Rand Morimoto, Ph.D., MCITP

Michael Noel, MVF? MCITP

Omar Droubi, MCSE

Ross Mistry, MVF? MCITP

Chris Amaris, MCSE, CISSP

Technical Edit by Guy Yardeni

Windows Server

2008 R2

U

800 East 96th Street, Indianapolis, Indiana 46240 USA

Table of Contents

Introduction 1

Part I Windows Server 2008 R2 Overview

1 Windows Server 2008 R2 Technology Primer 5

Windows Server 2008 R2 Defined 5

When Is the Right Time to Migrate? 10

Versions of Windows Server 2008 R2 12

What's New and What's the Same About Windows Server 2008 R2? 16

Changes in Active Directory 20

Windows Server 2008 R2 Benefits for Administration 22

Improvements in Security in Windows Server 2008 R2 26

Improvements in Mobile Computing in Windows Server 2008 R2 28

Improvements in Windows Server 2008 R2 for Better Branch Office

Support 30

Improvements for Thin Client Remote Desktop Services 33

Improvements in Clustering and Storage Area Network Support 37

Addition of Migration Tools 38

Improvements in Server Roles in Windows Server 2008 R2 40

Identifying Which Windows Server 2008 R2 Service to Install or

Migrate to First 43

Summary 46

Best Practices 47

2 Planning, Prototyping, Migrating, and Deploying Windows Server

2008 R2 Best Practices 49

Determining the Scope of Your Project 50

Identifying the Business Goals and Objectives to Implement Windows

Server 2008 R2 SO

Identifying the Technical Goals and Objectives to Implement Windows

Server 2008 R2 53

The Discovery Phase: Understanding the Existing Environment 59

The Design Phase: Documenting the Vision and the Plan 63

The Migration Planning Phase: Documenting the Process for

Migration 67

The Prototype Phase: Creating and Testing the Plan 73

vi Windows Server 2008 R2 Unleashed

The Pilot Phase: Validating the Plan to a Limited Number of Users 75

The Migration/Implementation Phase: Conducting the Migrationor Installation 78

Summary 79

Best Practices 80

3 Installing Windows Server 2008 R2 and Server Core 83

Preplanning and Preparing a Server Installation 83

Installing a Clean Version of Windows Server 2008 R2 Operating

System 89

Upgrading to Windows Server 2008 R2 98

Understanding Server Core Installation 103

Managing and Configuring a Server Core Installation 105

Performing an Unattended Windows Server 2008 R2 Installation 111

Summary 111

Best Practices 112

Part II Windows Server 2008 R2 Active Directory

4 Active Directory Domain Services Primer 113

Examining the Evolution of Directory Services 114

Understanding the Development of AD DS 115

Examining AD DS's Structure 116

Outlining AD DS's Components 119

Understanding Domain Trusts 124

Defining Organizational Units 126

Outlining the Role of Groups in an AD DS Environment 127

Explaining AD DS Replication 129

Outlining the Role of DNS in AD DS 131

Outlining AD DS Security 133

Outlining AD DS Changes in Windows Server 2008 R2 134

Summary 146

Best Practices 146

5 Designing a Windows Server 2008 R2 Active Directory 149

Understanding AD DS Domain Design 149

Choosing a Domain Namespace 151

Examining Domain Design Features 153

Choosing a Domain Structure 154

Understanding the Single Domain Model 155

Contents vii

Understanding the Multiple Domain Model 157

Understanding the Multiple Trees in a Single Forest Model 160

Understanding the Federated Forests Design Model 162

Understanding the Empty-Root Domain Model 165

Understanding the Placeholder Domain Model 167

Understanding the Special-Purpose Domain Design Model 169

Renaming an AD DS Domain 170

Summary 173

Best Practices 173

6 Designing Organizational Unit and Group Structure 175

Defining Organizational Units in AD DS 176

Defining AD Groups 178

Examining OU and Group Design 182

Starting an OU Design 182

Using OUs to Delegate Administration 184

Group Policies and OU Design 186

