John Policelli's Blog

Microsoft recently released an update for the Active Directory Domain Services Best Practices Analyzer (AD DS BPA) in Windows Server 2008 R2. This update adds the following 8 new rules to the AD DS BPA:

Read the rest of this entry »

Windows Server 2008 and Windows Server 2008 R2 include improvements to bridgehead server selection, which are not very well known. In fact, Microsoft only recently published an article on TechNet to explain the improvements to bridgehead server selection in Windows Server 2008 R2. What follows is an in-depth look at these improvements.

Read the rest of this entry »

As I mentioned in a previous post, Microsoft recently released ADMT 3.2, which fully supports Windows Server 2008 R2. The ADMT Migration Guide was also recently updated into include ADMT 3.1 and ADMT 3.2. The ADMT Migration Guide can be downloaded here and read online here.

Microsoft officially released Service Pack 3 for Exchange Server 2007, and with it comes support for Windows Server 2008 R2. Exchange 2007 SP3 can be downloaded here.

Microsoft released the Active Directory Migration Tool (ADMT) 3.2, which fully supports Windows Server 2008 R2. A little late in my opinion, especially since Windows Server 2008 R2 went RTM almost one year ago, but nonetheless it is available now.

Read the rest of this entry »

During one of Dean Wells’ TEC 2010 presentations, I learned that MS will be releasing updates for Best Practices Analyzer. This is a great thing .

Dean mentioned that we should see updates every 6 months or so.

At present, there’s 7 updates available for BPA…none yet for AD DS though. These updates can be found here.

More information on the Best Practices Analyzer in Windows Server 2008 R2 can be found here:

• Best Practices Analyzer
• A First Look at the Active Directory Domain Services Best Practice Analyzer in the Windows Server 2008 R2 Beta
• A First Look at the DNS Server Best Practice Analyzer in the Windows Server 2008 R2 Beta

I ran into a situation where I needed to cluster two Hyper-V guests. I found several articles that provided guidance around setting up shared storage for this, but none of them were completely accurate. I then stumbled across the below post, which worked perfectly. It’s definitely worth a read.

Hyper-V Guest Clustering Step-by-Step Guide

I have finally arrived at the point where I can say that I’m running efficiently .

Home Network

• Windows Server 2008 R2
• Hyper-V R2
• Windows 7
• Office 2010

Mobility

• Windows Mobile 6.5

Work

• Exchange Server 2010
• Windows 7
• Office 2010

It’s an efficient world after all .

Here’s a link to Microsoft’s New Efficiency Website: http://thenewefficiency.com

I stumbled across a good post on Ulf B. Simon-Weidner’s Blog:

http://msmvps.com/blogs/ulfbsimonweidner/archive/2009/11/11/using-ad-powershell-to-protect-ous-from-accidental-deletion.aspx

It’s official, Kevin Allison (GM Exchange Customer Experience) published a post on the Microsoft Exchange Team Blog stating that Exchange 2007 will support Windows Server 2008 R2. The catch, it’s not here yet . There is no specific date provided in his post, but he does state “In the coming calendar year we will issue an update for Exchange 2007 enabling full support of Windows Server 2008 R2.”

Microsoft has made Group Policy cmdlets for Windows PowerShell available. These cmdlets, roughly 25 in total, can be used to:

• Maintain GPOs (create, remove, backup, reporting, and import)
• Associate GPOs with AD DS containers (link, update, and remove)
• Set inheritance and permissions on AD DS OUs and domains
• Configure registry-based settings and Group Policy Preferences Registry settings

Read the rest of this entry »

Microsoft recently released a KB that outlines the methods that you can use to upgrade a Windows Server 2008, that has the Hyper-V role installed, to Windows Server 2008 R2.

The following methods are discussed in the KB:

1. Perform an in-place upgrade of the parent partition from Windows Server 2008 to Windows Server 2008 R2.
2. Export a virtual machine from a Windows Server 2008-based computer that has Hyper-V enabled, and then import it to a server that has Windows Server 2008 R2 with Hyper-V enabled
3. Using backup software that leverages the Hyper-V VSS Writer, back up a virtual machine that is running on Windows Server 2008, and restore it to Windows Server 2008 R2

As you may have heard, Windows Server 2008 R2 introduces a number of important changes and new features for Hyper-V, so if you are planning to upgrade then you should be familiar with this KB. The KB can be found here: http://support.microsoft.com/kb/957256.

Update June 19, 2010: Microsoft has released ADMT 3.2, which fully supports Windows Server 2008 R2. Please see the following post for more details: http://policelli.com/blog/?p=550.

As you may have heard, Microsoft is working on ADMT 3.2, which will be fully supported for Windows Server 2008 R2. However, ADMT 3.2 is still under development and there is no official release date as of yet.

