vendredi 21 septembre 2012

Introducing RAP as a Service

RAP as a Service is a new delivery experience to enable you to assess your IT environment at your convenience. The data is collected remotely allowing you to maintain the utmost privacy and run the assessment on your own schedule. Submission of data through the cloud via a truly secure transmission, enables you to view your results immediately on our secure online portal. A Microsoft accredited engineer will review the findings, provide recommendations and knowledge transfer, and build a remediation plan with your staff and your TAM.

Key Benefits
  • Online delivery with a Microsoft accredited engineer
  • Convenience with online delivery and flexible scheduling means minimal impact on your environment and IT staff
  • Assessment results available online
  • Easily share results with your IT staff and others in your organization
  • Reassess your environment to track progress
  • Reduce support costs by exposing configuration and operational issues before they affect your business
  • Access to best practice updates for one year with an active Premier Support contract

Online Experience

Data submitted via secure transfer to Microsoft online servers are analyzed using our RAP expert system. Results are displayed on the secure online portal that remains available throughout the licensed period of your assessment. You can also reassess your environment at any time using updated best practice guidance that is made available to subscribers on a regular basis. Your IT staff can be granted access to the results in order to collaborate effectively on the outcome of the assessment.

Practical Recommendations

RAP as a Service collects information on the key technology, people, and process areas in your environment and analyzes them against best practices established by knowledge obtained from over 20,000 customer assessments. Recommendations for each of the issues are identified and articulated as part of the service. All critical and important issues are explained by the Microsoft accredited engineer and a remediation plan is provided as one of the key deliverables.

Breakthrough Follow-on Experience

Persistence is now built-in with this service, allowing you to re-assess multiple times to track progress, get updates to newly released best practice guidance, benefit from new online portal features, and interact with an exclusive online community.

Deliverables
  • Assessment tools, multiple submissions, and access to a secure online portal
  • Regular updates to best practice guidance and online portal features
  • Knowledge transfer of issues found
  • Remediation plan
  • Technical Findings report
  • One year license to continue using the online portal and tools. Also requires an active Microsoft Premier Support contract.




RAP as a Service : https://services.premier.microsoft.com/raas
RAP as a Service Prerequisites : http://www.microsoft.com/en-us/download/details.aspx?id=34698
Aucun commentaire:

jeudi 20 septembre 2012

[Windows Server 2012] Windows 2012 Active Directory Backup and Disaster Recovery Procedures from Peter Van Keymeulen

Peter Van Keymeulen from EDE Consulting has released a new version of his great guide for AD backup and restore.

Windows 2012 Active Directory Backup and Disaster Recovery Procedures : http://www.edeconsulting.be/downloads/WindowsServer2012ADBackupandDisasterRecoveryProcedures_V1.0.pdf

The Windows Server 2008 R2 version is also available and have been updated : http://www.edeconsulting.be/downloads/WindowsServer2008R2ADBackupandDisasterRecoveryProcedures_V3.3.pdf

Working with Active Directory ? You have to read this !
Aucun commentaire:

mardi 18 septembre 2012

[Windows Server 2012] Windows Server 2012 Pocket Consultant




Here is the Table of Contents :
  • Windows Server 2012 Administration Fundamentals
    • Chapter 1 : Windows Server 2012 Administration Overview
      • Windows Server 2012 and Windows 8
      • Getting to Know Windows Server 2012
      • Power Management Options
      • Networking Tools and Protocols
      • Domain Controllers, Member Servers, and Domain Services
      • Name-Resolution Services
      • Frequently Used Tools
    • Chapter 2 : Managing Servers Running Windows Server 2012
      • Server Roles, Role Services, and Features for Windows Server 2012
      • Full-Server, Minimal-Interface, and Server Core Installations
      • Installing Windows Server 2012
      • Managing Roles, Role Services, and Features
      • Managing System Properties
    • Chapter 3 : Monitoring Processes, Services, and Events
      • Managing Applications, Processes, and Performance
      • Managing System Services
      • Event Logging and Viewing
      • Monitoring Server Performance and Activity
      • Tuning System Performance
    • Chapter 4 : Automating Administrative Tasks, Policies, and Procedures
      • Understanding Group Policies
      • Navigating Group Policy Changes
      • Managing Local Group Policies
      • Managing Site, Domain, and Organizational Unit Policies
      • Maintaining and Troubleshooting Group Policy
      • Managing Users and Computers with Group Policy
    • Chapter 5 : Enhancing Computer Security
      • Using Security Templates
      • Using the Security Configuration Wizard
  • Windows Server 2012 Directory Services Administration
    • Chapter 6 : Using Active Directory
      • Introducing Active Directory
      • Working with Domain Structures
      • Working with Active Directory Domains
      • Understanding the Directory Structure
      • Using the Active Directory Recycle Bin
    • Chapter 7 : Core Active Directory Administration
      • Tools for Managing Active Directory
      • Managing Computer Accounts
      • Managing Domain Controllers, Roles, and Catalogs
      • Managing Organizational Units
      • Managing Sites
      • Maintaining Active Directory
      • Troubleshooting Active Directory
    • Chapter 8 : Creating User and Group Accounts
      • The Windows Server Security Model
      • Differences Between User and Group Accounts
      • Default User Accounts and Groups
      • Account Capabilities
      • Using Default Group Accounts
      • User Account Setup and Organization
      • Configuring Account Policies
      • Configuring User Rights Policies
      • Adding a User Account
      • Adding a Group Account
      • Handling Global Group Membership
      • Implementing Managed Accounts
    • Chapter 9 : Managing User and Group Accounts
      • Managing User Contact Information
      • Configuring the User’s Environment Settings
      • Setting Account Options and Restrictions
      • Managing User Profiles
      • Updating User and Group Accounts
      • Managing Multiple User Accounts
      • Troubleshooting Logon Problems
      • Viewing and Setting Active Directory Permissions
  • Windows Server 2012 Data Administration
    • Chapter 10 : Managing File Systems and Drives
      • Managing the File Services Role
      • Adding Hard Disk Drives
      • Working with Basic, Dynamic, and Virtual Disks
      • Using Basic Disks and Partitions
      • Compressing Drives and Data
      • Encrypting Drives and Data
    • Chapter 11 : Configuring Volumes and RAID Arrays
      • Using Volumes and Volume Sets
      • Improving Performance and Fault Tolerance with RAID
      • Implementing RAID on Windows Server 2012
      • Managing RAID and Recovering from Failures
      • Standards-Based Storage Management
      • Managing Existing Partitions and Drives
    • Chapter 12 : Data Sharing, Security, and Auditing
      • Using and Enabling File Sharing
      • Configuring Standard File Sharing
      • Managing Share Permissions
      • Managing Existing Shares
      • Configuring NFS Sharing
      • Using Shadow Copies
      • Connecting to Network Drives
      • Object Management, Ownership, and Inheritance
      • File and Folder Permissions
      • Auditing System Resources
      • Using, Configuring, and Managing NTFS Disk Quotas
      • Using, Configuring, and Managing Resource Manager Disk Quotas
    • Chapter 13 : Data Backup and Recovery
      • Creating a Backup and Recovery Plan
      • Backing Up Your Data: The Essentials
      • Performing Server Backups
      • Managing Encryption Recovery Policy
      • Backing Up and Restoring Encrypted Data and Certificates
  • Windows Server 2012 Network Administration
    • Chapter 14 : Managing TCP/IP Networking
      • Navigating Networking in Windows Server 2012
      • Managing Networking in Windows 8 and Windows Server 2012
      • Installing TCP/IP Networking
      • Configuring TCP/IP Networking
      • Managing Network Connections
    • Chapter 15 : Running DHCP Clients and Servers
      • Understanding DHCP
      • Installing a DHCP Server
      • Configuring DHCP Servers
      • Managing DHCP Scopes
      • Managing the Address Pool, Leases, and Reservations
      • Backing Up and Restoring the DHCP Database
    • Chapter 16 : Optimizing DNS
      • Understanding DNS
      • Configuring Name Resolution on DNS Clients
      • Installing DNS Servers
      • Managing DNS Servers
      • Managing DNS Records
      • Updating Zone Properties and the SOA Record
      • Managing DNS Server Configuration and Security

You can preorder your copy Here (O'REILLY) or Here (Amazon)

Aucun commentaire:

samedi 15 septembre 2012

[Windows Server 2012] Remote Server Administration Tools for Windows 8 available

RSAT for Windows 8 are available.

