Windows Server 2012

Richard OertleSubject Matter Expert / Instructor

www.NetComLearning.com

October 25th, 2012

Windows Server 2012New Features and Certifications

• Certification Changes• Microsoft Certified Solution Expert in Windows Server

2012• Microsoft Certified Solution Administrator in Windows

Server 2012

• Administration Changes• Screen and Navigation changes

• PowerShell changes• Version 3.0 with 2400 cmdlets

Starting from the beginning:Become an MCSA

• Pass the following 3 tests to gain the equivalent of passing the 70-417 test• 70-410

• Installing and Configuring Windows Server® 2012

• 70-411• Administering Windows Server® 2012

• 70-412• Configuring Advanced Windows Server® 2012 Services• Then consider continuing on for an MCSE in the 3 previous

categories of Desktop, Private cloud or Server Administration

Upgrading from MCITP to MCSE

• Must renew MCSE status every three years!• MCITP upgrade test is 70-417 (course 20417)• MCITP accepted certifications includes:• Lync Administrator• SharePoint Administrator• Desktop Administrator• Enterprise Messaging Administrator• Windows Server 2008 Administrator

Pass the 70-417 upgrade testTHEN:

• Take and pass the specialist area tests shown below• Determine which of 3 MCSE specialist areas to focus on:• MCSE in Server Infrastructure• 70-413 Designing and Implementing a Server

Infrastructure• 70-414 Implementing an Advanced Server

Infrastructure• MCSE in Desktop Infrastructure• 70-415 Implementing a Desktop Infrastructure• 70-416 Implementing Desktop Application

Environments

MCSE Information continued

• MCSE in Private Cloud Infrastructure• 70-246 Monitoring and Operating a Private Cloud with

System Center 2012, Course 10751 (5 days)• 70-247 Configuring and Deploying a Private Cloud

with System Center 2017, Course 10750 (5 days)

Some of the New Administration features of

Windows Server 2012

Active Directory Administrative Center, is a task-oriented tool based on Windows

PowerShell

Password Settings Objects

You can use fine-grained password policies to specify multiple password policies within a single domain

Fine-grained password policies:•Apply only to user objects (or inetOrgPerson objects) and

global security groups• Cannot be applied to an OU directly•Do not interfere with custom password filters that you

might use in the same domain

Configuring Password Settings Objects

Windows Server 2012 provides two tools for configuring PSOs

• Windows PowerShell cmdlets• New-ADFineGrainedPasswordPolicy• Add-FineGrainedPasswordPolicySubject

• Active Directory Administrative Center• Is a graphical user interface• Uses Windows PowerShell cmdlets to create and

manage PSOs

Managed Service Account

Use to automate password and SPN management for service accounts used by services and applications• Requires a Windows Server 2008 R2 or Windows Server 2012 server

installed with:• .NET Framework 3.5.x • Active Directory module for Windows PowerShell

• Recommended to run with AD DS configured at theWindows Server 2008 R2 functional level or higher

• Can be used in a Windows Server 2003 or 2008 AD DS environment:• With Windows Server 2008 R2 schema updates• With Active Directory Management Gateway Service

Group Managed Service Accounts

Group managed service accounts extend the capability of standard managed service accounts by:

• Enabling an MSA to be used on more than one computer in the domain

• Storing MSA authentication information on domain controllers

Group MSA requirements:• Must have at least one Windows Server 2012 domain

controller• Must have a KDS root key created for the domain

The Central Store

The Central Store:

• Is a central repository for ADMX and ADML files• Is stored in SYSVOL• Must be created manually• Is detected automatically by Windows Vista or Windows

Server 2008

Windows Vista or Windows Server 2008

workstation

ADMX files

Domain controller with SYSVOL

Domain controller with SYSVOL

Group Policy Preferences

Group Policy preferences expand the range of configurable settings within a GPO

Group Policy preferences:

• Enable IT professionals to configure, deploy, and manage settings that were not manageable by using Group Policy

• Can be created, deleted, replaced, or updated

• Are natively supported on Windows Server 2008 and Vista SP2 or newer

Comparing Group Policy Preferences and GPO Settings

Group Policy Settings Group Policy Preferences

Strictly enforce policy settings by writing the settings to areas of the registry that standard users cannot modify

Are written to the normal locations in the registry that the application or operating system feature uses to store the setting

Typically disable the user interface for settings that Group Policy is managing

Do not cause the application or operating system feature to disable the user interface for the settings they configure

Refresh policy settings at a regular interval

Refresh preferences by using the same interval as Group Policy settings by default

Group policy Management Editor

• Allows editing of the ADMX file• Extends the functionality of GPMC

Features of Group Policy Preferences

Is used to configure additional options that

control the behavior of a Group Policy preference item

Targeting Features

Determines to which users and computers a preference

item applies

Common Tab

Deploying a Cloned Virtualized Domain Controller

You can safely clone an existing virtual domain controller by:

1. Creating a DcCloneConfig.xml file and storing it in theAD DS database location

2. Taking the VDC offline and exporting it3. Creating a new virtual machine by importing the exported

VDC

Export the VDC

Import the VDC

DcCloneConfig.xml to AD DS database

location

Overview of the Active Directory Module for Windows PowerShell

The Active Directory module for Windows PowerShell provides full administrative functionality in these areas:• User management• Computer management• Group management• OU management• Password policy management• Searching and modifying objects• Forest and domain management• Domain controller and operations masters management• Managed service account management• Site replication management• Central access and claims management

Windows PowerShell Web Access

• Allows remote management of computers by running Windows PowerShell sessions in a web browser.

