Post on 20-Aug-2015
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
TechNet goes virtual
Migrating Windows XP to Windows 7: Get it done using Microsoft Deployment Tools
Harold WongIT Pro Evangelist
Microsoft Corporationblogs.technet.com/haroldwong
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
Event Schedule
• 8:30am – Introduction and Welcome
• 8:45am – Session 1: Migrating Windows XP to Windows 7: Get it done using Microsoft Deployment Tools
– 9:40 – Break
• 9:55 – Session 2: Securing Windows 7 in a Windows Server 2008 R2 Environment– 10:40 – Break
• 10:55 – Session 3: New Features in Windows Server 2008 R2 Directory Services– Drawing
• Afternoon MSDN will be here so stick around if you can
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
TechNet goes virtual
Migrating Windows XP to Windows 7:
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
Agenda
• Windows Easy Transfer• Deployment Tools• Using USMT Hard-link Migration• Summary of Deployment Solutions
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
Windows Easy Transfer
• Easily Move Files and Settings• Supports Windows 2000, Windows XP and
Windows Vista
• Transfer done with:– Cable– USB Drive– Between Computers in a Network
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
Windows Easy Transfer
Demo
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
Deployment Tools
• Automated Installation Toolkit (AIK)• User State Migration Tool (USMT)• Microsoft Deployment Toolkit (MDT 2010)
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
Automated Installation Toolkit (AIK)
• Windows System Image Manager (WSIM)• ImageX • Deployment Image Servicing and Management
(DISM) • Windows Preinstallation Environment (WinPE) • User State Migration Tool (USMT)
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
User State Migration Tool
• Migrates Files and Settings• Computer Replacement and Computer Refresh
Migrations• Scriptable• Hard-Link Migration Store• Benefits and Limitations
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
Microsoft Deployment Toolkit 2010
• Unified tools and processes • Reduced deployment time• “Lite-touch” deployments leveraging Windows
deployment tools• “Zero-touch” deployments leveraging System
Center Configuration Manager 2007 and Windows deployment tools.
• Support for Windows 7, Windows Server R2
.
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
Destination ComputerRun LoadState on new Widows 7 platform and restores Windows Vista user state from shared folder on Windows 7 Client
Source ComputerRun ScanState and copies user state to shared folder on Windows 7 Client
Client Migration Store – AIK and USMT
Destination ComputerRun LoadState on new Windows 7 platform and restores Windows XP user state from shared folder on Windows 7 Client
Connected to WORKGROUP
Source ComputerRun ScanState and copies user state to shared folder on Windows 7 Client
“Lite-Touch” High-Volume Deployment
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
“Lite-Touch” High-Volume Deployment using the User State Migration Tool’s (USMT) Scanstate and Loadstate
Demo
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
“Zero-Touch” High-Volume Deployment
Destination ComputerUse Log-on Script, batch file or non-Microsoft technology to run LoadState on new Windows 7 platform and restores Windows Vista user state from server
Source ComputerUse Log-on Script, batch file or non-Microsoft technology to run ScanState and copies user state to network server
Source ComputerUse Log-on Script, batch file or non-Microsoft technology to run ScanState and copies user state to network server
Migration Store Server
Destination ComputerUse Log-on Script, batch file or non-Microsoft technology to run LoadState on new Windows 7 platform and restores Windows XP user state from server
Decommission
Source ComputerUse Log-on Script, batch file or non-Microsoft technology to run ScanState and copies user state to network server
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
Summary of Deployment SolutionsHigh-Touch with
Retail MediaHigh-Touch with Standard
Imaging
Lite-Touch, High Volume Deployment
Zero-Touch, High Volume Deployment
IT Skill Level IT Generalist IT Pro IT Pro with WDS IT Pro with SCCM Experience
Windows Licensing Retail Retail and Software Assurance Software Assurance Enterprise Agreement
Number ofClient Computers <100 100-200 200-500 >500
Infrastructure Small Unmanaged MediumStandardized
Managed Network Enterprise Network + SCCM
Application Support
Manually Manually and LOB customizations
Automatically and LOB
Automatically using SCCM
User interaction Manual Hands-on Manual Hands-on
Limited Interaction Fully Automated
Tools AIK, Easy Transfer <25
AIK, MDT, ACT AIK,MDT ACT, MAPT,WDS
AIK,MDT,ACT,MAPT,WDS, SCCM
Slide 14
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
Summary
• Many Deployment Tools and options for all scenarios from a single PC to 1,000s
• Easy Transfer makes it simple to move user data
• New Hard-link Migration Option in USMT
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
TechNet Plus Direct Subscription
• The ultimate resource for IT professionals. TechNet Plus provides convenient access to full-version Microsoft evaluation software—without time limits! The annual subscription also includes Professional Support incidents, a technical information library, and many other resources for evaluating, deploying, and maintaining Microsoft software.