Understanding Group Design 186

Exploring Sample Design Models 188

Summary 193

Best Practices 193

7 Active Directory Infrastructure 195

Understanding AD DS Replication in Depth 195

Understanding Active Directory Sites 200

Planning Replication Topology 207

Outlining Windows Server 2008 R2 IPv6 Support 213

Detailing Real-World Replication Designs 216

Deploying Read-Only Domain Controllers (RODCs) 220

Summary 224

Best Practices 225

8 Creating Federated Forests and Lightweight Directories 227

Keeping a Distributed Environment in Sync 227

Active Directory Federation Services 232

Synchronizing Directory Information with Forefront Identity

Manager (FIM) 236

Harnessing the Power and Potential of FIM 240

Summary 243

Best Practices 243

viii Windows Server 2008 R2 Unleashed

9 Integrating Active Directory in a UNIX Environment 245

Understanding and Using Windows Server 2008 R2 UNIX Integration

Components 245

Reviewing the Subsystem for UNIX-Based Applications (SUA) 252

Understanding the Identity Management for UNIX Components 253

Administrative Improvements with Windows Server 2008 R2 256

Summary 258

Best Practices 258

Part III Networking Services

10 Domain Name System and IPv6 259

Understanding the Need for DNS 260

Getting Started with DNS on Windows Server 2008 R2 263

Resource Records 266

Understanding DNS Zones 270

Performing Zone Transfers 274

Understanding DNS Queries 276

Other DNS Components 278

Understanding the Evolution of Microsoft DNS 285

DNS in Windows Server 2008 R2 286

DNS in an Active Directory Domain Services Environment 288

Troubleshooting DNS 292

IPv6 Introduction 297

How to Configure IPv6 on Windows Server 2008 R2 311

Secure DNS with DNSSEC 316

Summary 323

Best Practices 323

11 DHCP/WINS/Domain Controllers 325

Understanding the Key Components of an Enterprise Network 326

Exploring the Dynamic Host Configuration Protocol (DHCP) 328

Exploring DHCP Changes in Windows Server 2008 R2 336

Enhancing DHCP Reliability 345

Implementing Redundant DHCP Services 350

Exploring Advanced DHCP Concepts 358

Securing DHCP 359

Reviewing the Windows Internet Naming Service (WINS) 361

Installing and Configuring WINS 364

Planning, Migrating, and Maintaining WINS 368

Exploring Global Catalog Domain Controller Placement 370

Summary 374

Best Practices 374

Contents ix

12 Internet Information Services 377

Understanding Internet Information Services (IIS) 7.5 377

Planning and Designing Internet Information Services 7.5 382

Installing and Upgrading IIS 7.5 383

Installing and Configuring Websites 389

Installing and Configuring FTP Services 397

Securing Internet Information Services 7.5 407

Summary 416

Best Practices 417

Part IV Security

13 Server-Level Security 419

Defining Windows Server 2008 R2 Security 419

Deploying Physical Security 420

Using the Integrated Windows Firewall with Advanced Security 424

Hardening Server Security 427

Examining File-Level Security 429

Additional Security Mechanisms 433

Using Windows Server Update Services 434

Summary 440

Best Practices 440

14 Transport-Level Security 441

Introduction to Transport-Level Security in Windows Server 2008 R2 442

Deploying a Public Key Infrastructure with Windows Server 2008 R2 443

Understanding Active Directory Certificate Services (AD CS) in

Windows Server 2008 R2 444

Active Directory Rights Management Services 451

Using IPSec Encryption with Windows Server 2008 R2 454

Summary 456

Best Practices 456

15 Security Policies, Network Policy Server, and Network Access Protection 459

Understanding Network Access Protection (NAP) in

Windows Server 2008 R2 459

Deploying a Windows Server 2008 R2 Network Policy Server 462

Enforcing Policy Settings with a Network Policy Server 465

Deploying and Enforcing a Virtual Private Network (VPN)

