Guest blogger Terry Lynch
gets hands-on advice on making the most of some of Windows Server
2012′s more advanced features. Your domain rollouts may never be the
same again.
Where To Begin?
So, after being taught about the new features and improvements in
Windows Server 2012 over the last three days at TechEd Australia 2012,
the first question most people will have is: “so where do I begin?” Alex
Pubanz and Jesse Suna from Microsoft began Friday morning with a
session answering just that.
Introducing a Windows Server 2012 domain controller into your domain
has been made much easier but the process has changed from previous
versions. Gone are the days of running a dcpromo on the server to
promote it – in fact, this command doesn’t even exist anymore. If you
run dcpromo on a Windows Server 2012 machine you’ll be helpfully told
that the role needs to be added through the server manager interface.
After adding the role of Active Directory Domain Services within the
server manager you’ll be asked if you wish to promote the server to a
Domain Controller and if you’re joining an existing domain or forest.
The server manager runs a quick check on your existing infrastructure
and determines if your domain or schema needs to be prepped and if they
do, this process will automatically run as well. If you prefer to take
control back from the wizards and manage this yourself, these processes
can both still be run manually.
And that’s all there is to it really; after a reboot your new Windows
Server 2012 domain controller is ready to go and your infrastructure is
prepared and able for more Windows Server 2012 members to be
introduced.
Migrating a file server cluster is also a fairly straightforward
process. After building the cluster in Windows Server 2012 you can then
use the Clustering Manager interface to pull information over from your
existing Window Server 2008 or Windows Server 2008 R2 cluster (sorry, no
direct migration support for Windows Server 2003). A maintenance window
will be required while the information is transferred but the process
does not alter the existing cluster so after this process is complete
you’ll hopefully be presented with a report full of green check marks
indicating a successful transfer but if for some reason anything fails,
your existing cluster remains unchanged and can be rolled back with no
issues ready to try again another time.
Everything, Everywhere
DirectAccess was introduced in Windows Server 2008R2 allowing remote
users on laptops to connect back into the corporate network for logon
credentials or file access without having to dial VPNs or configure any
tunneling. This all sounds great in theory but some of the prerequisites
for this setup really held back larger enterprises from embracing this
feature – who in their right mind would allow a Domain Controller in the
DMZ?
Fortunately this has all been rethought and a lot of the requirements
around DirectAccess have been removed and simplified with a wizard
style interface allowing administrators to configure this within
minutes. During a demo we were able to see a complete DirectAccess
deployment set up in the space of 10 minutes.
Another very interesting and useful feature in the new version of
DirectAccess is the ability to provision non domain-joined machines who
are out on the internet with no connection to the domain at all. Any
Windows 8 Enterprise machine with an internet connection can be sent a
package which, when run with administrative rights will rename the
machine, join it to your domain, apply all your group policy settings
and then allow the user to log in with their domain credentials – all
without a VPN or any physical connection to the network. Obviously the
package sent to the destination computer should be kept as secure as
possible as this could be run on any Windows8 machine and join it to
your domain but for provisioning purposes, this function could turn out
to be extremely useful.
Windows 8 and Windows Server 2012 take DirectAccess to a new level of
easy deployment and gives fantastic new functions as described above
but these can also be taken advantage of by your existing Windows7
machines although it will take some more configuration around
certificates and trust to your domain. DirectAccess is also only
compatible with Windows 8 Enterprise so you’ll need to keep this
requirement in mind.
What a week!
TechEd 2012 has been a fantastic experience and I can’t wait to get
back to the office and start testing and implementing the amazing new
features we have been shown. I’ll almost certainly be back again next
year and would love to bring more of my team with me to share the
workload, there’s been far too many sessions that I wish I was able to
attend but just didn’t have the time.
Well done to Microsoft and all the partners who helped make this
TechEd so successful and gave all of us a great time. Now we just need
to get out there and start making these things happen!
No comments:
Post a Comment