In the interim, a KB has been released that discuss the use of ADMT 3.1 on Windows Server 2008 R2 DCs. The KB points out the following supported scenarios for ADMT 3.1 on Windows Server 2008 R2 DCs:

• ADMT 3.1 must be run from a Windows Server 2008-based computer. The computer must be a member server or a domain controller.
• ADMT can be installed on any computer that is running Windows Server 2008, unless the computers are Read-Only domain controllers or in a Server Core configuration.
• The target domain must be based on Windows 2000 Server, Windows Server 2003, Windows Server 2008, or Windows Server 2008 R2.
• The source domain must be based on Windows 2000 Server, Windows Server 2003, or Windows Server 2008.
• The ADMT agent, which is installed by ADMT on computers in the source domains, can operate on computers that are running Windows 2000 Professional, Windows 2000 Server, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, or Windows Server 2008 R2.

Before you go ahead and use ADMT 3.1 with Windows Server 2008 R2 DCs, you should be aware of the known issues, which can be read by going to http://support.microsoft.com/kb/976659.

The Active Directory Recycle Bin is a handy new feature in Windows Server 2008 R2. Once enabled, it is now easier to recover accidentally deleted Active Directory objects.

Read the rest of this entry »

Windows Server 2008 R2, released to manufacturing in July, introduces a number of new features, including a host of new Active Directory Domain Services features. We look at the seven that pack the most powerful punch.

Read the rest of this entry »

For more details, see post on the Microsoft Exchange Team Blog: The fix for installation of Exchange 2007 SP2 with Windows 2008 R2 Domain Controllers is now available.

A post was added to the Microsoft Exchange Team blog yesterday that identifies an issue where Exchange 2007 SP2 Setup fails if all domain controllers are running Windows Server 2008 R2.

Read the rest of this entry »

I came across a great post on the Ask the Directory Services Team blog, which covers the new AD Recycling Bin (ADRB) feature that is included with Windows Server 2008 R2. The post covers the following points and is a must read for anyone wanting to learn more about this new feature:

• Understanding how ADRB works under the covers.
• What the requirements are and how to turn ADRB on.
• Using ADRB, along with some best practices.
• Troubleshooting common issues people run into with ADRB.

The post can be read by going to http://blogs.technet.com/askds/archive/2009/08/27/the-ad-recycle-bin-understanding-implementing-best-practices-and-troubleshooting.aspx

One powerful feature in Windows Server 2008 R2 is its ability to recover objects from Active Directory, which is very handy in those "Uh oh" moments. John Policelli, author of Active Directory Domain Services 2008 How-To, explains what the Active Directory Recycle Bin does and how to use it.

Read the online article by going to: http://www.informit.com/articles/article.aspx?p=1374789

You’ve probably heard that Windows Server 2008 R2 was released to manufacturing (RTM) on July 22nd. One of the major changes in Windows Server 2008 R2 it is the first Windows operating system to be offered for only 64-bit processors. So what if you need to prepare an existing Active Directory Domain Services forest/domain for Windows Server 2008 R2, and your existing servers run 32-bit versions of Windows Server? You may think that you’re SOL, but Microsoft planned ahead on this one.

Read the rest of this entry »

I posted an article on the Microsoft Identity and AD blog on Network World’s Microsoft Subnet community.

The blog entry is titled How-To Administer Active Directory Domain Services Groups Using Windows PowerShell and can be read by going to: http://www.networkworld.com/community/node/42601

I posted an article on the Microsoft Identity and AD blog on Network World’s Microsoft Subnet community.

The blog entry is titled How-To Search Active Directory Domain Services Password and Account Settings Using Windows PowerShell and can be read by going to: http://www.networkworld.com/community/node/42303

I ran across a post on the Ask the Directory Services Team blog that mentions a known issue with ADMT 3.1 and Windows Server 2008 R2. The blog entry can be read here: http://blogs.technet.com/askds/archive/2009/05/22/admt-3-1-and-windows-server-2008-r2.aspx.

Read the rest of this entry »

I posted an article on the Microsoft Identity and AD blog on Network World’s Microsoft Subnet community.

The blog entry is titled How-To Administer Active Directory Domain Services User Accounts Using Windows PowerShell and can be read by going to: http://www.networkworld.com/community/node/42218

I posted an article on the Microsoft Identity and AD blog on Network World’s Microsoft Subnet community.

The blog entry is titled Introducing the Active Directory Module for Windows PowerShell and can be read by going to: http://www.networkworld.com/community/node/42157

I have been asked to blog for Network World’s Microsoft Subnet community. The Network World blog I will be posting on is called Microsoft Identity and AD, and can be found here.

I added my first post on this blog, which is titled Introducing the New Active Directory Domain Services in Windows Server 2008 R2.

Here’s an excerpt from the post:

Windows Server 2008 introduced the most significant changes to Active Directory Domain Services (AD DS) since its inaugural release in Windows 2000 Server. Microsoft has continued along this path with Windows Server 2008 R2, making it the most noteworthy interim release of Windows Server.

