1 / 30

Module 2

Module 2. Advanced Deployment and Administration of AD DS . Module Overview. Deploying AD DS Deploying and Cloning Virtual Domain Controllers Deploying Domain Controllers in Windows Azure Administering AD DS. Lesson 1: Deploying AD DS.

tauret
Download Presentation

Module 2

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Module 2 Advanced Deployment and Administration of AD DS

  2. Module Overview • Deploying AD DS Deploying and Cloning Virtual Domain Controllers Deploying Domain Controllers in Windows Azure Administering AD DS

  3. Lesson 1: Deploying AD DS • Overview of AD DS Deployment Remote Deployment of AD DS Demonstration: Remote Deployment of Domain Controllers Upgrading and Migrating to Windows Server 2012 R2 AD DS

  4. Overview of AD DS Deployment • Information required before deploying an ADDS domain controller: • AD DS and DNS infrastructure: • ADDS structure • New domain/forest or existing domain • DNS infrastructure information • Windows Server installation options: • Server Core installation • Server with a GUI • Server Core with Minimal Server Interface • Change using Windows PowerShell • Feature on demand to minimize installation binaries • Physical, virtual, or cloud installation: • Not many reasons not to go virtual • Must not have single point of failure • Some scenarios benefit from cloud deployment • Deployment options: • Local deployment • Remote deployment

  5. Remote Deployment of AD DS • When you install AD DSin Windows Server2012R2, you must use: • The Windows PowerShell cmdlet Install-ADDSDomainController • Server Manager, which provides a GUI and runs Windows PowerShell in the background • Dcpromo.exe is used only for unattended installations to support legacy processes: • Role must be added to install binaries, and then AD DSmust be configured • Active Directory Domain Services Configuration Wizard performs: • Collection of data • Prerequisite checks • Preparation of schema and domain if required • Promotion of domain controller • Runs the same either locally or remotely • Consider using RODC when remote locations are unsecure • Consider using IFM where there is low bandwidth

  6. Demonstration: Remote Deployment of Domain Controllers • In this demonstration, you will see how to deploy an AD DS domain controller remotely when you: • Add LON-SVR1 to Server Manager on LON-DC1 • Add the AD DS role on a remote server • Configure AD DS remotely by using Server Manager

  7. Upgrading and Migrating to Windows Server 2012 R2 AD DS • Migrations are preferred to in-place upgrades of domain controllers and are only possible with Windows Server 2008SP2 or newer • When you promote the Server Managers’ domain, you are performing the forest and domain preparations: • These can be done separately using Adprep.exe • Adprep.exe runs on domain member servers and is only available in a 64-bit version • Test your preparation and migration in a test lab with production schema • Verify applications and plan for the first domain controller • Clean up your infrastructure and consider new features and functionality after the migration is finished

  8. Lesson 2: Deploying and Cloning Virtual Domain Controllers • Virtual Domain Controller Deployment Considerations How Snapshots Affect Domain Controllers Domain Controller Virtualization in Windows Server 2012 AD DS Domain Controller Cloning Demonstration: Domain Controller Cloning Domain Controller Virtualization Best Practices

  9. Virtual Domain Controller Deployment Considerations • Virtualization benefits for domain controllers: • Scalable • Independent of hardware • Quicker recovery • Windows Server 2012 is cloud-ready and virtualization safe • Considerations for virtualization include: • Time synchronization • Domain membership of the virtualization host • Single point of failure • Going to the cloud

  10. How Snapshots Affect Domain Controllers DC01 ? 2210 USN 2230 2200 2240 2220 2260 2270 2250 DC02 USN 1020 1030 1040 1050 1060 1070 1080 1090 • DC01 (USN 2220) and DC02 (USN 1040) are synchronized– DC02 snapshot created • DC01 (USN 2260) synchronized with DC02 (USN 1080) • DC02 rolled back to snapshot • Result: DC01 thinks it has all updates from DC02 since 1080; however DC02 is at 1040-changes between 1040 and 1080 not replicated to DC01

  11. Domain Controller Virtualization in Windows Server 2012 • To support safe virtualization of domain controllers: • Hypervisor needs to support Virtual Machine Generation Identifier, such as Hyper-V on Windows Server 2012 • Virtual guest domain controller needs to be on Windows Server 2012 or newer • Compares stored Virtual Machine Generation Identifieragainst Virtual Machine Generation Identifierprovided by the Hypervisor • Safeguards are triggered when: • Snapshot is restored during guest shutdown • Snapshot is restored while machine is running • Guest employs virtualization safeguards by: • Invalidating the local RID pool • Setting as a new invocation ID for the domain controller database, effectively presenting itself as new domain controller and verifying all objects and attributes

  12. AD DS Domain Controller Cloning • Domain controllers can be cloned for: • Rapid deployment • Private clouds • Recovery strategies • To clone a source domain controller: • Add the domain controller to the Cloneable Domain Controllers group • Verify application and service compatibility • Create a DCCloneConfig.xml file • Export once and create as many clones as needed • Start the clones

  13. AD DS Domain Controller Cloning Virtual Machine Generation Identifier Exists? Start No No DCCloneConfig exists? Normal Start Yes Virtual Machine Generation Identifierchanged? Yes No Yes Yes Rename DDCloneConfig No Virtualizations safeguards triggered Rename DDCloneConfig Restart in DSRM Yes Normal Start DCCloneConfig Exists? No No Normal Start Duplicate IP? Yes Clone Yes Fail Succeed Restart in DSRM Restart in DSRM Restart

  14. Demonstration: Domain Controller Cloning • In this demonstration, you will learn how to: • Prepare a source domain controller to be cloned • Export the source virtual machine • Create and start the cloned domain controller

