Windows 2008R2 – Active Directory whats new ?

This is a cool presentation from technet … some of the new stuff in R2 is amazing.   Looks like PowerShell for AD is going to really kick off !!!

Link to Powerpoint download

Link to more resources

Schema Changes… scared?

Everyones favourite topic Schema Changes.  I have always seen these as rather easy and over rated experiences, however a recent change to Exchange 2007 SP1 schema changed that view.  I will be adding some pointers for that change next week along with some more info. Here’s how Microsoft do it.

Webcast

Webpage

Group Policy – Starter Gpos

These look interesting , basically you can create baseline GPOs. They can only include Administrative Templates (as shown below) settings and also create a new folder in SYSVOL. Going to have a play and the following article looks good: Link

GPMC Location:

SYSVOL Location:

GPO Settings:

Starter GPO Admin Templates

Password policies

Good high level blog form the ASKDS team:

http://blogs.technet.com/askds/archive/2009/05/19/understanding-password-policies.aspx

plus a link to a white paper you should read:

http://www.microsoft.com/downloads/details.aspx?FamilyID=8C8E0D90-A13B-4977-A4FC-3E2B67E3748E&displaylang=en

Windows 2008 and Vista SP2 released

just spotted this on a few blogs..

http://www.microsoft.com/downloads/en/resultsForCategory.aspx?nr=50&sortOrder=Descending&sortCriteria=Date&period=30&stype=ss_nd&sterm=All+Categories

 

and the extract from the ms site

Service Pack 2 (SP2) for Windows Server 2008 and Windows Vista is an upcoming update to Windows Vista and Windows Server 2008. It will provide customer and partner feedback-driven fixes into a single service pack, minimizing deployment and testing complexity. In addition to all previously released updates since SP1, SP2 will support new types of hardware, and will add support for several emerging standards.

As of April 28^th, 2009 the Windows Server 2008 SP2 and Windows Vista SP2 Beta program has concluded, thank you for your participation and feedback.

AD Recovery

So my progress to date has been good.  I have used the Quest Recovery Manager for AD in my home lab to recover a child domain and two domain controllers.  To be honest it was a very simple process and after a few nervous minutes while the existing DCs sorted themselves out everything was ok.  I have some screen shots and a short guide that I will post early next week. It was intersting to see the invocation guid changing as the DC worked out it had been restored.

Active Directory has been restored from backup media, or has been configured to host an application partition. The invocationID attribute for this domain controller has been changed. The highest update sequence number at the time the backup was created is as follows.
InvocationID attribute (old value):
216d1df4-db3d-4326-8026-dfba0ca6a881
InvocationID attribute (new value):
d880386d-0385-4171-9ff3-9ab353c029f7
Update sequence number:
6410833

The invocationID is changed when a domain controller is restored from backup media or is configured to host a writeable application directory partition.

 

Virtual Technet

This looks good ,  with some good topics and of course the legend Mark Russinovich

http://technet.microsoft.com/en-gb/dd819085.aspx

Group Policy – Forum Common Questions

excellent list of common questions and answers from the Gp Forum

http://social.technet.microsoft.com/Forums/en-US/winserverGP/thread/26455b36-26bd-4a44-b594-5a9f67bcd8df

Directory Services – KB Articles

New KB articles related to Directory Services for the week of 5/3-5/9.

969710	How to enable the half-open TCP connections limit in Windows Vista with Service Pack 2 and in Windows Server 2008 with Service Pack 2
971133	Verbose logging may have adverse effects on system performance
969902	Many services do not start when you enter a computer name that exceeds 15 bytes during the initial setup of Windows Vista or of Windows Server 2008
970914	How to Manually Restore Files Backed Up Using Windows Backup
971070	The Debug Diagnostics 1.1 Whitepaper is now available
967358	You receive error messages when you try to create a domain GPO or edit an existing domain GPO in a Windows Server 2008 Active Directory domain environment

 

Server Core – DC Promotion

I have attached a simple answer.txt file below that I have used before for Server Core Promotion:

To set the network up you need the network ID (which tends to be 2)

netsh interface ipv4 show interfaces (this gives you the network id)
netsh interface ipv4 set address name=”2″ source=static address=192.168.100.202 mask=255.255.255.0 gateway=192.168.100.1
netsh interface ipv4 add dnsserver name=”2″ address=192.168.100.201 index=1

If you need RDP Access you need to do the following:

• WMIC RDTOGGLE Where ServerName=”%COMPUTERNAME%” Call SetAllowTSConnections  AllowTSConnections=”1″
• NetSH FireWall Set PortOpening TCP 3389 “Remote Desktop”

Dont forget to  Rename the machine to something more useful:

• WMIC ComputerSystem Where Name=”%COMPUTERNAME% Call Rename Name =”NewNameYouWant”

And then the answer.txt file

This one would create a normal DC with DNS thats also a GC in an existing Domain,

[DCINSTALL]
InstallDNS=Yes
ConfirmGc=Yes
CriticalReplicationOnly=No
DisableCancelForDnsInstall=No
Password=P@ssw0rd
RebootOnCompletion=No
ReplicaDomainDNSName=W2K8.COM
ReplicaOrNewDomain=Replica
SafeModeAdminPassword=P@ssw0rd
SiteName=London
UserDomain=W2K8.COM
Username=administrator