AD DS in Windows Server 2008 R2 includes a number of important new features, including:

• Active Directory Recycle Bin
• Active Directory Module for Windows PowerShell
• Active Directory Administrative Center
• Active Directory Best Practices Analyzer
• Active Directory Web Services
• Authentication Mechanism Assurance
• Offline Domain Join

• Managed Service Accounts

Let’s take a closer look at each of these new features

The rest the post can be read here: http://www.networkworld.com/community/node/42051.

Windows Server 2008 R2 includes an Active Directory Module for Windows PowerShell. This new feature enables you to perform Active Directory administrative tasks by using PowerShell.

The following is a first look at the Active Directory Module for Windows PowerShell that is included with the Windows Server 2008 R2 Release Candidate.

Read the rest of this entry »

In Windows Server 2008 R2, you can now roll back (lower) the domain functional level (DFL) and forest functional level (FFL). There are a couple of conditions and limitations to this new functionality, which I discuss below.

Read the rest of this entry »

Microsoft has a website called YouShapeIT, which I’ve been featured in this month.

The YouShapeIT TechNet website includes a significant amount of product information, presentations, podcasts, and resources for the theme of the month. For this month, the theme is Windows Server with a focus on Windows Server 2008 and Windows Server 2008 R2 (Beta).

I did an interview for YouShapeIT. The transcript and the MP3 audio file of the interview can be downloaded from http://www.microsoft.com/youshapeit/technet/Podcasts/2009-05/interview_johnpolicelli.aspx

International Authority in Windows Technologies, Widely Acknowledged Networking Expert, Best-selling Author and Certification Exam Contributor, Microsoft Most Valuable Professional.

This interview was subsequently featured on a number of websites, including:

Read the rest of this entry »

The Windows Server 2008 R2 Beta includes a new Active Directory data management tool, called the Active Directory Administrative Center (ADAC). ADAC is a replacement of the Active Directory Users and Computers (ADUC) console. You can find more information on ADAC at my A First Look at the Active Directory Administrative Center in the Windows Server 2008 R2 Beta post.

I’ve been using ADAC as I evaluate the Windows Server 2008 R2 Beta, and what follows is a list of user interface enhancements and changes between ADAC and ADUC.

Read the rest of this entry »

Windows Server 2008 R2 includes a new Recycling Bin feature for Active Directory Domain Services (AD DS) and Active Directory Lightweight Directory Services (AD LDS).

The following is a first look at the Active Directory Recycling Bin that is included with the Windows Server 2008 R2 Beta.

NOTE: Updated May 8, 2009 to include information for the RC build of Windows Server 2008 R2.

Read the rest of this entry »

Windows Server 2008 R2 includes a Best Practice Analyzer (BPA) for a limited number of server roles, including Active Directory Domain Services.

The following is a first look at the Active Directory Domain Services Best Practice Analyzer (AD DS BPA) that is included with the Windows Server 2008 R2 Beta.

Read the rest of this entry »

Microsoft has released a new Active Directory data management tool in Windows Server 2008 R2, which is now called the Active Directory Administrative Center.

What follows is an initial look at the new Active Directory Administrative Center (ADAC).

Read the rest of this entry »

The following is a step-by-step guide to installing Active Directory Domain Services in the Windows Server 2008 R2 Beta.

Read the rest of this entry »

The following is a step-by-step guide to installing the Windows Server 2008 R2 Beta on VMWare Workstation 6.5. The installation of Windows Server 2008 R2 is very similar to the Windows 7 installation.

Read the rest of this entry »

As you may have heard already, Microsoft released the Beta for Windows Server 2008 R2. This is the first operating system platform that will be 64-bit only.

Read the rest of this entry »

Microsoft’s Windows Server 2008 R2 Resources site contains a number of useful guides, presentations, and links to newsgroups and forums.

I stumbled across a presentation titled “Windows Server 2008 R2 Active Directory Updates” that gives a good overview on the changes to AD DS in Windows Server 2008 R2.

As Steve Ballmer announced during his keynote speech at the Consumer Electronics Show (CES) in Las Vegas, the Windows 7 Beta and the Windows Server 2008 Beta are both available to the public starting January 9, 2009.

Read the rest of this entry »

Microsoft has published an article that lists the improvements in Windows Server 2008 R2. The article can be downloaded here.

There are a few key AD DS improvements that are highlighted. Some of the improvements will apply to all Active Directory server roles in Windows Server 2008, while others will apply to the Active Directory Domain Services server role only.

Here is a list of the improvements in Windows Server 2008 R2:

• New Forest Functional Level
• PowerShell cmdlets
• Improvements to automated monitoring and notification
• Recovery of deleted objects (built-in Recycling Bin feature)
• Offline domain join support
• Managed service accounts
• Active Directory Administrative Center (goodbye ADUC)

Read the rest of this entry »