Tag Archives: Microsoft

Mastering Active Directory

This is my 14th year in IT. During that time, I was working with different companies. I was working on different positions. I was working with many different technologies. But there was one thing that never changed. It’s my love for Microsoft Active Directory. From the day I heard about Active Directory and its capabilities, I spent countless hours reading, listing about it. I spent countless hours with my labs testing its strength. I also learned from my mistakes.  When I was working with different customers I noticed that even though people know about Active Directory, they do not use most of its features to protect, improve efficiency or to improve management of their identity infrastructure. This is due to two main reasons. First is, they think the technology that involves is too “complex”. Second is, they believe they do not have enough “skills” to do it.

In 2010, my website rebeladmin.com was born. The idea of it was to explain Active Directory’s capabilities, features, in simplified way and provide Step-by-Step guides to implement and configure Active Directory related services and features. This is a non-profit website and has more than 400 articles so far. As result of this community contribution I was awarded with Microsoft Most Valuable Professional (MVP) award. It started a new era of my life and I was able to bring my message to communities in strong way.

Today I reached another milestone in my life. Today is the day my first book going public. “Mastering Active Directory” is the fruit of my knowledge and experience about Active Directory.

Book Name: Mastering Active Directory

ISBN : 978-1-78728-935-2

Number of Pages: 730

From today, the book is available for purchase worldwide through,

Packt Publisherhttps://www.packtpub.com/networking-and-servers/mastering-active-directory  

Amazon –  http://amzn.to/2swlewD  

coverfront

Please send all your inquiries and feedbacks to rebeladm@live.com

Enterprise Mobility Suite in Open Licensing

Single-Sign-On (SSO) is one of the crucial concerns engineers have when moving in to cloud. This is critical when it comes to hybrid-cloud model. It needs to integrate “already setup” infrastructure with various SaaS applications and IaaS. Users also may connect from different locations as well as via different devices. Microsoft already have Azure AD which give opportunity bring identity management capabilities in to the azure cloud.  The Enterprise Mobility Suite (EMS) is designed to help organizations meet complex IT challenges by providing a people-centric IT solution that gives users access to corporate resources from the devices of their choice, while making it easier for IT administrators to securely manage devices, data, and applications across platforms.

EMS is a collection of 3 Azure individual offerings brought together in a single SKU namely; Microsoft Intune, Azure Active Directory Premium and Azure Rights Management Services. EMS provides a significant discount over these individual products and is a comprehensive cloud solution that provides hybrid identity and access management, Device and Application management and rights protection. This solution is targeted at hybrid cloud customers and O365 users.

Following slide show the main 3 characteristics of EMS.

ems1

You can get more details about each feature by watching fallowing videos.

Hybrid Identity Management Demo

Mobile Device Management Demo

Information Protection Demo

Why Microsoft?

ems2

The Enterprise Mobility Suite simplifies the procurement process—all you need is one vendor, one contract, and one SKU.

By contrast competitive offerings require customers to stich together a patchwork of products from multiple vendors.  This generally a more expensive approach, a more complex acquisition with different licensing models, and often involves using products with overlapping and incompatible capabilities.

Offering Enterprise Mobility Suite (EMS) through Open programs will enable sales of additional Microsoft Cloud services through Distributors and their Reseller channels, targeting small and medium businesses (25-250 PCs.)

Starting March 1, 2015 Enterprise Mobility Suite Full user license will be available in the Volume Licensing Updated Open Programs, Open License, Open Value, and Open Value Subscription. This offer is for customers wishing to purchase the Enterprise Mobility Suite without requiring an underlying Core CAL or Enterprise CAL.

Where to Start?

You can get more details about EMS using http://www.microsoft.com/en-us/server-cloud/enterprise-mobility/Overview.aspx

You can get pricing from http://www.microsoft.com/en-us/server-cloud/enterprise-mobility/pricing.aspx

You can find some great articles on http://blogs.technet.com/b/em/

Active Directory in Hybrid Cloud

Cloud”, the most common term now in IT, its everywhere . Companies which provides IT services bringing their products and services in to the cloud rapidly. “Hosting services” was the first industry affect with it and now its spread to even small companies, individual professionals. With introduce of everyday products like Microsoft office365 every one start to understand the benefits of the “cloud”. Some organizations are use their own private cloud while some are completely move in to public cloud services.

