Page 1
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
TechNet goes virtual
Migrating Windows XP to Windows 7: Get it done using Microsoft Deployment Tools
Harold WongIT Pro Evangelist
Microsoft Corporationblogs.technet.com/haroldwong
Page 2
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
Event Schedule
• 8:30am – Introduction and Welcome
• 8:45am – Session 1: Migrating Windows XP to Windows 7: Get it done using Microsoft Deployment Tools
– 9:40 – Break
• 9:55 – Session 2: Securing Windows 7 in a Windows Server 2008 R2 Environment– 10:40 – Break
• 10:55 – Session 3: New Features in Windows Server 2008 R2 Directory Services– Drawing
• Afternoon MSDN will be here so stick around if you can
Page 3
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
TechNet goes virtual
Migrating Windows XP to Windows 7:
Page 4
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
Agenda
• Windows Easy Transfer• Deployment Tools• Using USMT Hard-link Migration• Summary of Deployment Solutions
Page 5
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
Windows Easy Transfer
• Easily Move Files and Settings• Supports Windows 2000, Windows XP and
Windows Vista
• Transfer done with:– Cable– USB Drive– Between Computers in a Network
Page 6
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
Windows Easy Transfer
Demo
Page 7
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
Deployment Tools
• Automated Installation Toolkit (AIK)• User State Migration Tool (USMT)• Microsoft Deployment Toolkit (MDT 2010)
Page 8
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
Automated Installation Toolkit (AIK)
• Windows System Image Manager (WSIM)• ImageX • Deployment Image Servicing and Management
(DISM) • Windows Preinstallation Environment (WinPE) • User State Migration Tool (USMT)
Page 9
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
User State Migration Tool
• Migrates Files and Settings• Computer Replacement and Computer Refresh
Migrations• Scriptable• Hard-Link Migration Store• Benefits and Limitations
Page 10
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
Microsoft Deployment Toolkit 2010
• Unified tools and processes • Reduced deployment time• “Lite-touch” deployments leveraging Windows
deployment tools• “Zero-touch” deployments leveraging System
Center Configuration Manager 2007 and Windows deployment tools.
• Support for Windows 7, Windows Server R2
.
Page 11
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
Destination ComputerRun LoadState on new Widows 7 platform and restores Windows Vista user state from shared folder on Windows 7 Client
Source ComputerRun ScanState and copies user state to shared folder on Windows 7 Client
Client Migration Store – AIK and USMT
Destination ComputerRun LoadState on new Windows 7 platform and restores Windows XP user state from shared folder on Windows 7 Client
Connected to WORKGROUP
Source ComputerRun ScanState and copies user state to shared folder on Windows 7 Client
“Lite-Touch” High-Volume Deployment
Page 12
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
“Lite-Touch” High-Volume Deployment using the User State Migration Tool’s (USMT) Scanstate and Loadstate
Demo
Page 13
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
“Zero-Touch” High-Volume Deployment
Destination ComputerUse Log-on Script, batch file or non-Microsoft technology to run LoadState on new Windows 7 platform and restores Windows Vista user state from server
Source ComputerUse Log-on Script, batch file or non-Microsoft technology to run ScanState and copies user state to network server
Source ComputerUse Log-on Script, batch file or non-Microsoft technology to run ScanState and copies user state to network server
Migration Store Server
Destination ComputerUse Log-on Script, batch file or non-Microsoft technology to run LoadState on new Windows 7 platform and restores Windows XP user state from server
Decommission
Source ComputerUse Log-on Script, batch file or non-Microsoft technology to run ScanState and copies user state to network server
Page 14
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
Summary of Deployment SolutionsHigh-Touch with
Retail MediaHigh-Touch with Standard
Imaging
Lite-Touch, High Volume Deployment
Zero-Touch, High Volume Deployment
IT Skill Level IT Generalist IT Pro IT Pro with WDS IT Pro with SCCM Experience
Windows Licensing Retail Retail and Software Assurance Software Assurance Enterprise Agreement
Number ofClient Computers <100 100-200 200-500 >500
Infrastructure Small Unmanaged MediumStandardized
Managed Network Enterprise Network + SCCM
Application Support
Manually Manually and LOB customizations
Automatically and LOB
Automatically using SCCM
User interaction Manual Hands-on Manual Hands-on
Limited Interaction Fully Automated
Tools AIK, Easy Transfer <25
AIK, MDT, ACT AIK,MDT ACT, MAPT,WDS
AIK,MDT,ACT,MAPT,WDS, SCCM
Slide 14
Page 15
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
Summary
• Many Deployment Tools and options for all scenarios from a single PC to 1,000s
• Easy Transfer makes it simple to move user data
• New Hard-link Migration Option in USMT
Page 16
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
TechNet Plus Direct Subscription
• The ultimate resource for IT professionals. TechNet Plus provides convenient access to full-version Microsoft evaluation software—without time limits! The annual subscription also includes Professional Support incidents, a technical information library, and many other resources for evaluating, deploying, and maintaining Microsoft software.
