with Windows Server 2008, allows more granular management of password-policies Manually create password-settings objects (PSOs) In the past, IT pros were required to enable and use Fine- Grained Password Policies through ADSIEDIT or by importing LDIF files Complex, time consuming, not easy to remember or use

Windows Server 2012 provides two tools for configuring PSOs Windows PowerShell cmdlets New-ADFineGrainedPasswordPolicy Add-FineGrainedPasswordPolicySubject Active Directory Administrative Center Graphical user interface Uses Windows PowerShell cmdlets to create and manage PSOs

Pytania???

Dziękuje

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.