Presentation is loading. Please wait.

Presentation is loading. Please wait.

Turbo Charge Your Active Directory Implementation

Published byRegina Singleton Modified over 6 years ago

Similar presentations

Presentation on theme: "Turbo Charge Your Active Directory Implementation"— Presentation transcript:

1 Turbo Charge Your Active Directory Implementation
Tech Ed North America 2010 6/23/2018 5:26 PM SESSION CODE: WSV330 Turbo Charge Your Active Directory Implementation Rick Claus Sr. Technical Evangelist Microsoft Canada © 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

2 Agenda – Real Simple… Set the stage – where’s Active Directory at with you? Intro Session Scenario – Contoso inc. Demos More Demos… Even More Demos! Action Plan

3 Active Directory is 10 years old…
Where were you 10 years ago? What did your network look like? UR4 UR1 UR2 UR5 UR3 User resource U1 R1 R2 R3 U2 R4 R5 R6 User + Resources User + Resources Active Directory Solved a LOT of issues

4 Now the party is over…. When was the last time AD design / functionality revisited?

5 How did you get your Active Directory?
Designed it yourself Had consulting assistance Not involved with project Inherited it after it was done Just moved into role – no idea on design choices

6 58% are missing out on solutions that can make their lives easier!

7 Scenario for this session – Contoso Bank
You are Contoso Your environment is the following: Running Active 2003 levels Multiple regional offices Basic functionality of AD Multiple DCs Multi-Master DNS Site design correctly implemented

8 “Challenges” at Contoso
Multiple skill levels of admins Security at remote offices Deployment of new workstations CIO / CEO / users / admins with one password policy

9 Let’s get to it! Tweak & Tune your AD with the following:
Upgrade / Migrate to 2008 R2 Lookin’ at Server Core and RODC options Active Directory RecycleBin Support Multiple PW Policies Better Service Account Management Improved Management Tools Offline Domain Join for deployments

10 X86 = NO DIRECT “in place” UPGRADE PATH
Upgrade or Migration? X86 = NO DIRECT “in place” UPGRADE PATH :-(

11 Active Directory® and DNS Migration
Pre-Migration Migration Post-Migration (Optional) Migration planning Number of network interface cards (NICs) Make destination server a domain controller Retire source server Roll back migration Manually migrate DNS server settings Prepare source server Back up Collect migration data Troubleshoot migration Transfer FSMO roles Prepare destination server Install Windows Server 2008 R2 Assign temporary server name Assign temporary IP address Join domain Migrate IP address and rename servers Perform verification steps ©2009 Microsoft Corporation.  All Rights Reserved.

12 Windows Server Migration Tools
Source Server Temp Storage Destination Server Export Settings Import Settings Export-SmigServerSetting Send-SmigServerData Import-SmigServerSetting Receive-SmigServerData Transfer Data and Shares Migration Cmdlet Description Get-SmigServerFeature Discovers features available for migration and features in the migration store available for import Export-SmigServerSetting Exports specified role, feature, and OS settings to a migration store Import-SmigServerSetting Imports specified role, feature, and OS settings from a migration store Send-SmigServerData Transfers data and shares, preserving local and domain permissions Receive-SmigServerData Receives transferred data

13 You just have to do it. You won’t regret it.
Upgrade / Migration You just have to do it. You won’t regret it. Demo

14 Seize the Opportunity Doing same thing can lead to same results
Core Installs of Server 2008 R2 vs full installs Physical or Virtual? Read Only Domain Controllers? Minimize impact on rollout process

15 Server Core Domain Controllers
Minimal Server Installation Reduced Software Maintenance ~1GB Easier to Secure, Manage, and Maintain Supports Key Infrastructure Roles Supports Unattended Installation Reduced Management Reduced Attack Surface Less Disk Space Required

16 Deploying Core DCs with Remote Management
Refine / Redesign Deploying Core DCs with Remote Management Demo

17 Implement AD “oops” Recycle Bin
Ever had someone with too many rights? “Lost” anything in AD and needed it back?

18 Active Directory Recycle Bin
Reduces Downtime and Effort AD Objects Are Preserved Functional for AD DS and AD LDS Use LDP.exe or Windows PowerShell Cmdlets Setup Requirements Adprep must be used for Windows Server 2003 and Windows Server 2008 forest All domain controllers in your Active Directory forest are running Windows Server 2008 R2 Raise the functional level of your Active Directory forest to Windows Server 2008 R2 The process of enabling Active Directory Recycle Bin is irreversible. After you enable Active Directory Recycle Bin in your environment, you cannot disable it.

