Entries tagged with active directory - TechNet Edge

Cumplimiento NAP para DHCP

hektor — Mon, 26 Oct 2009 11:16:00 GMT

En el siguiente video, realizado por Javier Rama del Castillo (ingeniero de soporte de microsoft de nertworking), podréis ver una demostración del funcionamiento del cumplimiento de NAP para DHCP en un entorno basado en tres máquinas:
     ·    Un Controlador de dominio
      ·    Un servidor NPS y DHCP
      ·    Un equipo cliente.

Active Directory Recycle Bin (CZ)

Karel Florian (KFL) — Thu, 24 Sep 2009 07:31:00 GMT

Screencast vás seznámí s novou funkcionalitou Windows Serveru 2008 R2, tzv. odpadkovým košem pro Active Directory. Uvidíte, jak se koš používá a také metody obnovy objektů.

Autorem screncastu je Karel Florian.

Install and Configure Hosted BranchCache for Web Services - SRV311 Part 4 of 5

Kevin Remde — Fri, 11 Sep 2009 07:01:00 GMT

This is part 4 of a 5 part series of demos from the TechNet Webcast: How Windows Server 2008 R2 Affects Your IT Infrastructure.

BranchCache is a new capability available as a part of Windows Server 2008 R2 and Windows 7. BranchCache helps increase the network responsiveness of applications, giving users in remote offices an experience more like working in the head office. When accessing content stored on Windows Server 2008 R2, users in a branch office don't need to wait as long to download files from headquarters. When IT enables BranchCache, a copy of data accessed from an intranet website or a file server is cached locally within the branch office. When another user on the same network requests the file, the user gets access to the content almost immediately as it is downloaded from the local cache rather than over a limited bandwidth connection back to headquarters.

In this demonstration I configure and demonstrate the "Hosted Cache" option, and use it to cache content coming from a web server.

You'll find a complete list of and links to all of the demos, plus links to the webcast and related resources here:
http://blogs.technet.com/kevinremde/archive/2009/09/04/check-out-my-5-new-windows-server-2008-r2-screencasts.aspx

Administering Server Core - SRV311 Part 3 of 5

Kevin Remde — Tue, 08 Sep 2009 15:00:00 GMT

This is part 3 of a 5 part series of demos from the TechNet Webcast: How Windows Server 2008 R2 Affects Your IT Infrastructure.

This demo explores the Server Core installation option of Windows Server 2008 R2 and some useful, new options for configuring and administering an core installation of Windows Server 2008 R2.

You'll find a complete list of and links to all of the demos, plus links to the webcast and related resources here:
http://blogs.technet.com/kevinremde/archive/2009/09/04/check-out-my-5-new-windows-server-2008-r2-screencasts.aspx

Configuring Granular Password Settings - SRV311 Part 2 of 5

Kevin Remde — Mon, 07 Sep 2009 19:34:00 GMT

This is part 2 of a 5 part series of demos from the TechNet Webcast: How Windows Server 2008 R2 Affects Your IT Infrastructure.

In this demo we explore and demonstrate a new ability that came with Windows Server 2008 and is improved in Windows Server 2008 R2; the ability to set password policy settings at a more granular level than just one set of policies at the domain level.

You'll find a complete list of and links to all of the demos, plus links to the webcast and related resources here:
http://blogs.technet.com/kevinremde/archive/2009/09/04/check-out-my-5-new-windows-server-2008-r2-screencasts.aspx

Install and Configure Distributed BranchCache for File Services - SRV311 Part 5 of 5

Kevin Remde — Fri, 04 Sep 2009 19:37:00 GMT

This is part 5 of a 5 part series of demos from the TechNet Webcast: How Windows Server 2008 R2 Affects Your IT Infrastructure.

In this demonstration I configure and demonstrate the "Distributed Cache" option, and use it to cache content coming from a file server.

You'll find a complete list of and links to all of the demos, plus links to the webcast and related resources here:
http://blogs.technet.com/kevinremde/archive/2009/09/04/check-out-my-5-new-windows-server-2008-r2-screencasts.aspx

Exploring the Active Directory Administrative Center - SRV311 Part 1 of 5

Kevin Remde — Fri, 04 Sep 2009 13:49:00 GMT

This is part 1 of a 5 part series of demos from the TechNet Webcast: How Windows Server 2008 R2 Affects Your IT Infrastructure.

In this demo, we look at the new Active Directory Administrative Center tool.