One of the main concern people had about cloud was how they can bring there infrastructure services, resources, applications without impact to productivity. For example most organizations uses Single-Sign-On (SSO) to reduce the complexity of the authentication and authorization process. After we move organization’s resources, products, services to cloud if SSO do not work it still preventing full benefits of the cloud in end user prospective. The same time it will make impact on productivity directly. This access control and authentication concerns are more applying in to “Hybrid Cloud” systems. In Hybrid cloud some resources, services, application will run on-premises and some will be run from public cloud or private cloud setup in data center. This is the most commonly used cloud model in industry.

One of the solution used to address this is federation services. But issue is not every application or products uses same standards, protocols for identity management. As we know most of available products supports integration with AD services. Even Microsoft gives relevant tools, techniques to succeed with SSO on application development. So if you have working infrastructure system with all company requirement, how you convince management to move in to cloud system which will needs to deal with identity and access issues?

Well, Microsoft has found the solution for this. “Microsoft cloud – Azure” and windows server 2012 allows to extend the active directory in to the cloud. It allows to use claim based authorization. We can use windows azure AD as the identity store for the hybrid cloud and easily integrate other systems such as web portals, email system, crm, non-Microsoft apps. Also it can sync with the on-premises windows server active directory using “DirSync (Windows Azure Active Directory Sync Agent)” with AD FS (Active Directory Federation Services).

clip_image001_1E3725C4

In next posts let’s see how we can configure Azure AD and how it works with integration. If you have any question about post feel free to contact me on rebeladm@live.com

Image Source: http://blogs.technet.com/cfs-file.ashx/__key/communityserver-blogs-components-weblogfiles/00-00-00-98-54-metablogapi/clip_5F00_image001_5F00_1E3725C4.png

Windows 7 and Windows Server 2008 R2 SP1

Windows 7 and Windows Server 2008 R2 SP1 helps keep your PCs and servers on the latest support level. It also provides ongoing improvements to the Windows Operating System (OS), by including previous updates delivered over Windows Update as well as continuing incremental updates to the Windows 7 and Windows Server 2008 R2 platforms based on customer and partner feedback. This enables organizations to deploy a single set of updates.

Windows 7 and Windows Server 2008 R2 SP1 will help you:

  • Keep your PCs supported and up-to-date
  • Get ongoing updates to the Windows 7 platform
  • Easily deploy cumulative updates at a single time
  • Meet your users' demands for greater business mobility
  • Provide a comprehensive set of virtualization innovations
  • Provide an easier Service Pack deployment model for better IT efficiency

 

Setup prerequisites

The following conditions are prerequisites for the installation of SP1:

  • Your current operating system must be the Release to Manufacturing (RTM) version of Windows 7 or Windows Server 2008 R2 (build 7600).
  • Users updating through Windows Update/WSUS must install the Servicing Stack Update (SSU) that handles the installation and removal of software updates, language packs, and optional Windows features. This update is necessary to successfully install or uninstall the service pack; it also improves the performance and reliability of the service pack installation. This update is part of the standalone update package and will be offered as a separate package on Windows Update.

Service Pack 1 size

In order to make the improvements detailed in this document, various individual files and components have been updated. Also, the language-neutral design of Windows necessitates that the service pack be able to update any possible combination of the basic languages supported by Windows 7 with a single installer, so language files for the 36 basic languages are included in the standalone installer.

For System Administrators, there is a standalone installation package available. However, most home and small business users will receive SP1 through Windows Update. Windows Update utilizes an efficient transfer mechanism to download only the bytes that are needed, resulting in a download that ranges in size from 44 megabytes (MB) to 96 MB depending on the system architecture.