19 Implement “oops” RecycleBin
Keep from #clausing yourself Demo

20 Updating Password Policy
IL0veMyK1ds! Why? Complexity = circumvention Find right level of usability Requirements for Multiple policies? Old way = domains New way = Password Settings Object

21 Creating Password Setting Objects
Secure PW Policy Creating Password Setting Objects Demo

22 How About Service Accounts?
Domain-Based Service Accounts Managed by AD Enhanced Security Less Disruption of Service Reduce Recurrent Administrative Tasks Administrative Benefits Create class domain accounts Accounts are now reset automatically SPN management tasks are not completed Can be delegated to non-administrators Managed Service Account Virtual Accounts Local Accounts SQL IIS ©2009 Microsoft Corporation.  All Rights Reserved.

23 Securing Service Accounts
Simplifying password management for Service Accounts Demo

24 Managing AD – your options…
Updated Server Manager: Provides a unified experience for adding, configuring, and managing servers New in Windows Server 2008 R2! Over 15 new role services and features added New configurations added for Scan Server, AD CS, and Remote Desktop Services Remoting and Windows PowerShell Integration with BPA

25 Managing AD – your options…
Active Directory Administrative Center Customizable GUI

26 A plethora of tools - what fits for you?
New ways to Manage AD A plethora of tools - what fits for you? Demo

27 Windows PowerShell™ 2.0 – Manage for Scale
A Windows PowerShell module Manage AD domains and Lightweight Directory Services (LDS) configuration sets AD Database Mounting Tool instance Active Directory Module in Windows Server 2008 R2 New Functionality Active Directory module provider Active Directory module cmdlets Windows PowerShell Integrated Scripting Environment (ISE) Out-GridView cmdlet Performance counters Only installs on Windows Server 2008 R2 At least one Windows Server 2008 R2 domain controller or LDS configuration set Windows 7 and Report Server Administration Tools (RSAT) Special Considerations ©2009 Microsoft Corporation.  All Rights Reserved.

28 Obligatory PowerShell CLI Goodness
Manage for scale Obligatory PowerShell CLI Goodness Demo

29 Special Considerations
Offline Domain Joins Reduces time and effort for large-scale deployments Establishes trust between operating system and Active Directory Domain Djoin.exe Advantages AD state changes are completed without network traffic to the computer Computer state changes are completed without any network traffic to a domain controller Each change can be completed at different times Run on Windows® 7 or Windows Server 2008 R2 Must have user rights to join workstation to the domain Defaults target domain controller running a version of Windows Server 2008 R2 Special Considerations

30 Simplify your desktop deployment automation!
Offline Domain Joins Simplify your desktop deployment automation! Demo

31 Action Plan Start your Migration planning! Do Your Research
I <3 AD Start your Migration planning! Do Your Research Align functionality with Business Needs Get started now. No really. Get started!

32 Tech Ed North America 2010 6/23/2018 5:26 PM Related Content WSV Hot Topics Every IT Admin Needs to Know about Windows Server 2008 R2 WSV301 - Administrators’ Idol: Windows and Active Directory Best Practices WSV332 – Windows Server 2008 R2 Deployment with Microsoft Deployment Toolkit (MDT) WSV334 – Windows Server 2008 R2: Tips on Automating and Managing the Breadth of Your IT Environment WSV08-HOL - What’s New in Active Directory (V3.0) WSV10-HOL - Deploying Windows Server 2008 R2 with Microsoft Deployment Toolkit (MDT) 2010 WSV07-INT - New Remote Management Technologies in Windows Server 2008 R2 WSV09-INT - Server Deployment and Maintenance in Windows Server 2008 R2 TLC-54 - Windows PowerShell and Server Management TLC-61 - Windows Server Solutions © 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