• Microsoft software licensed for evaluation purposes. • Beta software. • Professional Support Incidents. • Managed Newsgroup Support. • Technical resources for Microsoft products.. • Microsoft eLearning courses. • Online Concierge Chat.
• Want a 25% Discount on a new Subscription?
• Use Discount Code TMSAM04
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
IT Pro Momentum Invitation
• A Microsoft program focused on supporting “early adopters” – IT professionals who bet on the newest technologies to drive business value for their companies and advance in their careers
• Are you?– Interested in learning more about the newest Microsoft technologies?– Need help to evaluate different Microsoft products and features? – Willing to test and pilot in production Microsoft beta products?– Would like to have access to exclusive forums and Microsoft product support?– Want to share your early adoption experience with the IT Pro community world-
wide?
• If you answered ‘yes’ for all the questions above, IT Pro Momentum can help!
• Send email with “Add to Momentum” in the subject– Harold.wong@microsoft.com
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
Momentum 2009 ProductsTrack Technology 2009
Client Infrastructure
IE8 √
Windows 7 √
Windows Mobile 7 √
Server Infrastructure
Windows Server 2008 √
SQL Server 2008 √
Forefront Stirling √
Powershell √
VirtualizationHyper-V √
SCVMM √
Web InfrastructureIIS 7 √
Sharepoint on the Web √
HPC HPC Server 2008 √
Collaboration & Connectivity
OCS 14 √
Exchange 2010 √
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
Resources for Windows 7 Deployment
Windows 7 Deployment Guide• http://technet.microsoft.com/en-us/library/
dd349337(WS.10).aspx
Microsoft Deployment Toolkit 2010• https://connect.microsoft.com/content/cont
ent.aspx?ContentID=12463&SiteID=14
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
TechNet goes virtual
Break Time: 15 minutes
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
TechNet goes virtual
Securing Windows® 7 in a Windows Server® 2008 R2 Environment
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
What Will We Cover?
• Better Together• User Interface Improvements• DirectAccess and Terminal Services
Gateway• Health Policies
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
Agenda
• Reviewing Network Access Protection• Examining Deployment
Improvements• Exploring Configuration and
Management• Viewing Network Access Protection
Integration Improvements
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
Business and Technical Benefits
Reduce the risk of network security threats
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
Business and Technical Benefits
Reduce the risk of network security threats
Safeguard sensitive data and intellectual property
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
Business and Technical Benefits
Reduce the risk of network security threats
Safeguard sensitive data and intellectual property
Extend the value of existing investments
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
1
RemediationServersExample: Patch
Network Access Protection
RestrictedNetwork
1
WindowsClient NPS
DHCP, VPNSwitch/Router
Policy Serverssuch as: Patch, AV
Corporate Network
Client requests access to network and presents current health state
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
RemediationServersExample: Patch
Network Access Protection
RestrictedNetwork
1
WindowsClient
2
DHCP, VPN or Switch/Router relays health status to Microsoft Network Policy Server (RADIUS)
NPSDHCP, VPNSwitch/Router
Policy Serverssuch as: Patch, AV
Corporate Network
2
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
RemediationServersExample: Patch
Network Access Protection
RestrictedNetwork
1
WindowsClient
2
3
NPSDHCP, VPNSwitch/Router
Policy Serverssuch as: Patch, AV
Corporate Network
3Network Policy Server (NPS) validates against IT-defined health policy
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
RemediationServersExample: Patch
Network Access Protection
RestrictedNetwork
1
WindowsClient
2
3
Not policy compliant
NPSDHCP, VPNSwitch/Router
4
Policy Serverssuch as: Patch, AV
Corporate Network
4If not policy compliant, client is put in a restricted VLAN and given access to fix up resources to download patches, configurations, signatures (Repeat 1-4)
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
RemediationServersExample: Patch
Network Access Protection