Using an RRAS Server 473

Summary 480

Best Practices 481

X Windows Server 2008 R2 Unleashed

Part V Migrating to Windows Server 2008 R2

16 Migrating from Windows Server 2003/2008 to Windows

Server 2008 R2 483

Beginning the Migration Process 484

Big Bang Migration 487

Phased Migration 491

Multiple Domain Consolidation Migration 505

Summary 522

Best Practices 523

17 Compatibility Testing 525

The Importance of Compatibility Testing 526

Preparing for Compatibility Testing 527

Researching Products and Applications 534

Verifying Compatibility with Vendors 537

Microsoft Assessment and Planning (MAP) Toolkit 542

Lab-Testing Existing Applications 543

Documenting the Results of the Compatibility Testing 546

Determining Whether a Prototype Phase Is Required 546

Summary 547

Best Practices 548

Part VI Windows Server 2008 R2 Administration and Management

18 Windows Server 2008 R2 Administration 549

Defining the Administrative Model 550

Examining Active Directory Site Administration 551

Configuring Sites 554

Examining Windows Server 2008 R2 Active Directory Groups 562

Creating Groups 564

Managing Users with Local Security and Group Policies 568

Managing Printers with the Print Management Console 576

Summary 582

Best Practices 583

19 Windows Server 2008 R2 Group Policies and Policy Management 585

Group Policy Overview 585

Group Policy Processing—How Does It Work? 586

Local Group Policies 588

Security Templates 590

Elements of Group Policy 591

Contents xi

Group Policy Administrative Templates Explained 603

Policy Management Tools 607

Designing a Group Policy Infrastructure 616

GPO Administrative Tasks 619

Summary 637

Best Practices 637

20 Windows Server 2008 R2 Management and Maintenance Practices 639

Going Green with Windows Server 2008 R2 640

Initial Configuration Tasks 641

Managing Windows Server 2008 R2 Roles and Features 643

Server Manager 647

Server Manager Diagnostics Page 652

Server Manager Configuration Page 657

Server Manager Storage Page 661

Auditing the Environment 665

Managing Windows Server 2008 R2 Remotely 674

Using Common Practices for Securing and Managing Windows

Server 2008 R2 679

Keeping Up with Service Packs and Updates 681

Maintaining Windows Server 2008 R2 685

Summary 696

Best Practices 696

21 Automating Tasks Using PowerSheil Scripting 699

Understanding Shells 700

Introduction to PowerSheil 702

Understanding the PowerSheil Basics 705

Using Windows PowerSheil 732

Summary 762

Best Practices. 762

22 Documenting a Windows Server 2008 R2 Environment 763

Benefits of Documentation 764

Types of Documents 765

Planning to Document the Windows Server 2008 R2 Environment 766

Knowledge Sharing and Knowledge Management 766

Windows Server 2008 R2 Project Documents 767

Administration and Maintenance Documents 780

Network Infrastructure 784

Disaster Recovery Documentation 785

Change Management Procedures 788

xii Windows Server 2008 R2 Unleashed

Performance Documentation 788

Baselining Records for Documentation Comparisons 789

Routine Reporting 789

Security Documentation 790

Summary 791

Best Practices 791

23 Integrating System Center Operations Manager 2007 R2 with

Windows Server 2008 R2 793

Windows Server 2008 R2 Monitoring 794

What's New in OpsMgr R2 796

Explaining How OpsMgr Works 796

Outlining OpsMgr Architecture 798

Understanding How to Use OpsMgr 802

Understanding OpsMgr Component Requirements 805

Understanding Advanced OpsMgr Concepts 807

Securing OpsMgr 811

Installing Operations Manager 2007 R2 814

Configuring Operations Manager 2007 R2 822

Monitoring DMZ Servers with Certificates 831

Using Operations Manager 2007 R2 837

Summary 846

Best Practices 846

Part VII Remote and Mobile Technologies

24 Server-to-Client Remote Access and DirectAccess 849

VPN in Windows Server 2008 R2.