• Microsoft software licensed for evaluation purposes. • Beta software. • Professional Support Incidents. • Managed Newsgroup Support. • Technical resources for Microsoft products.. • Microsoft eLearning courses. • Online Concierge Chat.
• Want a 25% Discount on a new Subscription?
• Use Discount Code TMSAM04
Page 17
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
IT Pro Momentum Invitation
• A Microsoft program focused on supporting “early adopters” – IT professionals who bet on the newest technologies to drive business value for their companies and advance in their careers
• Are you?– Interested in learning more about the newest Microsoft technologies?– Need help to evaluate different Microsoft products and features? – Willing to test and pilot in production Microsoft beta products?– Would like to have access to exclusive forums and Microsoft product support?– Want to share your early adoption experience with the IT Pro community world-
wide?
• If you answered ‘yes’ for all the questions above, IT Pro Momentum can help!
• Send email with “Add to Momentum” in the subject– [email protected]
Page 18
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
Momentum 2009 ProductsTrack Technology 2009
Client Infrastructure
IE8 √
Windows 7 √
Windows Mobile 7 √
Server Infrastructure
Windows Server 2008 √
SQL Server 2008 √
Forefront Stirling √
Powershell √
VirtualizationHyper-V √
SCVMM √
Web InfrastructureIIS 7 √
Sharepoint on the Web √
HPC HPC Server 2008 √
Collaboration & Connectivity
OCS 14 √
Exchange 2010 √
Page 19
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
Resources for Windows 7 Deployment
Windows 7 Deployment Guide• http://technet.microsoft.com/en-us/library/
dd349337(WS.10).aspx
Microsoft Deployment Toolkit 2010• https://connect.microsoft.com/content/cont
ent.aspx?ContentID=12463&SiteID=14
Page 20
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
TechNet goes virtual
Break Time: 15 minutes
Page 21
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
TechNet goes virtual
Securing Windows® 7 in a Windows Server® 2008 R2 Environment
Page 22
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
What Will We Cover?
• Better Together• User Interface Improvements• DirectAccess and Terminal Services
Gateway• Health Policies
Page 23
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
Agenda
• Reviewing Network Access Protection• Examining Deployment
Improvements• Exploring Configuration and
Management• Viewing Network Access Protection
Integration Improvements
Page 24
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
Business and Technical Benefits
Reduce the risk of network security threats
Page 25
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
Business and Technical Benefits
Reduce the risk of network security threats
Safeguard sensitive data and intellectual property
Page 26
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
Business and Technical Benefits
Reduce the risk of network security threats
Safeguard sensitive data and intellectual property
Extend the value of existing investments
Page 27
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
1
RemediationServersExample: Patch
Network Access Protection
RestrictedNetwork
1
WindowsClient NPS
DHCP, VPNSwitch/Router
Policy Serverssuch as: Patch, AV
Corporate Network
Client requests access to network and presents current health state
Page 28
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
RemediationServersExample: Patch
Network Access Protection
RestrictedNetwork
1
WindowsClient
2
DHCP, VPN or Switch/Router relays health status to Microsoft Network Policy Server (RADIUS)
NPSDHCP, VPNSwitch/Router
Policy Serverssuch as: Patch, AV
Corporate Network
2
Page 29
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
RemediationServersExample: Patch
Network Access Protection
RestrictedNetwork
1
WindowsClient
2
3
NPSDHCP, VPNSwitch/Router
Policy Serverssuch as: Patch, AV
Corporate Network
3Network Policy Server (NPS) validates against IT-defined health policy
Page 30
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
RemediationServersExample: Patch
Network Access Protection
RestrictedNetwork
1
WindowsClient
2
3
Not policy compliant
NPSDHCP, VPNSwitch/Router
4
Policy Serverssuch as: Patch, AV
Corporate Network
4If not policy compliant, client is put in a restricted VLAN and given access to fix up resources to download patches, configurations, signatures (Repeat 1-4)
Page 31
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
RemediationServersExample: Patch
Network Access Protection
RestrictedNetwork
1