RestrictedNetwork
1
WindowsClient
2
3
Not policy compliant
Policy compliant
NPSDHCP, VPNSwitch/Router
4
Policy Serverssuch as: Patch, AV
Corporate Network5
5If policy compliant, client is granted full access to corporate network
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
TechNet goes virtual
Demonstration: Configuring NAP
• Configure PKI• Install NAP• Configure Basics
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
Agenda
• Reviewing Network Access Protection• Examining Deployment
Improvements• Exploring Configuration and
Management• Viewing Network Access Protection
Integration Improvements
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
NPS Updates
• NPS Templates• Network Policy Server• Logging Improvements• UTF-8
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
Agenda
• Reviewing Network Access Protection• Examining Deployment
Improvements• Exploring Configuration and
Management• Viewing Network Access Protection
Integration Improvements
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
Multiple SHV Policy
• A single server can now enforce a number of different health policies using a single system health validator (SHV)– Requires SHV updates for
Windows Server 2008 R2
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
New NAP Client User Interface
• Messaging Integration with Action Center Tray Icon
• Integration with Windows 7 Action Center
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
Agenda
• Reviewing Network Access Protection• Examining Deployment
Improvements• Exploring Configuration and
Management• Viewing Network Access Protection
Integration Improvements
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
Integration Improvements
Microsoft Confidential
Remote Desktop Gateway
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
Integration Improvements
Microsoft Confidential
Remote Desktop Gateway
DirectAccess
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
Integration Improvements
Microsoft Confidential
Remote Desktop Gateway
DirectAccess
Microsoft® Forefront™ code name Stirling
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
DirectAccess Technical Details
IPv6 Devices
IPv4 Devices
DirectAccessServer
Windows 7 Client
IPv6 Transition Services
Supports variety of remote network
protocols
IPSec encryption and authentication. 2
Tunnels are established -
DirectAccess Server acts as gateway
IT desktop management
Internet
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
DirectAccess Technical Details
IPv6 Devices
IPv4 Devices
DirectAccessServer
Windows 7 Client
IPv6 Transition Services
Supports variety of remote network
protocols
IPSec encryption and authentication. 2
Tunnels are established -
DirectAccess Server acts as gateway
IT desktop management
Internet
AD Group Policy, NAP, software
updates
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
DirectAccess Technical Details
IPv6 Devices
IPv4 Devices
DirectAccessServer
Windows 7 Client
Native IPv6 with IPSec
IPv6 Transition Services
Supports variety of remote network
protocols
IPSec encryption and authentication. 2
Tunnels are established -
DirectAccess Server acts as gateway
Direct connectivity to
IPv6-based Intranet
resources
IT desktop management
Internet
AD Group Policy, NAP, software
updates
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
DirectAccess Technical Details
IPv6 Devices
IPv4 Devices
DirectAccessServer
Windows 7 Client
Native IPv6 with IPSec
IPv6 Transition Services
Supports variety of remote network
protocols
IPSec encryption and authentication. 2
Tunnels are established -
DirectAccess Server acts as gateway
Direct connectivity to
IPv6-based Intranet
resources Support IPv4 via 6to4 transition
services or NAT-PTIT desktop management
Internet
AD Group Policy, NAP, software
updates
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
TechNet goes virtual
Demonstration: Direct Access - End User Experience
• DirectAccess
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
Session Summary
• Better Together• User Interface Improvements• DirectAccess and Terminal Services
Gateway• Health Policies
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
TechNet goes virtual
Break Time: 15 minutes
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
TechNet goes virtual
Active Directory Domain Services in Windows Server 2008 R2 Technical Overview
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
What Will We Cover?