Delivery Method

Recommended Usage

Download size (x86)

Download size (x64)

Download size (ia64)

Standalone Package

  • Computers without internet access
  • System Administrators

About 537 MB

About 903 MB

About 511 MB

Windows Update

  • Most home users
  • Many business customers

About 44 MB (Windows 7)

  • About 74 MB (Windows 7)
  • About 96 MB (Windows Server 2008 R2)

n/a

Integrated DVD

  • New PCs
  • Fresh Windows installations
  • Vista upgrades

n/a

n/a

n/a

 

Changes specific to Windows Server 2008 R2

Dynamic Memory

Constraints on the allocation of physical memory represents one of the greatest challenges organizations face as they adopt new virtualization technology and consolidate their infrastructure. With Dynamic Memory, an enhancement to Hyper-V™ introduced in Windows Server 2008 R2 SP1, organizations can now make the most efficient use of available physical memory, allowing them to realize the greatest possible potential from their virtualization resources. Dynamic Memory allows for memory on a host machine to be pooled and dynamically distributed to virtual machines as necessary. Memory is dynamically added or removed based on current workloads, and is done so without service interruption.

Virtual machines running a wide variety of operating systems can use Dynamic Memory; for a complete list, see the "Dynamic Memory Evaluation Guide" at http://go.microsoft.com/fwlink/?LinkId=192444. The guide also discusses Dynamic Memory settings and usage in detail.

Microsoft RemoteFX

Businesses are increasingly looking to leverage the efficiency and cost savings that can come from a virtualized desktop infrastructure. With the addition of Microsoft RemoteFX in Windows Server 2008 R2 SP1, a new set of remote user experience capabilities that enable a media-rich user environment for virtual desktops, session-based desktops and remote applications is introduced. Harnessing the power of virtualized graphics resources, RemoteFX can be deployed to a range of thick and thin client devices, enabling cost-effective, local-like access to graphics-intensive applications and a broad array of end user peripherals, improving productivity of remote users.

RemoteFX can function independently from specific graphics stacks and supports any screen content, including today's most advanced applications and rich content (including Silverlight and Adobe Flash), ensuring that end users maintain a rich, local-like desktop experience even in a virtualized thin-client environment.

RemoteFX also adds mainstream USB device support to virtual desktop computing, including support for USB drives, cameras and PDAs connected to the client device. RemoteFX also provides a platform for hardware and software partners to enhance RemoteFX capabilities in a variety of possible host, client and network configurations.

To use RemoteFX, the virtualization server must be running Windows Server 2008 R2 with SP1, the virtual machine must be running Windows 7 Enterprise with SP1 or Windows 7 Ultimate with SP1, and the remote client computer must be running either Windows Server 2008 R2 with SP1 or Windows 7 with SP1. To connect to the virtual machine, the remote client computer requires an updated version of Remote Desktop Services (included in the service pack for all editions of Windows 7).

Enhancements to scalability and high availability when using DirectAccess

DirectAccess is a new feature in the Windows 7 and Windows Server 2008 R2 operating systems that gives users the experience of being seamlessly connected to their corporate network any time they have Internet access. In Windows Server 2008 R2 SP1, improvements have been made to enhance scalability and high availability when using DirectAccess, through the addition of support for 6to4 and ISATAP addresses when using DirectAccess in conjunction with Network Load Balancing (NLB).

Support for Managed Service Accounts (MSAs) in secure branch office scenarios

SP1 enables enhanced support for managed service accounts (MSAs) to be used on domain-member services located in perimeter networks (also known as DMZs or extranets).

Support for increased volume of authentication traffic on domain controllers connected to high-latency networks

As a greater volume of IT infrastructure migrates to cloud-based services, there is a need for higher thresholds of authentication traffic to domain controllers located on high-latency networks (such as the public Internet). SP1 allows for more granular control of the maximum number of possible concurrent connections to a domain controller, enabling a greater degree of performance tuning for service providers.

Enhancements to Failover Clustering with Storage

SP1 enables enhanced support for how Failover Clustering works with storage that is not visible for all cluster nodes. In SP1, improvements have been made to the Cluster Validation and multiple Failover Cluster Manager wizards to allow workloads to use disks that are shared between a subset of cluster nodes.