Remote Server Administration Tools for Windows 8 includes Server Manager, Microsoft Management Console (MMC) snap-ins, consoles, Windows PowerShell cmdlets and providers, and command-line tools for managing roles and features that run on Windows Server 2012. In limited cases, the tools can be used to manage roles and features that are running on Windows Server 2008 R2 or Windows Server 2008. Some of the tools work for managing roles and features on Windows Server 2003.

Here is a description of RSAT for Windows 8 : http://support.microsoft.com/kb/2693643

To download RSAT for Windows 8 : http://www.microsoft.com/en-us/download/details.aspx?id=28972
Aucun commentaire:

[Microsoft Solution Accelerators] Security Compliance Manager 3.0 Beta Available

The Security Compliance Manager 3.0 Beta review program just start.

Secure your environment with new product baselines for Windows Server 2012, Windows 8, and Windows Internet Explorer 10. The beta release of Security Compliance Manager (SCM) 3.0 provides all the same great features for these new baselines, as well as an enhanced setting library for these new Microsoft products. This beta release includes fixes that resolve many previously reported issues in the setting library. The updated setting library also gives you the ability to further customize baselines. SCM 3.0 provides a single location for you to create, manage, analyze, and customize baselines to secure your environment faster and more efficiently.

As part of a select group of our key customers, we invite you to participate in the Beta Review Program of these new product baselines that include security enhancements for the following server roles and features:
  • Windows Server 2012 Security Baselines:
    • Domain Controller Security Compliance
    • Domain Security Compliance
    • Hyper-V Security Compliance
    • Member Server Security Compliance
    • Web Server Security Compliance
  • Windows 8 Security Baselines:
    • BitLocker Security
    • Computer Security Compliance
    • Domain Security Compliance
    • User Security Compliance:
  • Internet Explorer 10 Security Baselines:
    • Computer Security Compliance
    • User Security Compliance

What is not available in this beta release ?
  • The ability to export compliance data using formats that work with the DCM feature in Microsoft System Center Configuration Manager and the Security Content Automation Protocol (SCAP) is temporarily blocked in the new baselines for Windows Server 2012, Windows 8, and Internet Explorer 10. This functionality will be enabled in the next beta release update.
  • This beta release includes five baselines for Windows Server 2012. The following additional server role baselines will be included in the next beta release update:
    • Active Directory Certificate Services (AD CS)
    • DNS Server
    • DHCP Server
    • File Services
    • Network Policy and Access Servers
    • Print Services
    • Remote Access
    • Remote Desktop Services


What is the release plan for the rest of beta baseline?

Additional SCM 3.0 Beta baselines will be released through Microsoft Connect so that you can download and import them into the SCM 3.0 Beta application.
The date for the next beta is currently scheduled for the middle of November 2012.



Here is a comparison between WS 2008 R2 SP1 and WS 2012 Domain Security Baseline.




 To download this tool : http://connect.microsoft.com/site715/Downloads/DownloadDetails.aspx?DownloadID=46234
1 commentaire:

jeudi 13 septembre 2012

[Microsoft Solution Accelerators] Data Classification Toolkit Released

The Solution Accelerators Team has released Microsoft Data Classification Toolkit

I have already presented this tool in the two following post :
http://gregorylucand.blogspot.fr/2012/04/windows-8-server-data-classification.html
http://gregorylucand.blogspot.fr/2012/05/data-classification-toolkit-active.html


The Data Classification Toolkit supports new Windows Server 2012 features, Dynamic Access Control, and backward compatibility with the functionality in the previous version of the toolkit. The toolkit provides support for configuring data compliance on file servers running Windows Server 2012 and Windows Server 2008 R2 SP1 to help automate the file classification process, and make file management more efficient in your organization. 