• Identity Management and Simplified Management Capabilities
• Improved Management of User Accounts
• Enhanced Windows Management Deployments
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
What Will We Cover?
• Identity Management and Simplified Management Capabilities
• Improved Management of User Accounts
• Enhanced Windows Management Deployments
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
Agenda
• Active Directory Overview • Active Directory Management • Managing Active Directory
Deployments• Identity and Access Management
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
Solutions That Address IT Pro Challenges
New Windows PowerShell cmdletsConsole Enhancements
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
Solutions That Address IT Pro Challenges
New Windows PowerShell cmdletsConsole Enhancements
Task-OrientedBetter Management
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
Solutions That Address IT Pro Challenges
New Windows PowerShell cmdletsConsole Enhancements
Task-OrientedBetter Management
Analyzers Expanded to All Core Windows Server 2008 R2 Roles
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
Solutions That Address IT Pro Challenges
Windows Server 2008 R2 Forest Functional Level
New Windows PowerShell cmdletsConsole Enhancements
Task-OrientedBetter Management
Deals with Accidental Object DeletionDeals with Mapping of Various PropertiesDeals with Pre-Provisioning of Computer AccountsDeals with Managed Service AccountsAnalyzers Expanded
to All Core Windows Server 2008 R2 Roles
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
Agenda
• Active Directory Overview • Active Directory Management• Managing Active Directory
Deployments• Identity and Access Management
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
Active Directory Administrative Center
Customizable GUI
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
Active Directory Administrative Center
Customizable GUI
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
Active Directory Administrative Center
Customizable GUI
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
Demonstration Environment
Internal Network192.168.16.0
`
SEA-WRK-001192.168.16.5Windows 7
SEA-DC-01192.168.16.2
Windows Server 2008 R2
`
SEA-WRK-002192.168.16.6Windows 7
SEA-CS-01192.168.16.3
Windows Server 2008 R2
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
• Create an Organizational Unit
• Create a User• Create a New Group and
Add a User
Demonstration: Creating Objects Using Active Directory Administrative Center
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
Active Directory Recycle Bin
Reduces Downtime and EffortAD Objects Are PreservedFunctional for AD DS and AD LDSUse LDP.exe or Windows PowerShell Cmdlets
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
Active Directory Recycle Bin—Notes
Setup RequirementsAdprep must be used for Windows Server 2003 and Windows Server 2008 forestAll domain controllers in your Active Directory forest are running Windows Server 2008 R2Raise the functional level of your Active Directory forest to Windows Server 2008 R2
Reduces Downtime and EffortAD Objects Are PreservedFunctional for AD DS and AD LDSUse LDP.exe or Windows PowerShell Cmdlets
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
Active Directory Recycle Bin—Notes
Setup RequirementsAdprep must be used for Windows Server 2003 and Windows Server 2008 forestAll domain controllers in your Active Directory forest are running Windows Server 2008 R2Raise the functional level of your Active Directory forest to Windows Server 2008 R2
In this release, the process of enabling Active Directory Recycle Bin is irreversible. After you enable Active Directory Recycle Bin in your environment, you cannot disable it.