Changes specific to Windows 7

Additional support for communication with third-party federation services

Additional support has been added to allow Windows 7 clients to effectively communicate with third-party identity federation services (those supporting the WS-Federation passive profile protocol). This change enhances platform interoperability, and improves the ability to communicate identity and authentication information between organizations.

Improved HDMI audio device performance

A small percentage of users have reported issues in which the connection between computers running Windows 7 and HDMI audio devices can be lost after system reboots. Updates have been incorporated into SP1 to ensure that connections between Windows 7 computers and HDMI audio devices are consistently maintained.

Corrected behavior when printing mixed-orientation XPS documents

Prior to the release of SP1, some customers have reported difficulty when printing mixed-orientation XPS documents (documents containing pages in both portrait and landscape orientation) using the XPS Viewer, resulting in all pages being printed entirely in either portrait or landscape mode. This issue has been addressed in SP1, allowing users to correctly print mixed-orientation documents using the XPS Viewer.

Step by Step guide to setup Active Directory on Windows Server 2008

This tutorial will explain how to install AD on server 2008. This will valid for windows 2008 R2 as well.

Requirement:

Minimum: Single processor with 1.4 GHz (x64 processor) or 1.3GHz (Dual Core)

Minimum: 512 MB RAM

Minimum: 32 GB or greater

  • The first step is to assign a ip to the server that you going to deploy the AD. Its nessary to install it as DNS server too. So its better to have fixed ip it doesn't mean you cannot install AD without fixed ip address but it will solve lot of issues if you used fixed ip.

In here the server ip is 10.0.0.14. Since we going to make it as DNS server too you should use the same ip as the preferred DNS server.

  • Next step is to install the Active directory roles. Unlikely the older version of windows servers Microsoft highly recommend to use server manager option to install roles before you run dcpromo.

 

  • Click on start menu and select the Server Manager

  • Select the roles from the right hand panel and click on add roles option.

  • From the roles list select the "Active Directory Domain Services" role and Click "Next"

  • Review the confirmation and click on "Next"

  • Review the installation confirmation and click on "Next"

  • It will take few minutes to complete and when its done you will get this confirmation. And then click on "Close"

After that you will need to do a reboot.

  • After reboot please open up the "server Manager" again. And then click on "Roles" there you will see the "Active Directory Domain Services" is successfully installed in there. click on it then you will get a window like below.

     

     

    In their please pay attention to the message

     

     

    So please click on that link and it will start the DCPROMO wizard.

     

  • So next step to go through the DC promo wizard.
  • To start the installation click on "Next"

  • Click on "Next"

  • Since we going to install New domain Controller in new forest please select the option "Create a new domain in new forest" option and click on "Next"

  • Now we have to provide the name for our domain controller. It must be FQDN. In our case I used rebeladmin.com as the domain. Please click "Next" after it.

  • In this window it will ask to select forest function level. If you going to add server 2003 domain controller to your forest later don't select the function level as server 2008. If you going to use full features of 2008 Ad you must select forest function level as server 2008. In my case I used server 2008. Click on "Next" after the select.

  • In next window since it's the first DC we should make it as DNS server too. Leave the default selection and click on "Next"

  • If the wizard cannot create a delegation for the DNS server, it displays a message to indicate that you can create the delegation manually. To continue, click "Yes"

  • In next window it will show up the database location. It its going to be bigger AD its good if you can keep NTDS database in different partition. Click on "Next" after changes.

  • In next window its asking to define a restore mode password. Its more important if you had to do a restore from backup in a server crash. Click on "Next" after filling it.

  • Next window is giving you a brief of the installation. Click on "Next"

  • Then it will start the installation of the AD. It will take some time to complete. After complete of the installation perform a server reboot.

  • After the reboot now you can login to the domain. Please use the login as following example

User name : your domain\administrator

Password : XXXXXXXX

  • Now its done and you can view the active directory options on administrative tools menu

Hope this tutorial is clear for you guys. If any question please ask me on rebeladm@live.com