You'll find a complete list of and links to all of the demos, plus links to the webcast and related resources here:
http://blogs.technet.com/kevinremde/archive/2009/09/04/check-out-my-5-new-windows-server-2008-r2-screencasts.aspx

WS2003: Záloha a obnova Active Directory (CZ)

Karel Florian (KFL) — Tue, 11 Aug 2009 13:00:00 GMT

Videoprůvodce se zaměřuje na problematiku zálohování a obnovy Active Directory v prostředí Windows Serveru 2003. Pokud tuto oblast nemáte prozkoumanou, vřele doporučujeme screencast shlédnout, protože v něm autor popisuje základní kroky pro zálohu a především pak obnovu doménové struktury.

Autorem screencastu je Jiří Hýzler (MVP).

WS2003: FSMO role v Active Directory (CZ)

Karel Florian (KFL) — Tue, 11 Aug 2009 12:28:00 GMT

Videoprůvodce rolemi FSMO v rámci Active Directory na Windows Serveru 2003 se zaměří na vysvětlení konceptu a zároveň i správě tohoto konceptu.

Autorem screencastu je Jiří Hýzler (MVP).

WS2008 R2: Delegované nasazení RODC (CZ)

Karel Florian (KFL) — Thu, 16 Jul 2009 09:59:00 GMT

Instruktážní video pro delegovanou, resp. předpřipravenou instalaci doménového řadiče pouze pro čtení (RODC) za situace, kdy administrátor připraví účet v AD a povolí lokálním uživateli na pobočce server povýšit na řadič.

Autorem screencastu je Martin Babarík.

Windows Server 2008 Active Directory Interop with Linux and OS X

Matt Hester — Thu, 16 Jul 2009 07:01:00 GMT

Do you have existing Linux workstations and servers? Are you buying Apple notebooks for your personnel? If so, then you're probably wondering how to secure and share information across your organization. Join us for a session that demonstrates how to authenticate and manage non-Windows operating systems. We'll explore Active Directory (AD) extensions, management tools, security, file sharing, desktop management and a number of other key challenges we all face on a daily basis. Get set for some great demonstrations and plenty of time for questions and answers.

Visit the Microsoft Interop homepage

WS2008 R2: Instalace Active Directory a RODC (CZ)

Karel Florian (KFL) — Fri, 10 Jul 2009 09:59:00 GMT

Instruktážní video pro instalaci Active Directory a především pak doménového řadiče pouze pro čtení (RODC), to vše z pohledu administrátora, který má přístup na oba servery.

Autorem screencastu je Martin Pavlis (MVP).

Active Directory Enhancements - Windows Server 2008 R2 Demo Screencast 4 of 4

Kevin Remde — Fri, 26 Jun 2009 16:01:00 GMT

This screencast demo is part 4 of a 4 part series of demos which were also a part of the TechNet Webcast: Windows Server 2008 R2 Technical Overview (Part 1 of 2).

In this fourth screencast I discuss and demonstrate new Active Directory functionality that comes with Windows Server 2008 R2 Active Directory Domain Services. I demonstrate the configuration of the "Recycle Bin" feature, and how to restore deleted objects that had been mistakenly deleted. I also take you on a brief tour through the new Active Directory Management Console.

You'll find a complete list of and links to all of the demos, plus links to the webcast and related resources here: http://blogs.technet.com/kevinremde/archive/2009/06/14/SRV306Screencasts.aspx

Interview with Laura E. Hunter (MVP) during Tech Ed 2009

Harold Wong — Wed, 24 Jun 2009 21:02:00 GMT

I was able to catch up with Laura E. Hunter (Directory Services MVP) at Tech Ed 2009 and asked her some questions like what does it mean to be an MVP, why do you choose to attend Tech Ed and "Geneva" (next iteration of Federation Services).

Aaron shares his Windows Server 2008 Experience

Kevin Remde — Thu, 09 Apr 2009 22:01:00 GMT

The other day I had a brief conversation with Aaron Gower. Aaron is the Network Administrator for Formula Boats. He agreed to let me record our conversation around how he managed to migrate his users from one domain to a new one, while moving to Windows Server 2008 Active Directory.

TechNet Webcast: Windows Server 2008 R2 für Administratoren (Video-Aufzeichnung von der CeBIT 2009)

Ralf M. Schnell — Thu, 09 Apr 2009 15:50:00 GMT

Windows Server 2008 R2 macht die Arbeit von Administratoren wesentlich einfacher. Dieser Vortrag bietet einen Überblick über die neuen Verwaltungs-Werkzeuge, u.a. PowerShell v2 mit der graphischen Konsole und neuen Namensräumen für Active Directory und Failover Clustering, die Active Directory Administrations-Konsole und den Server Manager.