Simplify your central access policy configuration experience.
The latest version of the toolkit allows you to provision and standardize central access policy across a forest and apply default access policies on your file servers. The toolkit also provides tools to provision user and device claim values based on Active Directory Domain Services (AD DS) resources to help simplify configuring Dynamic Access Control in Windows Server 2012. You can also easily track and report existing Central Access Policy on file shares.

Streamline your data compliance user experience.
The toolkit adds a UI to the existing Windows PowerShell experience, including a Classification Wizard that you can use to manage file classifications, and a Claims Wizard to manage central access policy on the file servers in your organization. You can also use the Claims Wizard to build claim values in AD DS.

The Data Classification Toolkit for Windows Server 2012 is designed to help organizations:
  • Identify, classify, and protect data on their file servers.
  • Take advantage of new features and technologies in Windows Server 2012, as well as support hybrid environments with file servers running Windows Server 2012 and Windows Server 2008 R2 SP1.
  • Easily configure default central access policy across multiple servers.
  • Build and deploy policies cost-effectively to protect critical information.

Use the Data Classification Toolkit to help your organization successfully plan and maintain data classification programs in these critical areas:
  • Identifying applicable IT GRC authority documents.
  • Defining corresponding classification policies.
  • Preserving evidence that demonstrates the implementation of effective controls.

You can download this tool here : http://www.microsoft.com/en-us/download/details.aspx?id=27123
Aucun commentaire:

lundi 10 septembre 2012

[Microsoft Solution Accelerators] Microsoft Virtual Machine Converter Released

The Solution Accelerator Team has released Microsoft Virtual Machine Converter.

The Microsoft Virtual Machine Converter (MVMC) Solution Accelerator is a Microsoft-supported, stand-alone solution for the IT pro or solution provider who wants to convert VMware-based virtual machines and disks to Hyper-V®-based virtual machines and disks. The MVMC solution can perform full conversions of VMware-based virtual machines as well as conversions of VMware-based virtual hard disks to Hyper-V-based virtual hard disks (VHD).

Benefits :
MVMC is the only stand-alone, Microsoft-supported solution to provide conversion of virtual machines and disks from VMware to Hyper-V. It can be deployed with minimal dependencies. Because MVMC has a fully scriptable command-line interface (CLI), it integrates especially well with data center automation workflows such as those authored and run within Microsoft System Center 2012 - Orchestrator. It can also be invoked through Windows PowerShell®. The solution is easy to download, install, and use. In addition to the CLI, MVMC provides a wizard-driven GUI, making it simple to perform virtual machine conversion.

Features :
MVMC provides the following features
  • Converts and deploys virtual machines from VMware hosts to Hyper-V hosts running:
    • Windows Server® 2012
    • Microsoft Hyper-V Server 2012
    • Microsoft Hyper-V Server 2008 R2 SP1
    • Windows Server 2008 R2 SP1
  • Converts VMware virtual machines, virtual disks, and configuration (memory, virtual processor and so on) from the source to Hyper-V.
  • Adds virtual network interface cards (NICs) to the converted virtual machine on Hyper-V.
  • Supports conversion of virtual machines from VMware vSphere 4.1 and 5.0 hosts to Hyper-V.  
    • Note   MVMC also supports conversion of virtual machines from VMware vSphere 4.0 if the host is managed by vCenter 4.1 or vCenter 5.0. You have to connect to vCenter 4.1 or 5.0 through MVMC to convert virtual machines on vSphere 4.0.
  • Offers fully scriptable command-line interface that integrates well with data center automation workflows and Windows PowerShell scripts.
  • Has a wizard-driven GUI, making it simple to perform virtual machine conversion.
  • Uninstalls VMware tools prior to conversion to provide a clean way to migrate VMware-based virtual machines to Hyper-V. 
    • Important   MVMC will take a snapshot of the virtual machine you are converting prior to uninstalling VMware tools and then shut down the source machine to preserve state during conversion. The virtual machine will be restored to its previous state once the source disks attached to the virtual machine are successfully copied to the machine where the conversion process is run. At that point the source machine in VMware can be turned on if required.
  • Supports Windows Server guest operating system conversion, including Windows Server 2008, Windows Server 2008 R2, Windows Server 2003 SP2, and Windows Server 2003.
  • Enables conversion of Windows® client versions, including Windows 7 and Windows Vista®.
  • Installs integration services on the converted virtual machine if the guest operating system is Windows Server 2003 SP2.
  • Includes a command-line utility for offline conversions of VMware-based virtual hard disks (VMDK) to a Hyper-V-based virtual hard disk file format (.vhd file).  
    • Note   The offline disk conversion does not include driver fixes. Windows Server 2003 support is not included for the offline disk conversion.
  • Supports conversion from multiple VMDK formats to fixed-size and dynamically expanding VHD formats.