WindowsClient
2
3
Not policy compliant
Policy compliant
NPSDHCP, VPNSwitch/Router
4
Policy Serverssuch as: Patch, AV
Corporate Network5
5If policy compliant, client is granted full access to corporate network
Page 32
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
TechNet goes virtual
Demonstration: Configuring NAP
• Configure PKI• Install NAP• Configure Basics
Page 33
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
Agenda
• Reviewing Network Access Protection• Examining Deployment
Improvements• Exploring Configuration and
Management• Viewing Network Access Protection
Integration Improvements
Page 34
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
NPS Updates
• NPS Templates• Network Policy Server• Logging Improvements• UTF-8
Page 35
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
Agenda
• Reviewing Network Access Protection• Examining Deployment
Improvements• Exploring Configuration and
Management• Viewing Network Access Protection
Integration Improvements
Page 36
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
Multiple SHV Policy
• A single server can now enforce a number of different health policies using a single system health validator (SHV)– Requires SHV updates for
Windows Server 2008 R2
Page 37
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
New NAP Client User Interface
• Messaging Integration with Action Center Tray Icon
• Integration with Windows 7 Action Center
Page 38
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
Agenda
• Reviewing Network Access Protection• Examining Deployment
Improvements• Exploring Configuration and
Management• Viewing Network Access Protection
Integration Improvements
Page 39
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
Integration Improvements
Microsoft Confidential
Remote Desktop Gateway
Page 40
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
Integration Improvements
Microsoft Confidential
Remote Desktop Gateway
DirectAccess
Page 41
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
Integration Improvements
Microsoft Confidential
Remote Desktop Gateway
DirectAccess
Microsoft® Forefront™ code name Stirling
Page 42
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
DirectAccess Technical Details
IPv6 Devices
IPv4 Devices
DirectAccessServer
Windows 7 Client
IPv6 Transition Services
Supports variety of remote network
protocols
IPSec encryption and authentication. 2
Tunnels are established -
DirectAccess Server acts as gateway
IT desktop management
Internet
Page 43
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
DirectAccess Technical Details
IPv6 Devices
IPv4 Devices
DirectAccessServer
Windows 7 Client
IPv6 Transition Services
Supports variety of remote network
protocols
IPSec encryption and authentication. 2
Tunnels are established -
DirectAccess Server acts as gateway
IT desktop management
Internet
AD Group Policy, NAP, software
updates
Page 44
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
DirectAccess Technical Details
IPv6 Devices
IPv4 Devices
DirectAccessServer
Windows 7 Client
Native IPv6 with IPSec
IPv6 Transition Services
Supports variety of remote network
protocols
IPSec encryption and authentication. 2
Tunnels are established -
DirectAccess Server acts as gateway
Direct connectivity to
IPv6-based Intranet
resources
IT desktop management
Internet
AD Group Policy, NAP, software
updates
Page 45
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
DirectAccess Technical Details
IPv6 Devices
IPv4 Devices
DirectAccessServer
Windows 7 Client
Native IPv6 with IPSec
IPv6 Transition Services
Supports variety of remote network
protocols
IPSec encryption and authentication. 2
Tunnels are established -
DirectAccess Server acts as gateway
Direct connectivity to
IPv6-based Intranet
resources Support IPv4 via 6to4 transition
services or NAT-PTIT desktop management
Internet
AD Group Policy, NAP, software
updates
Page 46
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
TechNet goes virtual
Demonstration: Direct Access - End User Experience
• DirectAccess
Page 47
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
Session Summary
• Better Together• User Interface Improvements• DirectAccess and Terminal Services
Gateway• Health Policies
Page 48
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
TechNet goes virtual
Break Time: 15 minutes
Page 49
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
TechNet goes virtual
Active Directory Domain Services in Windows Server 2008 R2 Technical Overview
Page 50
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
What Will We Cover?