Referent:
Ralf M. Schnell
Technical Evangelist, Microsoft Deutschland GmbH
http://blogs.technet.com/ralfschnell

TechNet Video: Active Directory-Administration (Windows Server 2008 R2 - Teil 1)

Ralf M. Schnell — Thu, 09 Apr 2009 12:03:00 GMT

Das Release 2 von Windows Server 2008 wird viele Neuerungen für den Administrator enthalten. Wir haben die Wünsche und Anregungen vieler Benutzer aufgegriffen und einige wichtige Änderungen und Ergänzungen der administrativen Konsolen umgesetzt. Das betrifft natürlich auch das Active Directory: hier gibt eine völlig neue Konsole, die speziell für tägliche administrative Aufgaben entwickelt wurde, und erstmals hat auch das Active Directory einen eigenen Papierkorb. Wir geben einen Überblick über die neuen Funktionen und zeigen an einigen Beispielen, wie sie praktisch eingesetzt werden können.

Referent:
Ralf M. Schnell
Technical Evangelist, Microsoft Deutschland GmbH
http://blogs.technet.com/ralfschnell

Video und Präsentation herunterladen

Screencast: How-To Configure the Central ADMX Store

johnbake — Wed, 04 Mar 2009 06:58:00 GMT

Microsoft Windows Vista and Windows Server 2008 introduce a new format for displaying registry-based policy settings. Registry-based policy settings (located under the Administrative Templates category in the Group Policy Object Editor) are defined using a standards-based, XML file format known as ADMX files. These new files replace legacy ADM files, which used their own proprietary markup language.

The Group Policy tools —Group Policy Object Editor and Group Policy Management Console—remain largely unchanged. In the majority of situations, you will not notice the presence of ADMX files during your day-to-day Group Policy administration tasks. Something to note however, the Group Policy tools will recognize ADMX files ONLY if you are using a Windows Vista–based or Windows Server 2008–based computer.

Unlike ADM files, ADMX files are not stored in individual GPOs. By default the ADMX files are stored locally in %systemroot%\policyDefinitions. For domain-based enterprises, administrators can create a central store location of ADMX files that is accessible by anyone with permission to create or edit GPOs.

This video demonstrates how to create the ADMX central store.

Active Directory Recycle Bin

Adam Bomb — Fri, 23 Jan 2009 08:01:00 GMT

Joey was there for me in a pinch when I went looking for something new to put up for today.
He was doing some work on a demo for Active Directory Recycle Bin, and he showed me what he's working on.
The new Recycle Bin functionality in Server 2008 R2 is really cool - you can actually undelete objects, and all their attributes are restored as if the object never went away - no requirement to rejoin the domain for computer objects, for example.
The feature is all implemented in PowerShell, so Joey also gives us a sneak peek at the new PowerShell GUI.

Active Directory Group Policy Object (GPO) Delegation and Approval Workflow With AGPM 3.0 in MDOP 2008 R2

yung — Mon, 01 Dec 2008 08:01:00 GMT

In the TechNet Webcast: Microsoft Solutions for Windows Vista Management (Level 300), I will demo a number of capabilities includnig Microsoft Advanced Group Policy Management (AGPM) 3.0 for managing Vista desktops and Windows environment in general. AGPM 3.0 is one of the 5 components in Microsoft Desktop Optimization Pack for Software Assurance (MDOP) 2008 R2. AGPM enables the change-approval workflow of Group Policy Objects (GPOs) and is something I thought worth a special introduction here. Meanwhile I am also developing a screencast and will publish it here soon.

AGPM is to help customers better manage GPOs, particularly those with complex information technology (IT) environments. A robust delegation model, role-based administration, and change-request approval provide granular administrative control as described in the overview whitepaper and shown below.

For example, you can delegate Reviewer, Editor, and Approver roles to other administrators — even administrators who do not have access to production GPOs. The Editor role can edit GPOs but not deploy them; the Approver role can deploy GPO changes. AGPM also helps reduce the risk of widespread failures. You can use AGPM to edit GPOs offline, outside of the production environment, and then audit changes and easily find differences between GPO versions. In addition, AGPM supports effective change control by providing version tracking, history capture, and quick rollback of deployed GPO changes. It also supports a management workflow by allowing you to create GPO template libraries and send GPO change e-mail notifications. Step-by-Step and Operations Guides of AGM 3.0 are also readily available.

For those who are interested in finding more, MDOP 2008 R2 was RTM in September of 2008. Here are demos, more demos, and FAQ. Subscribers can download MDOP 2008 R2 from the TechNet and MSDN subscription sites. The availability of the components is as follows through Microsoft Volume Licensing Service (MVLS):

The official MDOP blog is the channel to get the latest.