850

Authentication Options to an RRAS System 856

VPN Protocols. 858

DirectAccess in Windows Server 2008 R2 863

Choosing Between Traditional VPN Technologies and DirectAccess 873

Traditional VPN Scenario 876

DirectAccess Scenario 898

Connection Manager 916

Summary 919

Best Practices 919

25 Remote Desktop Services 921

Why Implement Remote Desktop Services 922

How Remote Desktop Works 925

Understanding the Name Change 928

Contents xiii

Understanding Remote Desktop Services 928

Planning for Remote Desktop Services 947

Deploying Remote Desktop Services 953

Securing Remote Desktop Services 979

Supporting Remote Desktop Services 981

Summary 984

Best Practices 985

Part VIII Desktop Administration

26 Windows Server 2008 R2 Administration Tools for Desktops 987

Managing Desktops and Servers 988

Operating System Deployment Options 989

Windows Server 2008 R2 Windows Deployment Services 991

Installing Windows Deployment Services (WDS) 994

Creating Discover Images 1005

Creating Custom Installations Using Capture Images 1016

General Desktop Administration Tasks 1020

Summary 1021

Best Practices 1021

27 Group Policy Management for Network Clients 1023

The Need for Group Policies 1024

Windows Group Policies 1025

Group Policy Feature Set 1028

Planning Workgroup and Standalone Local Group Policy

Configuration 1033

Planning Domain Group Policy Objects 1036

Managing Computers with Domain Policies 1045

Managing Users with Policies 1070

Managing Active Directory with Policies 1076

Summary 1095

Best Practice 1096

Part IX Fault-Tolerance Technologies

28 File System Management and Fault Tolerance 1097

Windows Server 2008 R2 File System Overview/Technologies 1097

File System Access Services and Technologies 1102

Windows Server 2008 R2 Disks 1105

Utilizing External Disk Subsystems 1109

Managing Windows Server 2008 R2 Disks 1109

xiv Windows Server 2008 R2 Unleashed

System File Reliability 1118

Adding the File Services Role 1120

Managing Data Access Using Windows Server 2008 R2 Shares 1122

Volume-Based NTFS Quota Management 1128

File Server Resource Manager (FSRM) 1130

The Distributed File System 1147

Planning a DFS Deployment 1152

Installing DFS 1155

Managing and Troubleshooting DFS 1163

Backing Up DFS 1166

Using the Volume Shadow Copy Service 1167

Summary 1170

Best Practices 1170

29 System-Level Fault Tolerance (Clustering/Network Load Balancing) 1173

Building Fault-Tolerant Windows Server 2008 R2 Systems 1174

Windows Server 2008 R2 Clustering Technologies 1177

Determining the Correct Clustering Technology 1182

Overview of Failover Clusters 1184

Deploying Failover Clusters 1191

Backing Up and Restoring Failover Clusters 1211

Deploying Network Load Balancing Clusters 1215

Managing NLB Clusters 1223

Summary 1225

Best Practices 1225

30 Backing Up the Windows Server 2008 R2 Environment 1227

Understanding Your Backup and Recovery Needs and Options 1228

Creating the Disaster Recovery Solution 1232

Documenting the Enterprise 1234

Developing a Backup Strategy 1234

Windows Server Backup Overview 1235

Using Windows Server Backup 1239

Managing Backups Using the Command-Line Utility wbadmin.exe

and PowerShell Cmdlets 1246

Backing Up Windows Server 2008 R2 Role Services 1248

Volume Shadow Copy Service (VSS) 1262

Windows Server 2008 R2 Startup Options 1264

Summary 1265

Best Practices 1265

Contents xv

31 Recovering from a Disaster 1267

Ongoing Backup and Recovery Preparedness 1267

When Disasters Strike 1271

Disaster Scenario Troubleshooting 1274

Recovering from a Server or System Failure 1277

Managing and Accessing Windows Server Backup Media 1285

Windows Server Backup Volume Recovery 1287

Recovering Role Services and Features. 1291

Summary 1302

Best Practices 1302

Part X Optimizing, Tuning, Debugging, and Problem Solving

32 Optimizing Windows Server 2008 R2 for Branch Office

Communications 1305

Understanding Read-Only Domain Controllers (RODCs) 1306

Installing a Read-Only Domain Controller 1310

Understanding BitLocker Drive Encryption 1323

Configuring BitLocker Drive Encryption on a Windows Server

2008 R2 Branch Office Domain Controller 1326

Understanding and Deploying BranchCache 1333

Enhancing Replication and WAN Utilization at the Branch Office 1339

Summary 1342

Best Practices 1342

33 Logging and Debugging 1345

Using the Task Manager for Logging and Debugging 1345

Using Event Viewer for Logging and Debugging 1350

Performance and Reliability Monitoring 1359

Setting Baseline Values 1369

Using the Debugging Tools Available in Windows Server 2008 R2 1371

Task Scheduler 1382

Summary 1388

Best Practices 1389

34 Capacity Analysis and Performance Optimization 1391

Defining Capacity Analysis 1391

Using Capacity-Analysis Tools 1395

Monitoring System Performance 1415

Optimizing Performance by Server Roles 1423

Summary 1430

Best Practices 1430

xvi Windows Server 2008 R2 Unleashed

Part XI Integrated Windows Application Services

35 Windows SharePoint Services 1433

Understanding the History of SharePoint Technologies 1434

What Are the Differences Between Windows SharePoint Services

3.0 and SharePoint Server 2007? 1436

Identifying the Need for Windows SharePoint Services 1439

Installing Windows SharePoint Services 1440

Lists and Libraries in Windows SharePoint Services 3.0 1453

Integrating Office 2007 Applications with Windows SharePoint

Services 3.0 1469

Managing the Site Collection 1475

Summary 1479

Best Practices 1481

36 Windows Media Services 1483

Understanding Windows Media Services 1484

Installing Windows Media Services 1489

Using Windows Media Services for Real-Time Live Broadcasts 1492

Broadcasting Stored Single Files 1495

Hosting a Directory of Videos for On-Demand Playback 1498

Combining Multiple Files for a Combined Single Broadcast 1501

Understanding Windows Media Encoder 1504

Broadcasting a Live Event 1506

Capturing Audio or Video for Future Playback 1508

Using Other Windows Media Encoder Options 1510

Summary 1512

Best Practices 1512

37 Deploying and Using Windows Virtualization 1515

Understanding Microsoft's Virtualization Strategy 1515

Integration of Hypervisor Technology in Windows Server 2008 1517

Planning Your Implementation of Hyper-V 1519

Installation of the Microsoft Hyper-V Role 1522

Becoming Familiar with the Hyper-V Administrative Console 1524

Installing a Guest Operating System Session 1529

Modifying Guest Session Configuration Settings 1533

Launching a Hyper-V Guest Session 1535

Using Snapshots of Guest Operating System Sessions 1538

Quick Migration and Live Migration 1540

Summary 1550

Best Practices 1551

Index 1553