Module 1

advertisement
Module 1
Server Management in
Windows Server 2012
Module Overview
• What's New in Server Manager
• Windows PowerShell and Server Core Enhancements
• What’s New in Active Directory
• Dynamic Access Control
• Introducing IP Address Management
Lesson 1: What's New in Server Manager
• Administering Servers with Server Manager
• Adding Roles and Features
Administering Servers with Server Manager
Using Server Manager, you can:
• Manage multiple servers from
one instance of Server Manager
• Deploy roles and features to
remote servers
• Generate Windows PowerShell
scripts for actions performed in
Server Manager
• Group servers
• View the status of
all servers from a single
location
• Determine whether roles on
the network are functioning
efficiently.
Adding Roles and Features
• Remotely deploy roles and features
• Add roles and features to virtual hard disks even if the
virtual machine is turned off.
Demonstration: Exploring Server Management in
Windows Server 2012
In this demonstration you will:
• Start the Server Manager console.
• Add a server role or feature.
• View role related events.
• Run the Best Practice Analyzer for a role.
• List the tools available from Server Manager.
• Open the Start Menu.
• Log off the currently logged on user.
• Restart Windows Server 2012.
Recorded Demo - Configuring Server Manager.wmv
POLLS
Lesson 2: Windows PowerShell and Server Core
Enhancements
• Using Windows PowerShell in Windows Server 2012
• Removing the Graphical Interface
Using Windows PowerShell in Windows Server 2012
The new PowerShell Integrated Scripting Engine (ISE) provides:
• Integrated help – enables you to search for Windows PowerShell cmdlets if
you know a few characters in their name.
• IntelliSense - which suggests values as you type and prompts you for
parameter values.
Removing the Graphical Interface
• Benefits of Using Server Core

Reduced update requirements.

Reduced hardware footprint.
• Graphical shell is now a feature. Can be turned off and
back on again
• Server Core Installation Options

Server Core. The standard deployment of Server Core. It is
possible to convert to the full version of Windows Server
2012.

Server Core with Management. This works the same as a
deployment of Windows Server 2012 with the graphical
component, except that the graphical components are not
installed
Lesson 3: What’s New in Active Directory
• Key New Features
• Deploying Domain Controllers
• Virtualization-Safe Technology
• Group Managed Service Accounts
Key New Features
New features of AD DS:
•
New deployment methods
•
Simplified administration
•
Virtualized domain controllers
•
Clone a Domain Controller
•
Active Directory Administration Center
•
Active Directory module for PowerShell
•
Windows PowerShell History Viewer
•
Active Directory Federated Services
•
Active Directory Based Activation
Deploying Domain Controllers
• All configuration of
domain controllers
can be done through
a wizard in Server
Manager
• AD DS binaries can
be installed using
PowerShell
• Dism.exe is more
complex to use
• Dcpromo is only
supported in
Unattended mode
Virtualization-Safe Technology
You can safely clone existing virtual domain controllers by:
• Creating a DcCloneConfig.xml file and storing it in the
AD DS database location.
• Taking the VDC offline and exporting it.
• Creating a new virtual machine by importing the
exported VDC.
DcCloneConfig.xml to
AD DS database
location
Export the VDC
Import the VDC
Group Managed Service Accounts
Group Managed Service Accounts provide:
• Automatic password and SPN management to multiple
servers in a farm
• A single identity for services running on a farm
Farm
server1
Farm
server2
Group
managed
service
account
Farm
server3
Lesson 4: Dynamic Access Control
• Introduction to Dynamic Access Control
• What are Claims?
• Using Central Access Policies and Rules
• Classifying Objects Using Resource Properties
Introduction to Dynamic Access Control
• Dynamic Access Control provides :

Data Identification

Access Control to files

Auditing of access to files

RMS protection integration
• Give users access to file system objects based on their
attributes in Active Directory and the Classification of the
file system object
Finance
Finance
What are Claims?
• Claims are statements made by AD DS about specific
user or object in AD DS
• AD DS in Windows Server 2012 supports :

User claims

Device claims
• Can be based on existing Active Directory attributes
• Typical implementation might use Department
•
•
•
•
Department: Sales
Level: 5
Site: Berlin
Role: Manager
Using Central Access Policies and Rules
• Central Access Rules define access based on user attributes (claims)
and resource properties
• Central Access Rules are grouped into Central Access Policies
• Central Access Policies are pushed to file servers using group policies
• A Central Access Policy has three configurable parts :

Applicability.

Access conditions.

Exception.
Classifying Objects Using Resource Properties
• You manage Resource Property objects in Resource Properties
container in Dynamic Access Control node
In ADAC
• There is a new Classification tab
for file system object
Properties in FSRM
• The Classification tab allows you to add
classifications to files and folders
Lesson 5: Introducing IP Address Management
• Introducing IP Address Management
• Server Discovery
• Address Space Management
Introducing IP Address Management
IPAM has the following functionality:
• Address Planning
DHCP
• Address Allocation
• Usage Tracking
• Troubleshooting
• Auditing
Key Prerequisites:


The IPAM server
must not be a
domain
controller
IPAM
DNS
You must log on to the IPAM server using a domain account
Server Discovery
• Agentless discovery
• Server connects to DHCP servers, DNS servers, domain
controllers, and Network Policy Servers
• Client connects to IPAM server to view data
• Client connects to DHCP and DNS servers to perform updates
Update
Query
DHCP,
DNS,
NPS,
Domain
Controllers
IPAM Client
IPAM Server
Agentless
Discovery
Address Space Management
• Address blocks
Contiguous range of IP addresses
• Address ranges
Sub-division of address block for
internal allocation
• IP addresses
Individual IP addresses
Download