• Identity Management and Simplified Management Capabilities
• Improved Management of User Accounts
• Enhanced Windows Management Deployments
Page 51
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
What Will We Cover?
• Identity Management and Simplified Management Capabilities
• Improved Management of User Accounts
• Enhanced Windows Management Deployments
Page 52
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
Agenda
• Active Directory Overview • Active Directory Management • Managing Active Directory
Deployments• Identity and Access Management
Page 53
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
Solutions That Address IT Pro Challenges
New Windows PowerShell cmdletsConsole Enhancements
Page 54
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
Solutions That Address IT Pro Challenges
New Windows PowerShell cmdletsConsole Enhancements
Task-OrientedBetter Management
Page 55
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
Solutions That Address IT Pro Challenges
New Windows PowerShell cmdletsConsole Enhancements
Task-OrientedBetter Management
Analyzers Expanded to All Core Windows Server 2008 R2 Roles
Page 56
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
Solutions That Address IT Pro Challenges
Windows Server 2008 R2 Forest Functional Level
New Windows PowerShell cmdletsConsole Enhancements
Task-OrientedBetter Management
Deals with Accidental Object DeletionDeals with Mapping of Various PropertiesDeals with Pre-Provisioning of Computer AccountsDeals with Managed Service AccountsAnalyzers Expanded
to All Core Windows Server 2008 R2 Roles
Page 57
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
Agenda
• Active Directory Overview • Active Directory Management• Managing Active Directory
Deployments• Identity and Access Management
Page 58
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
Active Directory Administrative Center
Customizable GUI
Page 59
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
Active Directory Administrative Center
Customizable GUI
Page 60
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
Active Directory Administrative Center
Customizable GUI
Page 61
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
Demonstration Environment
Internal Network192.168.16.0
`
SEA-WRK-001192.168.16.5Windows 7
SEA-DC-01192.168.16.2
Windows Server 2008 R2
`
SEA-WRK-002192.168.16.6Windows 7
SEA-CS-01192.168.16.3
Windows Server 2008 R2
Page 62
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
• Create an Organizational Unit
• Create a User• Create a New Group and
Add a User
Demonstration: Creating Objects Using Active Directory Administrative Center
Page 63
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
Active Directory Recycle Bin
Reduces Downtime and EffortAD Objects Are PreservedFunctional for AD DS and AD LDSUse LDP.exe or Windows PowerShell Cmdlets
Page 64
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
Active Directory Recycle Bin—Notes
Setup RequirementsAdprep must be used for Windows Server 2003 and Windows Server 2008 forestAll domain controllers in your Active Directory forest are running Windows Server 2008 R2Raise the functional level of your Active Directory forest to Windows Server 2008 R2
Reduces Downtime and EffortAD Objects Are PreservedFunctional for AD DS and AD LDSUse LDP.exe or Windows PowerShell Cmdlets
Page 65
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
Active Directory Recycle Bin—Notes
Setup RequirementsAdprep must be used for Windows Server 2003 and Windows Server 2008 forestAll domain controllers in your Active Directory forest are running Windows Server 2008 R2Raise the functional level of your Active Directory forest to Windows Server 2008 R2
In this release, the process of enabling Active Directory Recycle Bin is irreversible. After you enable Active Directory Recycle Bin in your environment, you cannot disable it.
