October 25th, 2012

Windows Server 2012

Richard Oertle
Subject Matter Expert / Instructor
www.NetComLearning.com

Windows Server 2012

New Features and Certifications
Certification Changes
Microsoft Certified Solution Expert in Windows
Server 2012
Microsoft Certified Solution Administrator in
Windows Server 2012

Administration Changes
Screen and Navigation changes

PowerShell changes
Version 3.0 with 2400 cmdlets

Starting from the beginning:

Become an MCSA
Pass the following 3 tests to gain the
equivalent of passing the 70-417 test
70-410
Installing and Configuring Windows Server 2012

70-411
Administering Windows Server 2012

70-412
Configuring Advanced Windows Server 2012
Services
Then consider continuing on for an MCSE in the 3
previous categories of Desktop, Private cloud or
Server Administration

Upgrading from
MCITP to MCSE
Must renew MCSE status every three years!
MCITP upgrade test is 70-417 (course
20417)
MCITP accepted certifications includes:
Lync Administrator
SharePoint Administrator
Desktop Administrator
Enterprise Messaging Administrator
Windows Server 2008 Administrator

Pass the 70-417 upgrade test

THEN:
Take and pass the specialist area tests shown below
Determine which of 3 MCSE specialist areas to focus
on:
MCSE in Server Infrastructure
70-413 Designing and Implementing a Server
Infrastructure
70-414 Implementing an Advanced Server
Infrastructure
MCSE in Desktop Infrastructure
70-415 Implementing a Desktop Infrastructure
70-416 Implementing Desktop Application
Environments

MCSE Information continued

MCSE in Private Cloud Infrastructure
70-246 Monitoring and Operating a Private
Cloud with System Center 2012, Course
10751 (5 days)
70-247 Configuring and Deploying a Private
Cloud with System Center 2017, Course
10750 (5 days)

Some of the New Administration features

of
Windows Server 2012

Active Directory Administrative Center,

is a task-oriented tool based on Windows
PowerShell

Password Settings Objects

You can use fine-grained password policies to
specify multiple password policies within a
single domain
Fine-grained password policies:
Apply only to user objects (or inetOrgPerson
objects) and global security groups
Cannot be applied to an OU directly
Do not interfere with custom password filters
that you might use in the same domain

Configuring Password Settings Objects

Windows Server 2012 provides two tools for

configuring PSOs

Windows PowerShell cmdlets

New-ADFineGrainedPasswordPolicy
Add-FineGrainedPasswordPolicySubject

Active Directory Administrative Center

Is a graphical user interface
Uses Windows PowerShell cmdlets to create

and manage PSOs

Managed Service Account

Use to automate password and SPN
management for service accounts used by
services and applications
Requires a Windows Server 2008 R2 or Windows Server
2012 server installed with:
.NET Framework 3.5.x
Active Directory module for Windows PowerShell
Recommended to run with AD DS configured at the
Windows Server 2008 R2 functional level or higher
Can be used in a Windows Server 2003 or 2008 AD DS
environment:
With Windows Server 2008 R2 schema updates
With Active Directory Management Gateway Service

Group Managed
Service Accounts
Group managed service accounts extend the
capability of standard managed service accounts by:
Enabling

an MSA to be used on more than one

computer in the domain

Storing

MSA authentication information on

domain controllers

Group MSA requirements:

Must

have at least one Windows Server 2012

domain controller

Must

have a KDS root key created for the domain

The Central Store

The Central
Store:

Is a central repository for ADMX and ADML files

Is stored in SYSVOL
Must be created manually
Is detected automatically by Windows Vista or Windows
Server 2008
ADMX files

Windows Vista
or Windows Server 2008
workstation

Domain controller
with SYSVOL

Domain controller
with SYSVOL

Group Policy Preferences

Group Policy preferences expand the range of
configurable settings within a GPO
Group Policy preferences:
Enable IT professionals to configure, deploy, and manage
settings that were not manageable by using Group Policy
Are natively supported on Windows Server 2008 and Vista
SP2 or newer
Can be created, deleted, replaced, or updated

Comparing Group Policy Preferences

and GPO Settings
Group Policy
Settings

Group Policy
Preferences

Strictly enforce policy

settings by writing the
settings to areas of the
registry that standard
users cannot modify

Are written to the normal

locations in the registry that the
application or operating system
feature uses to store the setting

Typically disable the user

interface for settings that
Group Policy is managing

Do not cause the application or

operating system feature to
disable the user interface for
the settings they configure

Refresh policy settings at

a regular interval

Refresh preferences by using

the same interval as Group
Policy settings by default

Group policy
Management Editor

Allows editing of the ADMX file

Extends the functionality of GPMC

Features of Group Policy Preferences

Common Tab

Is used to configure
additional options that
control the behavior of a
Group Policy preference item

Targeting Features

Determines to which users

and computers a preference
item applies

Deploying a Cloned Virtualized

Domain Controller
You can safely clone an existing virtual domain
controller by:
1. Creating a DcCloneConfig.xml file and storing it

in the
AD DS database location
2. Taking the VDC offline and exporting it
3. Creating a new virtual machine by importing the
exported VDC
DcCloneConfig.xml
to AD DS database
location
Export the
VDC