Reduces Downtime and EffortAD Objects Are PreservedFunctional for AD DS and AD LDSUse LDP.exe or Windows PowerShell Cmdlets
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
• Enable Active Directory Recycle Bin
• View Objects That Are in the Deleted Objects Container
• Restore Deleted Objects
Demonstration: Working with the Active Directory Recycle Bin
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
Agenda
• Active Directory Overview • Active Directory Management • Managing Active Directory
Deployments• Identity and Access Management
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
Best Practices Analyzer
BPA Run Time
1
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
Best Practices Analyzer
BPA Run Time
AD DS BPA Windows PowerShell
Script
1
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
AD DS BPA scans verify:DNS rulesOperation master connectivity rulesOperation master ownership rulesNumber of controllers in the domainRequired services rulesReplication configurations rulesW32time configuration rulesVirtual machine configuration rules
Best Practices Analyzer
BPA Run Time
AD DS BPA Windows PowerShell
Script
1
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
Best Practices Analyzer—Notes
AD DS BPA scans verify:DNS rulesOperation master connectivity rulesOperation master ownership rulesNumber of controllers in the domainRequired services rulesReplication configurations rulesW32time configuration rulesVirtual machine configuration rules
BPA Run Time
AD DS BPA Windows PowerShell
Script
BPA Run Time
Document
Schema
1
2
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
Best Practices Analyzer—Notes
AD DS BPA scans verify:DNS rulesOperation master connectivity rulesOperation master ownership rulesNumber of controllers in the domainRequired services rulesReplication configurations rulesW32time configuration rulesVirtual machine configuration rules
BPA Run Time
AD DS BPA Windows PowerShell
Script
AD DS BPARules Set
BPA Run Time
BPA Run Time
Document
Schema
1
2
3
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
Best Practices Analyzer—Notes
AD DS BPA scans verify:DNS rulesOperation master connectivity rulesOperation master ownership rulesNumber of controllers in the domainRequired services rulesReplication configurations rulesW32time configuration rulesVirtual machine configuration rules
BPA Run Time
AD DS BPA Windows PowerShell
Script
AD DS BPAGuidance
AD DS BPARules Set
BPA Run Time
BPA Run TimeAD DS BPA
Report
Document
Schema
1
2
3
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
Agenda
• Active Directory Overview • Active Directory Management • Managing Active Directory
Deployments• Identity and Access Management
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
Offline Domain Join
Reduces time and effort for large-scale deploymentsEstablishes trust between operating system and Active Directory Domain
Djoin.exe
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
Offline Domain Join
Reduces time and effort for large-scale deploymentsEstablishes trust between operating system and Active Directory Domain
Djoin.exe
Advantages
AD state changes are completed without network traffic to the computerComputer state changes are completed without any network traffic to a domain controllerEach change can be completed at different times
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
Offline Domain Join —Notes
Run on Windows® 7 or Windows Server 2008 R2Must have user rights to join workstation to the domainDefaults target domain controller running a version of Windows Server 2008 R2
Special Considerations
Reduces time and effort for large-scale deploymentsEstablishes trust between operating system and Active Directory Domain
Djoin.exe
Advantages
AD state changes are completed without network traffic to the computerComputer state changes are completed without any network traffic to a domain controllerEach change can be completed at different times
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
• Perform an Offline Domain Join
Demonstration: Using Offline Domain Join
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
Management of Service Accounts
Domain-Based Service Accounts Managed by ADEnhanced Security
Less Disruption of ServiceReduce Recurrent Administrative Tasks
SQL IIS
Local Accounts
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
Management of Service Accounts
Domain-Based Service Accounts Managed by ADEnhanced Security
Less Disruption of ServiceReduce Recurrent Administrative Tasks
SQL IIS
Managed ServiceAccount
Local Accounts
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
Management of Service Accounts
Domain-Based Service Accounts Managed by ADEnhanced Security
Less Disruption of ServiceReduce Recurrent Administrative Tasks
SQL IIS
Managed ServiceAccount
Local Accounts
Virtual Accounts
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
Management of Service Accounts
Domain-Based Service Accounts Managed by ADEnhanced Security
Less Disruption of ServiceReduce Recurrent Administrative Tasks
Administrative BenefitsCreate class domain accountsAccounts are now reset automaticallySPN management tasks are not completedCan be delegated to non-administrators
SQL IIS
Managed ServiceAccount
Local Accounts
Virtual Accounts
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
Session Summary
• Active Directory Domain Services improves management capabilities that automate Active Directory tasks
• The new Active Directory Administrative Console and Windows PowerShell module allow for flexible discovery and output
• Use and implement the new features of Windows Server 2008 R2 Domain Services