Reduces Downtime and EffortAD Objects Are PreservedFunctional for AD DS and AD LDSUse LDP.exe or Windows PowerShell Cmdlets
Page 66
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
• Enable Active Directory Recycle Bin
• View Objects That Are in the Deleted Objects Container
• Restore Deleted Objects
Demonstration: Working with the Active Directory Recycle Bin
Page 67
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
Agenda
• Active Directory Overview • Active Directory Management • Managing Active Directory
Deployments• Identity and Access Management
Page 68
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
Best Practices Analyzer
BPA Run Time
1
Page 69
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
Best Practices Analyzer
BPA Run Time
AD DS BPA Windows PowerShell
Script
1
Page 70
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
AD DS BPA scans verify:DNS rulesOperation master connectivity rulesOperation master ownership rulesNumber of controllers in the domainRequired services rulesReplication configurations rulesW32time configuration rulesVirtual machine configuration rules
Best Practices Analyzer
BPA Run Time
AD DS BPA Windows PowerShell
Script
1
Page 71
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
Best Practices Analyzer—Notes
AD DS BPA scans verify:DNS rulesOperation master connectivity rulesOperation master ownership rulesNumber of controllers in the domainRequired services rulesReplication configurations rulesW32time configuration rulesVirtual machine configuration rules
BPA Run Time
AD DS BPA Windows PowerShell
Script
BPA Run Time
Document
Schema
1
2
Page 72
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
Best Practices Analyzer—Notes
AD DS BPA scans verify:DNS rulesOperation master connectivity rulesOperation master ownership rulesNumber of controllers in the domainRequired services rulesReplication configurations rulesW32time configuration rulesVirtual machine configuration rules
BPA Run Time
AD DS BPA Windows PowerShell
Script
AD DS BPARules Set
BPA Run Time
BPA Run Time
Document
Schema
1
2
3
Page 73
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
Best Practices Analyzer—Notes
AD DS BPA scans verify:DNS rulesOperation master connectivity rulesOperation master ownership rulesNumber of controllers in the domainRequired services rulesReplication configurations rulesW32time configuration rulesVirtual machine configuration rules
BPA Run Time
AD DS BPA Windows PowerShell
Script
AD DS BPAGuidance
AD DS BPARules Set
BPA Run Time
BPA Run TimeAD DS BPA
Report
Document
Schema
1
2
3
Page 74
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
Agenda
• Active Directory Overview • Active Directory Management • Managing Active Directory
Deployments• Identity and Access Management
Page 75
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
Offline Domain Join
Reduces time and effort for large-scale deploymentsEstablishes trust between operating system and Active Directory Domain
Djoin.exe
Page 76
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
Offline Domain Join
Reduces time and effort for large-scale deploymentsEstablishes trust between operating system and Active Directory Domain
Djoin.exe
Advantages
AD state changes are completed without network traffic to the computerComputer state changes are completed without any network traffic to a domain controllerEach change can be completed at different times
Page 77
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
Offline Domain Join —Notes
Run on Windows® 7 or Windows Server 2008 R2Must have user rights to join workstation to the domainDefaults target domain controller running a version of Windows Server 2008 R2
Special Considerations
Reduces time and effort for large-scale deploymentsEstablishes trust between operating system and Active Directory Domain
Djoin.exe
Advantages
AD state changes are completed without network traffic to the computerComputer state changes are completed without any network traffic to a domain controllerEach change can be completed at different times
Page 78
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
• Perform an Offline Domain Join
Demonstration: Using Offline Domain Join
Page 79
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
Management of Service Accounts
Domain-Based Service Accounts Managed by ADEnhanced Security
Less Disruption of ServiceReduce Recurrent Administrative Tasks
SQL IIS
Local Accounts
Page 80
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
Management of Service Accounts
Domain-Based Service Accounts Managed by ADEnhanced Security
Less Disruption of ServiceReduce Recurrent Administrative Tasks
SQL IIS
Managed ServiceAccount
Local Accounts
Page 81
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
Management of Service Accounts
Domain-Based Service Accounts Managed by ADEnhanced Security
Less Disruption of ServiceReduce Recurrent Administrative Tasks
SQL IIS
Managed ServiceAccount
Local Accounts
Virtual Accounts
Page 82
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
Management of Service Accounts
Domain-Based Service Accounts Managed by ADEnhanced Security
Less Disruption of ServiceReduce Recurrent Administrative Tasks
Administrative BenefitsCreate class domain accountsAccounts are now reset automaticallySPN management tasks are not completedCan be delegated to non-administrators
SQL IIS
Managed ServiceAccount
Local Accounts
Virtual Accounts
Page 83
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
Session Summary
• Active Directory Domain Services improves management capabilities that automate Active Directory tasks
• The new Active Directory Administrative Console and Windows PowerShell module allow for flexible discovery and output
• Use and implement the new features of Windows Server 2008 R2 Domain Services