Import the
VDC

Overview of the Active Directory Module

for Windows PowerShell
The Active Directory module for Windows PowerShell
provides full administrative functionality in these
areas:

User management

Computer management
Group management
OU management
Password policy management
Searching and modifying objects
Forest and domain management

Domain controller and operations masters management

Managed service account management
Site replication management
Central access and claims management

Windows PowerShell Web Access

Allows remote management of computers by

running Windows PowerShell sessions in a web

browser.
Powershell replaces tab completion with Visual

Studio style drop down options

Many former scripts are now compiled into cmdlets

Polls

What Is NTDSUtil?
With NTDSUtil you can:
Manage and control single master
operations
Perform AD DS database maintenance
Perform offline defragmentation
Create and mount snapshots
Move database files

Maintain domain controller metadata

Reset Directory Services Restore Mode

password

Creating AD DS Snapshots
Create a snapshot of Active Directory

NTDSUtil

Mount the snapshot to a unique port

NTDSUtil

Expose the snapshot

Right-click the root node of Active Directory Users and

Computers, and choose Connect to Domain Controller
Enter serverFQDN:port

View (read-only) snapshot

Cannot directly restore data from the snapshot

Recover data

Connect to the mounted snapshot, and export/reimport objects

with LDIFDE

Restore a backup from the same date as the snapshot

Manually reenter data

www.netcomlearning.

Configuring the Active Directory

Recycle Bin?
Active Directory Recycle Bin provides a way to restore

deleted objects without AD DS downtime

Uses Windows PowerShell with Active Directory
Module or the Active Directory Administrative Center
to restore objects

Dynamic Access Control

Dynamic Access Control provides:
A safety net over all file server-

based resources
Data identification
Access control to files
File access auditing
Optional RMS protection
integration

What Is FSRM?
FSRM Enables the following functionality:
Storage quota management
File screening management
Storage reports management
Classification management
File management tasks

Using FSRM to Manage Quotas, File Screens,

and Storage Reports
What Is Quota Management?
What Are Quota Templates?
Monitoring Quota Usage
What Is File Screening Management?
What Are File Groups?
What Are a File Screen Templates and File Screen
Exceptions?
What Are Storage Reports?
What Is a Report Task?
Demonstration: How to Use FSRM to Manage

Monitoring Quota Usage

You can monitor quota usage by:

Viewing quota information in the FSRM console

Generating a quota usage report
Creating soft quotas
Using the Get-FSRMQuota Windows PowerShell
cmdlet

File Screening Management

File screen management provides a method for
controlling the types of files that can be saved on
file servers

File screen management consists of:

Creating file screens
Defining file screen templates
Creating file screen exceptions
Creating file groups

Storage Reports
Storage reports provide information about
file usage on a file server
Types of storage reports include:

Duplicate Files
File Screening Audit
Files by File Group, Owner, or Property
Folders by Property
Large Files
Quota Usage
Least and most recently accessed files

Classification Management
Classification management enables you to create
and assign classification properties to files using an
automated mechanism
Classification Rule
File Management Task

Classification Property

Payroll.rpt

IsConfidential

Classification Properties
A Classification Properties is a configurable value
that can be assigned to a file
Classification properties can be any of the

following:

Yes/No

Date/Time
Number
Multiple choice list
Ordered list
String

Multi-String

Options for Storage Optimization

in Windows Server 2012
Storage optimization features include:
File

access auditing
Features on Demand
Data deduplication
NFS data stores

Implementing IPAM
What Is IPAM?
IPAM Architecture
Requirements for IPAM Implementation
Managing IP Addressing Using IPAM
IPAM Management and Monitoring
Considerations for Implementing IPAM

What Is IPAM?
IPAM facilitates IP management in organizations with
complex networks by enabling administration and
monitoring of DHCP and DNS

Managing IP Addressing Using IPAM

You can view and manage the IP address space
using the following views:
IP address blocks
IP address ranges
IP addresses
IP inventory
IP address range groups

You can monitor the IP address space using the following views:
DNS and DHCP servers
DHCP scopes
DNS zone monitoring
Server groups

IPAM Management
and Monitoring

With IPAM, you can:

Monitor IP address space utilization
Monitor DNS and DHCP health
Configure many DHCP properties and values from

the IPAM console

Use the event catalog to view a centralized
repository for all configuration changes

What Is iSCSI?

TCP/IP protocol

iSCSI transmits SCSI commands over IP

networks

iSCSI client that

runs the iSCSI
Initiator

Storage
Array

iSCSI Target Server

iSCSI Target Server and iSCSI Initiator

Considerations for
Implementing iSCSI Storage
Consider the following when designing your iSCSI
storage solution:
Deploy the solution on fast networks
Design a highly available network infrastructure for your

iSCSI storage solution.

Design an appropriate security strategy for the iSCSI
storage solution
Follow the vendor-specific best practices for different
types of deployments
The iSCSI storage solution team must contain IT
administrators from different areas of specialization
Design application-specific iSCSI storage solutions
together with application specific administrators, such as
Exchange Server and SQL Server administrators

Thank You! Back to Rinchen

Stick around for Raffle and
Q&As

www.NetComLearning.co
m