33 Resources Learning Required Slide www.microsoft.com/teched
Tech Ed North America 2010 6/23/2018 5:26 PM Required Slide Resources Learning Sessions On-Demand & Community Microsoft Certification & Training Resources Resources for IT Professionals Resources for Developers © 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

34 Complete an evaluation on CommNet and enter to win!
Tech Ed North America 2010 6/23/2018 5:26 PM Required Slide Complete an evaluation on CommNet and enter to win! © 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

35 Sign up for Tech·Ed 2011 and save $500 starting June 8 – June 31st
You can also register at the North America 2011 kiosk located at registration Join us in Atlanta next year

36 Tech Ed North America 2010 6/23/2018 5:26 PM
© 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION. © 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

37 Apendix: Resources and Links
edge.technet.com Apendix: Resources and Links Active Directory Domain Services and DNS Server Migration Guide Migrate Server roles to Windows 2008 R2 What’s New in AD in Windows Server 2008 R2 What’s New in Windows Server Manager in Windows 2008 R2 What’s New in Server 2008 R2 AD DCs Active Directory Recycle Bin – Step by Step AD Fine Grained Password and Lockout Policy Step by Step Ask the Directory Services Team Blog (Ned Pyle – you’re my hero) Active Directory Recycle Bin (Joey Snow on Edge) blogs.technet.com/canitpro poshoholic.com

38 Tech Ed North America 2010 6/23/2018 5:26 PM
© 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Download ppt "Turbo Charge Your Active Directory Implementation"

Similar presentations

Faith Allington Program Manager Microsoft Corporation Session Code: WSV304.

Faith Allington Program Manager Microsoft Corporation Session Code: WSV304.
Windows Server 2008 R2 Migration Tools Migration Guidelines Windows Server Migration Migrating Server Roles ADDS DNS DHCP Print File.

Windows Server 2008 R2 Migration Tools Migration Guidelines Windows Server Migration Migrating Server Roles ADDS DNS DHCP Print File.
Tech·Ed North America /19/2017 7:21 AM

Tech·Ed North America /19/2017 7:21 AM
Building AD-SQL-APP Server on AZURE

Building AD-SQL-APP Server on AZURE
Microsoft Azure Deployment Planning Services

Microsoft Azure Deployment Planning Services
Deployment Internals: Mastering Windows Deployment Services

Deployment Internals: Mastering Windows Deployment Services
Tech·Ed  North America 2009 6/11/ :01 AM SESSION CODE: DEV405

Tech·Ed  North America /11/ :01 AM SESSION CODE: DEV405
Microsoft Azure Deployment Planning Services

Microsoft Azure Deployment Planning Services
9/11/2018 5:53 PM © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered.

9/11/2018 5:53 PM © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered.
Unleash the Power of Microsoft Deployment Toolkit 2010

Unleash the Power of Microsoft Deployment Toolkit 2010
MDOP: Advanced Group Policy Management 4.0

MDOP: Advanced Group Policy Management 4.0
Excel Services Deployment and Administration

Excel Services Deployment and Administration
Microsoft Azure Deployment Planning Services

Microsoft Azure Deployment Planning Services
Inside Panther Troubleshooting the Windows Setup Engine

Inside Panther Troubleshooting the Windows Setup Engine
Overview of Social Computing in Microsoft SharePoint 2010

Overview of Social Computing in Microsoft SharePoint 2010
11/11/2018 Desktop Virtualization Corey Hynes Kyle Rosenthal President Technical Lead HynesITe Inc Spider Consulting P/L @holSystems @windowspcguy.

11/11/2018 Desktop Virtualization Corey Hynes Kyle Rosenthal President Technical Lead HynesITe Inc Spider Consulting @windowspcguy.
Managing Specialized Devices With Windows Embedded Device Manager 2011

Managing Specialized Devices With Windows Embedded Device Manager 2011
Windows PowerShell Remoting: Definitely NOT Just for Servers

Windows PowerShell Remoting: Definitely NOT Just for Servers
Sysinternals Tutorials

Sysinternals Tutorials
Microsoft Virtual Academy

Microsoft Virtual Academy

Similar presentations

Ads by Google