Great Windows Server 2008 & R2 Features

I have jot down few points which i hope will be useful for you all and thought of sharing.

For In-depth knowledge, i request you to please refer Microsot Windows Bible: http://technet.microsoft.com/hi-in/default.aspx

First of all Windows Server 2008 R2 is a Robust OS which MS has introduced than previous server OS even than 2008. What a wonderful features and concepts. I had a great time and enjoyed it like anything.You should Have a look!!!!!

Windows Deployment Services. — Replacing RIS…..
— It Deploys Windows operating systems over the network.It has the ability to deploy vista, Windows7 & Windows 2008.
— Image Base installation using WIM. (It is file-based disk image format, not sector based.)
— ImageX – it is command line tool to create, edit and deploy windows disk images into WIM.It is distributed as a part of the free windows automated installation kit. It is just same as Norton ghost but not wholly.
— WinPE is a bootable and light version of Windows. Can use to start a PC from USB or CD/DVD.
— System Imagfe manager replacement of setup manager in previous OS. Used to create unattended windows setup answer files.
— You could even deploy OS via .VHD files. Great Features.

Migration Server Roles.
Superb feature.:
— You could migrates role like DNS, DHCP and so on…..as far i have seen you could migrate via Powershell only. (system has to have installed powershell and .netframework)
— For Eg. to mirgate DHCP role which i did in lab and found great: Like wise there are many too. http://technet.microsoft.com/en-us/libr … 9483(WS.10).aspx

Best Practise Analyzers:
— Reduces troubleshooting overhead
— Scans roles on Windows Server 2008 R2

Windows Server 2008 R2 Backup
— Backup files and folders
— Backup management via Windows Powershell.
— Incremental backup of System State Backup
— One wonderful feature is that you could take AD database(not wholly) backup by using ntdsutil after stopping the AD DS service. — Then mounting the folder of the backup as it creates a snapshot on C: local drive. Another good thing is that using this you could create ADC in branch office and local office and allow sysvol replication later on. (usingdsamain.exe you can view the snapshot).
— When you mount you could actually view the NTDS.dit database for which i was longing to see since many years. ( but you cannot delete while viewing the database.
— Using NTDSUTIL actually you could take AD backup and backup for RODC to install in branch office. (Amanzing feature)

Active Directory Adminstration Center:
— Active Directory Administrative Center only available from Windows Server 2008 R2 servers and Windows 7 workstations, when they install Remote Server Administrative Tools (RSAT – likewise adminpak).
— It is almost same like ADUC. You access ADAC via (http) for that you need to have AD Web services installed. Once the service is stopped you will not be able to accest the ADAC.

Active Directory Recycle Bin
— First of you all your forest funtional needs to be at Windows 2008 R2 to enable this feature.
— It is build on the existing tombstone reanimation infrastructure.
— Minimizes directory service downtime.
— Preserves all attributes of deleted objects which (adrestore.exe) and ldap tool does not recovers all the attributes.
— Feature needs to be enabled via powershell and restore also. No GUI support is available for Recycle Bin feature at the moment.

Offline Domain Join.
— Offline domain join is a process to add computers to a domain in locations where there is no connectivity to a corporate network.
— To perform an offline domain join, you can run the Djoin.exe command-line tool
— Client computer does not require DC connectivity while joining.
— Computer account is intially created on ADUC
— This also has to be performed by CMDlets with the help of Djoin.exe utility.
— It is quite funny to see this feature as i got project to migrate lotus to exchange 2k10, you must be aware in Lotus to configure client profile you need to first create a User ID on Server and through some media like pen drive/CD you import the ID in to lotus client to configure the profile. I found it to be in same way and found interesting.

Group Policy prefrences
— By this you could create shortcuts on desktop, create folders, drive mapping, scripts, schedule tasks, services and many more.
— App Locker replaces software restriction policies and has many new capabilities. (Allow, Deny & Exceptions). Please visit technet to see whole new feature deeply as it has many features which i cant describe over here.
— Fine Grained password policy – In windows 2008 MS has come out with this new feature which is wonderful. You could create multiple password policies using adsiedit and give prefrences. (it is not applied on OU level but users and groups)
— Advanced audit policies – Total 9 policies are found. Under these there are also sub-categories which can be enable and visible only via cmdlets. ( Auditpol.exe is the tool to check the sub category "auditpol.exe /get /category:*" )
— Forwarding event viewever another great feature like forwarding event of remote computers locally.

Remote Desktop Services – Replacement of Terminal Services
— Run an application or an entire desktop from a central location
— Provide users with an entire desktop environment, or with their individual applications and data
— Enable secure remote access to an entire desktop, remote application, or virtual machine without establishing a VPN connection
— Requires SSL certificate
— It works on RDP over HTTPS
— Publish remote applications on the first RDS session host
— Remote Desktop gateway enables remote users to connect to internal network resources over the Internet
— Provides a secure and flexible RDP connection.

Hyper-Visor
— Its a builtin features very strongly competating with VMware ESX server. It is almost providing Live migration/Quick Migration/
— Used to : Server consolidation, Disaster Recovery, testing and development, Datacenter, NLB, Quick Mirgation, VM Snapshots,
— R2 – Improved VHD performance, Live Migration, Dynamic VM storage, Enhanced processor & Networking support.
— You might sometime want to migrate your roles to new server for some reasons like – Updating config of your exsiting server, Hardware maintanence, updating physical host OS, If you want to change it to new server hardware and other reasons too…..
— For live migration Req: 2008 R2, MS Cluster on all physical nodes, cluster with dedicated N/w, Shared storage. ( For process please go to technet.)

Windows Powershell :
— You can do scripting, Remote management, Manage roles etc…..
— It is .net framework based so you need to .net framework installed on the OS which is inbuilt.
— You can perform Acitve directory management task ( Create, Modify or delete objects etc….but need to import active directory modules)
— You can manage server roles, take backups, manage GPO, Manage IIS. And what else boss…..almost like Linux!!! heehee…!

Read Only Domain Controller
— RODC helps you easily deploy a domain controller in branch office with lower physical security.
— Read-only AD Database access.
— RODC filtered attribute set
— Unidirectional replication
— No credential caching ( Password are not replicated of all the users accept the users in branch office.
— It can be installed on Server Core which is again beautiful
— Administration role separation.

Server Core
— Server Core installation provides a minimal environment for running specific server roles that reduces the maintenance, management, and the attack surface
— Reduced maintainenace, reduced memory and disk requirements, reduced attack surface & Greater stability.
— Sconfig utility for user friendly and advanced utility available like GUI of MS and thirdparty like coreconfigurator.I wonder why MS makes such things for server core when they wanted it to be on CMDlets and why they provide third party compatibitlity.
— I understand it is totally cmdlets and administrators have to remember but still we can learn and providing GUI utilties makes work more easier and we find ourselves lazy to use cmdlets.

Network Access protection
— Planned with Windows Server 2003 R2 but not succeeded.
— It validates the Client system health by check the updates, antivirus, custom policies complied by oragnization so that they abide.
— It is not an agent but a service.
— It is not a security solution but a Health.
— It requires Server 2008, DHCP server V-6, Client- XP with Sp3, Win2K3 with SP1, Vista & Windows7.
— It can connect remedies server like antivirus, WSUS etc to update the health status of client systems.

Advertisements
This entry was posted in Active Directory. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s