Supported Configurations for Machine Conversion :
Any combination of the following is supported:
  • VMware sources including:
    • vCenter Server 5.0
    • vCenter Server 4.1
    • ESXi Server 5.0
    • ESXi/ESX Server 4.1
    • Note   MVMC supports ESXi/ESX 4.0 if the host is managed by vCenter 4.1 or vCenter 5.0. In this case, you must connect to vCenter 4.1 or 5.0 through MVMC to convert virtual machines on the 4.0 hosts.
  • Destination Host Server:
    • Hyper-V on Windows Server 2008 R2 SP1 Standard
    • Hyper-V on Windows Server 2008 R2 SP1 Enterprise
    • Hyper-V on Windows Server 2008 R2 SP1 Datacenter
    • Hyper-V on Windows Server 2012
    • Microsoft Hyper-V Server 2008 R2
    • Microsoft Hyper-V Server 2012
  • Guest operating systems supported for conversion:
    • Windows Server 2003 Standard Edition with SP2 x86
    • Windows Server 2003 Standard Edition with SP2 x64
    • Windows Server 2003 Enterprise Edition with SP2 x86
    • Windows Server 2003 Enterprise Edition with SP2 x64
    • Windows Server 2003 R2 Enterprise Edition with SP2 x86
    • Windows Server 2003 R2 Enterprise Edition with SP2 x64
    • Windows Server 2003 R2 Standard Edition with SP2 x86
    • Windows Server 2003 R2 Standard Edition with SP2 x64
    • Windows Vista Enterprise x64
    • Windows Vista Enterprise x32
    • Windows 7 Enterprise x86
    • Windows 7 Enterprise x64
    • Windows 7 Professional x86
    • Windows 7 Professional x64
    • Windows 7 Ultimate x86
    • Windows 7 Ultimate x64
    • Windows Server 2008 Enterprise x86
    • Windows Server 2008 Enterprise x64
    • Windows Server 2008 Datacenter x86
    • Windows Server 2008 Datacenter x64
    • Windows Server 2008 R2 Standard
    • Windows Server 2008 R2 Enterprise x64
    • Windows Server 2008 R2 Datacenter x64

To download this tool : http://www.microsoft.com/en-us/download/details.aspx?id=34591

And here is a case study where this great tool has been used : http://www.microsoft.com/casestudies/Case_Study_Detail.aspx?CaseStudyID=710000001055 

Aucun commentaire:

vendredi 7 septembre 2012

[Windows Server 2012] Introducing Windows Server 2012 Free Ebook Updated

Mitch Tulloch has updated his very popular free ebook on Windows Server 2012 based on the RTM version of the software.




To download this Ebook :
Introducing Windows Server 2012 PDF
Introducing Windows Server 2012 EPUB
Introducing Windows Server 2012 MOBI

You can also get a hard copy here : http://shop.oreilly.com/product/0790145372536.do


Aucun commentaire:

[Windows Server 2012] Windows Server 2012 Infographic


Aucun commentaire:

jeudi 6 septembre 2012

[Powershell V3] PowerShell 3.0 is now available

Windows PowerShell 3.0 is now available for download for Windows 7, Windows Server 2008 R2 and for Windows Server 2008.


