Windows Server 2008 R2 Active Directory 3/28/2017 8:11 PM Windows Server 2008 R2 Active Directory Wolfgang Sauer Principal Consultant AddOn Systemhaus GmbH © 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Windows Server 2008 RTM Active Directory Funktionen AD DS auf Servercore Read Only Domain Controller AD Snapshot Mehrere Kennwort Richtlinien Restartable AD DS Attributsfeine Überwachung Policy Maker Integration GP Preferences
Windows Server 2008 R2 Active Directory DNS / DHCP Features Administrative Center Powershell Automation Best Practice Analyzer Papierkorb Managed Service Accounts Offline Domain Join DNS / DHCP Features DNS Blockliste, Replizierter Forwarder DHCP Link Layer Filter, Name Protection, …
Administrative Center Aufgabenorientiert, Flexible Filter Multi Domain, Multi Forest Gut geeignet für seeeehr große AD Formulare Extensions
Powershell Automation AD Powershell Provider über 70 Cmdlets wird beim "dcpromo" mit installiert über RSAT optional installierbar AD Powershell aufrufen alle Cmdlets auflisten Get-Command *-ad*
Powershell Automation Einfache Beispiele (Dejá Vu Exchange 2007) Hilfe Get-Help Get-ADUser [-full, -examples] Benutzer analysieren Get-ADUser hdampf Get-ADUser hdampf –Properties * Terminalserver Eigenschaften Get-ADUser hdampf –Properties UserParameters
Best Practices Analyzer Validiert "Best Practices" für Active Directory Zertifikatsdienste Remote Desktop Services DNS, IIS
Powershell Automation Administrative Center Best Practice Analyzer Demo Powershell Automation Administrative Center Best Practice Analyzer
AD DS Papierkorb Lebensdauer eines Objekts: bestimmt durch "Tombstone Lifetime" Forestweite Konfiguration 60 bzw. 180 Tage
Wiederherstellung Autorisierende Wiederherstellung 3/28/2017 8:11 PM Wiederherstellung Autorisierende Wiederherstellung DC in den DSRM booten Backup wiederherstellen Versionsnummer mit "ntdsutil" erhöhen Reanimierung des Tombstone Ldp oder 3rd Party Tools Attributsgewinnung durch AD Snapshot oder "Werding" (http://www.faq-o-matic.net/2007/08/25/werding-v2-english-version-online-data-recovery-for-active-directory/) © 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Lebensdauer eines Objekts Zwei Phasen "Deleted Object Lifetime" "Tombstone Lifetime"
Lebensdauer eines Objekts Objekte analysieren "deleted objects": OID: 1.2.840.113556.1.4.417 "recycled und deleted objects" OID: 1.2.840.113556.1.4.2064
Lebensdauer eines Objekts 180 Tage Live Object Tombstone Object Garbage collection Windows Server 2008 Returns Tombstones LDAP OID 1.2.840.113556.1.4.417 Windows Server 2008 R2 with Recycle Bin enabled (If not enabled, behavior is similar to Windows Server 2008) Returns Deleted LDAP OID 1.2.840.113556.1.4.2064 Returns Deleted and Recycled Live Object Deleted Object Recycled Object Garbage collection 180 Tage 180 Tage
Voraussetzungen und Nebenwirkungen AD Papierkorb erst wenn: alle Domänen Controller in der Gesamtstruktur auf Windows Server 2008 R2 umgestellt sind in den Gesamtstrukturfunktionsmodus "Windows Server 2008 R2" umgeschalten wurde Wenn der AD Papierkorb aktiviert ist können nur Objekte wiederhergestellt werden die sich in der "Deleted Object Lifetime" Phase befinden
Papierkorb Aktivieren Forestweiter Geltungsbereich und nicht reversibel Enable-ADOptionalFeature "Recycle Bin Feature" -Scope Forest –Target <forest> Get-ADOptionalFeature -Filter {Name –Like "*"}
Papierkorb aktiviert? Active Directory Recycle Bin, GUID 766ddcd8-acd0-445e-f3b9-a7f9b6744f2a
Managed Service Accounts Neuer AD Kontentyp automatisches Kennwort Management vereinfachtes SPN Management Verwaltung und Voraussetzung (noch?) nicht mit AD Benutzer & Computer mit Powershell New-ADServiceAccount –SAMAccountName <name> Install-ADServiceAccount –Identity <name> jeweils nur auf einem Computer verwendbar .Net Framework 3.5 (oder 3.5.1) RSAT AD Powershell
Managed Service Accounts verwaltet im AD für Service oder IIS Appl.pool Virtual Account Logon Name = "NT SERVICE\<svcname>"
Offline Domain Join "Domain Join" ohne Kontakt zum DC Computer werden im AD "prestaged" spart einen Reboot -> schnellere Bereitstellung massenweiser VMs PC Lieferant kann Rechner fertig vorinstallieren
AD DS Papierkorb Wiederherstellen gelöschter Objekte Demo AD DS Papierkorb Wiederherstellen gelöschter Objekte
Your MSDN resources check out these websites, blogs & more! 3/28/2017 8:11 PM Your MSDN resources check out these websites, blogs & more! Presentations TechDays: www.techdays.ch MSDN Events: http://www.microsoft.com/switzerland/msdn/de/presentationfinder.mspx MSDN Webcasts: http://www.microsoft.com/switzerland/msdn/de/finder/default.mspx MSDN Events MSDN Events: http://www.microsoft.com/switzerland/msdn/de/events/default.mspx Save the date: Tech•Ed 2009 Europe, 9-13 November 2009, Berlin MSDN Flash (our by weekly newsletter) Subscribe: http://www.microsoft.com/switzerland/msdn/de/flash.mspx MSDN Team Blog RSS: http://blogs.msdn.com/swiss_dpe_team/Default.aspx Developer User Groups & Communities Mobile Devices: http://www.pocketpc.ch/ Microsoft Solutions User Group Switzerland: www.msugs.ch .NET Managed User Group of Switzerland: www.dotmugs.ch FoxPro User Group Switzerland: www.fugs.ch © 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Your TechNet resources check out these websites, blogs & more! 3/28/2017 8:11 PM Your TechNet resources check out these websites, blogs & more! Presentations TechDays: www.techdays.ch TechNet Events TechNet Events: http://technet.microsoft.com/de-ch/bb291010.aspx Save the date: Tech•Ed 2009 Europe, 9-13 November 2009, Berlin TechNet Flash (our by weekly newsletter) Subscribe: http://technet.microsoft.com/de-ch/bb898852.aspx Schweizer IT Professional und TechNet Blog RSS: http://blogs.technet.com/chitpro-de/ IT Professional User Groups & Communities SwissITPro User Group: www.swissitpro.ch NT Anwendergruppe Schweiz: www.nt-ag.ch PASS (Professional Association for SQL Server): www.sqlpass.ch © 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Save the date for tech·days next year! 3/28/2017 8:11 PM Save the date for tech·days next year! 7. – 8. April 2010 Congress Center Basel © 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Premium Sponsoring Partners 3/28/2017 8:11 PM Premium Sponsoring Partners Classic Sponsoring Partners Media Partner © 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
3/28/2017 8:11 PM © 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.