• Powershell replaces tab completion with Visual Studio style drop down options

• Many former scripts are now compiled into cmdlets

Polls

What Is NTDSUtil?

With NTDSUtil you can:•Manage and control single master operations• Perform AD DS database maintenance• Perform offline defragmentation• Create and mount snapshots• Move database files

•Maintain domain controller metadata• Reset Directory Services Restore Mode password

Creating AD DS Snapshots

• Create a snapshot of Active Directory• NTDSUtil

• Mount the snapshot to a unique port• NTDSUtil

• Expose the snapshot• Right-click the root node of Active Directory Users and Computers, and

choose Connect to Domain Controller• Enter serverFQDN:port

• View (read-only) snapshot• Cannot directly restore data from the snapshot

• Recover data• Connect to the mounted snapshot, and export/reimport objects with LDIFDE• Restore a backup from the same date as the snapshot• Manually reenter data

www.netcomlearning.com

Configuring the Active Directory Recycle Bin?

• Active Directory Recycle Bin provides a way to restore deleted objects without AD DS downtime• Uses Windows PowerShell with Active Directory Module or the

Active Directory Administrative Center to restore objects

Dynamic Access Control

Dynamic Access Control provides:•A safety net over all file server-based resources•Data identification•Access control to files•File access auditing•Optional RMS protection integration

What Is FSRM?

• FSRM Enables the following functionality:• Storage quota management• File screening management• Storage reports management• Classification management• File management tasks

Using FSRM to Manage Quotas, File Screens, and Storage Reports

What Is Quota Management?

What Are Quota Templates?

Monitoring Quota Usage

What Is File Screening Management?

What Are File Groups?

What Are a File Screen Templates and File Screen Exceptions?

What Are Storage Reports?

What Is a Report Task?• Demonstration: How to Use FSRM to Manage Quotas, File

Screens, and Generate On-Demand Storage Reports

Monitoring Quota Usage

• You can monitor quota usage by:• Viewing quota information in the FSRM console• Generating a quota usage report• Creating soft quotas• Using the Get-FSRMQuota Windows PowerShell cmdlet

File Screening Management

File screen management provides a method for controlling the types of files that can be saved on file servers

• File screen management consists of:• Creating file screens• Defining file screen templates• Creating file screen exceptions• Creating file groups

Storage Reports

Storage reports provide information about file usage on a file server• Types of storage reports include:• Duplicate Files• File Screening Audit• Files by File Group, Owner, or Property• Folders by Property• Large Files• Quota Usage• Least and most recently accessed files

Classification Management

Classification management enables you to create and assign classification properties to files using an automated mechanism

Payroll.rptClassification Property

Classification Rule

IsConfidential

File Management Task

Classification Properties

A Classification Properties is a configurable value that can be assigned to a file

• Classification properties can be any of the following:• Yes/No• Date/Time• Number• Multiple choice list• Ordered list• String• Multi-String

Options for Storage Optimization in Windows Server 2012

Storage optimization features include:• File access auditing • Features on Demand• Data deduplication• NFS data stores

Implementing IPAM

What Is IPAM?

IPAM Architecture

Requirements for IPAM Implementation

Managing IP Addressing Using IPAM

IPAM Management and Monitoring• Considerations for Implementing IPAM

What Is IPAM?

IPAM facilitates IP management in organizations with complex networks by enabling administration and monitoring of DHCP and DNS

Managing IP Addressing Using IPAM

• IP address blocks• IP address ranges• IP addresses• IP inventory• IP address range groups

You can view and manage the IP address space using the following views:

• DNS and DHCP servers• DHCP scopes• DNS zone monitoring• Server groups

You can monitor the IP address space using the following views:

IPAM Management and Monitoring

With IPAM, you can:• Monitor IP address space utilization• Monitor DNS and DHCP health• Configure many DHCP properties and values from the IPAM

console• Use the event catalog to view a centralized repository for all

configuration changes

What Is iSCSI?

iSCSI transmits SCSI commands over IP networks

iSCSI client that runs the iSCSI Initiator

TCP/IP p

roto

col

iSCSI Target Server

Storage Array

iSCSI Target Server and iSCSI Initiator

Considerations for Implementing iSCSI Storage

• Deploy the solution on fast networks• Design a highly available network infrastructure for your iSCSI storage

solution.• Design an appropriate security strategy for the iSCSI storage solution• Follow the vendor-specific best practices for different types of

deployments• The iSCSI storage solution team must contain IT administrators from

different areas of specialization • Design application-specific iSCSI storage solutions together with

application specific administrators, such as Exchange Server and SQL Server administrators

Consider the following when designing your iSCSI storage solution:

Thank You! Back to Rinchen

Stick around for Raffle and Q&As

www.NetComLearning.com