  15. Domain Controller Virtualization Best Practices • Avoid single points of failure • Time service • Use virtualization technology with the Virtual Machine Generation Identifier feature • Use Windows Server 2012 or Windows Server 2012 R2 as virtualization guests • Avoid or disable snapshots • Be aware of security • Consider taking advantage of cloning in your deployment or recovery strategy • Start a maximum number of 10 new clones at the same time • Consider using virtualization technologies that allow virtual machine guests to move between sites • Adjust your naming strategy to allow domain controller clones

  16. Lesson 3: Deploying Domain Controllers in Windows Azure • Running AD DS Domain Controllers in Windows Azure Considering Domain Controllers in the Cloud Deploying Domain Controllers in the Cloud

  17. Running AD DS Domain Controllers in Windows Azure Extending AD DS to the Windows Azure Virtual Machine clouds provides new scenarios, including: • Cloud-only deployments, to enable a new forest in the cloud to: • Support applications in the cloud that are accessible from the intranet and Internet • Run applications and AD DS isolated from the corporate directory • Support extranet applications • Hybrid deployments, to extend an existing domain to the cloud to: • Support corporate applications in the cloud • Business-to-business authentication by using AD FS out of the cloud • Support high availability and disaster recovery scenarios

  18. Considering Domain Controllers in the Cloud Technical considerations: • Treat domain controllers in Windows Azure as virtual domain controllers • Put core AD DS data on data disks, not operating system disks • Optimize your deployment for traffic and costs • Design your sites and services with the cloud in mind • Use dynamic TCP/IP settings • Consider using RODCs • Design your naming resolution Deployment considerations: • Move an existing virtual domain controller to Windows Azure • Create a new virtual machine, and then connect and promote it to your corporate network • Use Install from Media to reduce costs Servicing and maintaining domain controllers in Windows Azure: • Extend your processes and plan for monitoring and updating

  19. Deploying Domain Controllers in the Cloud Verify Prerequisites by: • Creating a Windows Azure in the Virtual Network • Creating a cloud service in the virtual network • Deploying a virtual machine in the cloud service, Size L or greater, and attaching a data disk, not an operating system disk • Verifying the on-premises infrastructure • Creating subnets and sites for the cloud • Configuring the cloud-based virtual machine to use on-premises DNS • Deploying the domain controller • Installing an additional domain controller in the cloud • Validating the installation

  20. Lesson 4: Administering AD DS • Overview of AD DS Management Tools What Is Active Directory Administrative Center? Demonstration: Using Active Directory Administrative Center to Administer and Manage AD DS What is the Active Directory Module for Windows PowerShell? Using Windows PowerShell ISE for AD DS Administration Demonstration: Administering AD DS with Windows PowerShell

  21. Overview of AD DS Management Tools You typically will perform AD DS management by using the following tools: • Active Directory Administrative Center • Active Directory Users and Computers • Active Directory Sites and Services • Active Directory Domains and Trusts • Active Directory Schema snap-in • Active Directory module for Windows PowerShell

  22. What Is Active Directory Administrative Center? Active Directory Administrative Center is a task-oriented tool that is based on Windows PowerShell

  23. Demonstration: Using Active Directory Administrative Center to Administer and Manage AD DS • In this demonstration, you will learn how to: • Navigate within Active Directory Administrative Center • Perform an administrative task within Active Directory Administrative Center • Create objects • View all object attributes • Use the Windows PowerShell History Viewer in Active Directory Administrative Center

  24. What is the Active Directory Module for Windows PowerShell? The Active Directory module is the foundation of management for AD DS: • GUIssuch as Server Manager and Active Directory Administrative Center rely on Windows PowerShell • Requires ADWS • Provides 147 cmdlets for management and 10 cmdlets for deployment in Windows Server 2012 R2 Exploring cmdlets for AD DS: • Get-Command –Module ActiveDirectory • Get-Command –Module ADDSDeployment • Get-Help New-ADUser • Get-Help New-ADUser -Examples

  25. Using Windows PowerShell ISE for AD DS Administration Windows PowerShell ISE helps you run commands and write, edit, run, test, and debug scripts an environment that displays syntax coloring and supports Unicode

  26. Demonstration: Administering AD DS with Windows PowerShell • In this demonstration, you will see how to administer AD DS by using Windows PowerShell to: • Search for all users in the Marketing department • Change the user properties of all users with a last name beginning with L through Z to the Marketing2 department • Query OUs not protected from accidental deletion • Mark all OUs to protect from accidental deletion

  27. Lab: Deploying and Administering AD DS • Exercise 1: Deploying AD DS Exercise 2: Deploying Domain Controllers by Performing Domain Controller Cloning Exercise 3: Administering AD DS Logon Information: Virtual machines: 10969A-LON-DC1 10969A-LON-SVR1 User name: Adatum\Administrator Password: Pa$$w0rd Estimated Time: 45 minutes

  28. Lab Scenario You are an IT administrator at A. Datum Corporation. The company is expanding its business with several new locations. The AD DS administration team currently is evaluating the methods available in Windows Server 2012 for rapid and remote domain controller deployment. Also, the team is looking for a way to automate certain AD DS administrative tasks. The team wants fast and seamless deployment of new domain controllers for new locations, and it also wants to promote servers to domain controllers from a central location.

  29. Lab Review • In the lab, you used Active Directory Administrative Center and the Active Directory module for Windows PowerShell. Which tool would you prefer to use for each tasks? In which scenarios can domain controller cloning be useful?

  30. Module Review and Takeaways • Review Questions Tools Best Practice

More Related