Some of the new features in Windows PowerShell 3.0 include:
  • Workflow : Windows PowerShell Workflow lets IT Pros and developers apply the benefits of workflows to the automation capabilities of Windows PowerShell. Workflows allow administrators to run long-running tasks (which can be made repeatable, frequent, parallelizable, interruptible, or restart-able) that can affect multiple managed computers or devices at the same time.
  • Disconnected Sessions :  PowerShell sessions can be disconnected from the remote computer and reconnected later from the same computer or a different computer without losing state or causing running commands to fail.
  • Robust Session Connectivity : Remote sessions are resilient to network failures and will attempt to reconnect for several minutes. If connectivity cannot be reestablished, the session will automatically disconnect itself so that it can be reconnected when network connectivity is restored. Scheduled Jobs Scheduled jobs that run regularly or in response to an event.
  •  Delegated Administration : Commands that can be executed with a delegated set of credentials so users with limited permissions can run critical jobs.
  • Simplified Language : Syntax Simplified language syntax that make commands and scripts look a lot less like code and a lot more like natural language.
  • Cmdlet Discovery Improved : cmdlet discovery and automatic module loading that make it easier to find and run any of the cmdlets installed on your computer.
  • Show-Command : Show-Command, a cmdlet and ISE Add-On that helps users find the right cmdlet, view its parameters in a dialog box, and run it.

You can get it here : http://www.microsoft.com/en-us/download/details.aspx?id=34595
Be careful, .NET Framework 4 is required : http://www.microsoft.com/en-us/download/details.aspx?id=17851

Hey, Scripting Guy! blog : http://blogs.technet.com/b/heyscriptingguy/

Other links related :
Microsoft Script Explorer RC Available :  http://gregorylucand.blogspot.fr/2012/08/powershell-microsoft-script-explorer-rc.html
Windows PowerShell 3.0 and Server Manager Quick Reference Guides  :   http://gregorylucand.blogspot.fr/2012/06/powershell-v3-windows-powershell-30-and.html
Windows PowerShell Support for Windows Server 2012 : http://gregorylucand.blogspot.fr/2012/06/powershell-windows-powershell-support.html

Aucun commentaire:

mercredi 5 septembre 2012

[Windows Server 2012] Here we are !

You surely haven't missed it but Windows Server 2012 is now available !














What's new in Windows Server 2012 : http://technet.microsoft.com/en-us/library/hh831769

To download the trial : http://technet.microsoft.com/en-us/evalcenter/hh670538.aspx?wt.mc_id=TEC_108_1_33

Aucun commentaire:

dimanche 2 septembre 2012

[Active Directory] The Evolution of Active Directory Recovery (TechEd 2012)

Here is a great video taken at TechEd North America 2012 about Active Directory Recovery presented by Ulf B. Simon-Weidner  (http://msmvps.com/blogs/UlfBSimonWeidner/).

An Active Directory failure is the most critical disaster in most organizations, and the infrastructure has changed: virtualization provides benefits, but also risks. Active Directory Recycle bin helps with recovering, but not in every situation. GPMC and the new Windows Backup can help, but you still need additional knowledge. In this session we take a geek view of Active Directory Backup and Recovery in various versions of Windows. Learn what you need in your backups, what you need to prepare for recovery, what the issues are and how to solve them. We look at different stages of Operating Systems up the the next generation Windows Server 2012 and learn where knowledge needs to complement features and how new possibilities will help you in planning your disaster recovery strategy.



Here is the direct link : http://channel9.msdn.com/Events/TechEd/NorthAmerica/2012/SIA319
And the slides : http://video.ch9.ms/teched/2012/na/SIA319.pptx
Aucun commentaire:

[Active Directory] Active Directory Snapshots Part 2/3 : Manage Snapshot

After presenting this feature in the previous post, we'll now see how to manage Active Directory Snapshot.