Server 2008 - AD Backup and Restore PM interview

David Tesar — Fri, 11 Apr 2008 06:59:00 GMT

I met up with Stephanie Cheung, the program manager for active directory backup and recovery and we discuss:

What restartable AD is and when it is appropriate to use it
- Good for usage when you want to recover deleted objects without rebooting
- Bad for when you need to do a "bare metal" restore or have database corruption
Thoughts around when to do a "Dcpromo /forceremoval" versus restoring from backup. This includes discussion of restoring using install from media (IFM) and IFM for an RODC.
What the database mounting tool (DMT - old name "snapshot" tool) does and some ideas on what we're going to do to make recovery of deleted objects easier using DMT.
A best practice around preventing deletion of objects in AD (including the new "Protect object from accidental deletion" checkbox for objects).
Future thoughts for AD backup and restore, such as reducing forest recovery time
General disaster recovery tips

Active Directory Database Mounting Tool Screencast

Joey Snow — Fri, 07 Mar 2008 07:59:00 GMT

Corey Hynes a Microsoft MVP has provided us with a six minute screencast demonstrating the new Active Directory Database Mounting technology in Windows Server 2008. In this screencast he demonstrates how to create a snapshot and connect and browse the snapshot in Active Directory Users and Computers. For more details on the AD Database Mounting Tool, head over to TechNet.

Windows Server 2008 - Active Directory Auditing Enhancements

David Tesar — Thu, 29 Nov 2007 01:00:00 GMT

I hope this post will act as a good reference point to be able to quickly understand the good and bad about new AD auditing enhancements and then enable you to dive deeper at will using the links in this article.

There’s nothing more exciting than auditing right? Well, check this out and hopefully it will spark some interest.

In Windows Server 2003 R2 and prior, the auditing of active directory certainly has not been a strong point. You would enable or disable global AD auditing for success or failures, set a SACL on the objects you wanted to monitor, and then typically one or both of the following would happen:

Your security event log fills up with way more security events than you’d ever hoped for, possibly wrapping or ballooning the size of the security log.
Auditing doesn’t actually provide enough information for you to make any use of the events which are recorded in the security event log. i.e. it only says who was successful at modifying the object, but nothing on the details of the value(s) which were changed.

In Server 2008, we are on a good path to fix this pain. Some of the key improvements to AD auditing are as follows:

You can limit the number of attributes which are audited for object types. For instance, you only want to know if the Employee’s Pay Level attribute is modified for all user accounts and nothing else.
Auditing is now broken into four categories: Access (same as 2000/2003), Changes, Replication, and Detailed Replication. The most interesting come from the new changes category:
- AD DS logs the previous and current values of the attribute. If the attribute has more than one value, only the values that change as a result of the modify operation are logged.
- If a new object is created, values of the attributes that are populated at the time of creation are logged.
- If an object is moved, the previous and new location (distinguished name) is logged for moves within the domain. When an object is moved to a different domain, a create event is generated on the domain controller in the target domain.
- If an object is undeleted, the location where the object is moved to is logged.

What are the downfalls?

You have to modify the schema in order to limit the number of attributes which are audited per object type. This isn’t really difficult, but it would be nice if there were some friendlier type way to do it.
You cannot view or modify the audit policy subcategories with the Local Group Policy Editor (GPedit.msc). You can only do this with the command-line tool Auditpol.exe.
As far as I can tell, you can’t limit auditing to different specific attributes for a subset of the same type of object. For instance, you would like to audit attributes X, Y, Z for all admin user accounts, but only attribute X for all regular user accounts. Of course you have some control over this with your SACLs…

Get Started:

Windows Server 2008 Auditing AD DS Changes Step-by-Step Guide
TechNet - AD DS: Auditing
Windows Networking Site AD enhancements overview
MS Directory Services Team Blog Post on WS08 Auditing Enhancements

Microsoft IT Active Directory Interview with Brian Puhl

David Tesar — Wed, 28 Nov 2007 00:00:00 GMT

We sat down with Brian Puhl who has been working for Microsoft IT (MSIT) on the deployment, maintenance, planning of their active directory infrastructure since around Windows Server 2000. Learn about how Microsoft does AD from the source and also the projects they're working on. A seamless experience for your corporate users inside the corporate network and out on the internet, without using a VPN? Smartcard login/authentication for all MS employees? Average of 1 Schema change every 4 months?

Ulf B. on AD

Adam Bomb — Tue, 20 Nov 2007 22:42:00 GMT

While attending TechEd IT Forum in Barcelona, I was introduced to Ulf B. Simon-Weidner, an MVP for Active Directory based in Germany. He was presenting at IT Forum this year, so I grabbed a few minutes of his time to talk about what's new in AD in Server 2008, and some of his experiences as an AD consultant.
(note to self: remember to turn off my mobile phone before beginning the interview next time)