As I said in the previous post, there are two Tools which are used for Active Directory Snapshot : NTDSUTIL and DSAMAIN.


First I will show you how to create and mount snapshot with NTDSUTIL (http://technet.microsoft.com/en-us/library/cc753343(v=ws.10).aspx).

If you work on Active Directory, this tool should be familiar.

First, launch NTDSUTIL, set your Active Directory Database as the active instance, and go in the snapshot options.



Here are the different actions you can make to manage snapshots



Now I create a new snapshot :



I list all snapshots (there is just the one I just create) :



And I mount the snapshot.


That's all for now with NTDSUTIL.


Now we'll use DSAMAIN (http://technet.microsoft.com/en-us/library/cc772168(v=ws.10).aspx) to expose the snapshot data as an LDAP server.


First I copy the path of the snapshot database.




And we now use DSAMAIN. You just have to give the snapshot database path (Be careful if you use Powershell, you have to use single quote and not double quotes for the DBPATH) and the ldap port.

If you have already use DSAMAIN with Windows Server 2008 or 2008 r2, the result was different than mine. Indeed, as I use Windows Server 2012 for my hypervisor and my lab, virtualized domain controller feature are available and that's what you can see here.


Keep this Windows open.


Now you can use several tools to connect to the snapshot.
I'll use ADUC but you can use LDP, ADSIEDIT, ...


You can directly launch ADUC and connect to the snapshot



You can see that the current Directory Server is our snapshot.



Now you can browse your Active Directory Snapshot with ADUC (in read-only) for diagnostic purposes.

You can also mount simultaneously several snapshots :




When your diagnostics are done, stop DSAMAIN (with Ctrl + C)



And then you can unmount the snapshot through NTDSUTIL.


You can also automate the creation of snapshot. For this you have to use scheduled tasks with a one line command : 
ntdsutil "activate instance ntds" snapshot create quit quit

As you can see manage Active Directory Snapshot is very easy.



In the final post, we'll see how to restore attributes from Active Directory Snapshots and I will present you a tool from Fredrik Lindström, Directory Service Comparison Tool.

Aucun commentaire:

[Active Directory] Active Directory Snapshots Part 1/3 : Presentation

Why presenting this "old" feature one week before the release of Windows Server 2012 ?

It's simple, many companies doesn't use this feature in their Active Directory backup and restore policy whereas it should be integrated in this policy as an additionnal tools for diagnostic purposes.



So what is Active Directory Snapshot ?

Active Directory snapshot is a shadow copy, created by the Volume Shadow Copy Service (VSS), of the volumes that contain the Active Directory database and log files.
This feature, introduced with Windows Server 2008, allows you to create read-only snapshots of the Active Directory Database.
Then you can mount this snapshot on a online domain controller for simplifying a recovery process or auditing changes and objects deletion.


Why should you use Active Directory Snapshot ?

That's simple, saving time in the recovery process.
Indeed, in the case where you have to restore a backup, you have to determine first which backup is best. You must restore it to a domain controller to view its contents. Each restore operation requires that you restart the domain controller in Directory Services Restore Mode (DSRM) until you find the best backup.
With Active Directory Snapshot you can easily determine which backup is the best without restart the domain controller in Directory Services Restore Mode.
Active Directory Snapshot can also be used to restore objects (we'll see this later) but not natively.


What do you need to use Active Directory Snapshot ?

Two tools are used for Active Directory Snapshot :
  • NTDSUTIL
  • DSAMAIN

NTDSUTIL (http://technet.microsoft.com/en-us/library/cc753343(v=ws.10).aspx) allows you to manage snapshots (create, delete, mount and unmount snapshot).
DSAMAIN (http://technet.microsoft.com/en-us/library/cc772168(v=ws.10).aspx) allow you  to expose the snapshot data as an LDAP server.

Then you can use existing LDAP tools as LDP, ADSIEDIT, ADUC to connect to the snapshot.


That's all for this post, we'll see next how to manage Active Directory Snapshot.

Aucun commentaire:
Inscription à : Articles (Atom)