Chapter 1: Windows Server 2008 R2 Technology Primer

1 2 3 4 5 6 7 8 9 Page 3
Page 3 of 9

Server Core has been a great version of Windows for utility servers such as domain controllers, DHCP servers, DNS servers, IIS web servers, or Windows virtualization servers being that the limited overhead provides more resources to the applications running on the server, and by removing the GUI and associated applications, there’s less of a security attack footprint on the Server Core system. Being that most administrators don’t play Solitaire or use Media Player on a domain controller, those are applications that don’t need to be patched, updated, or maintained on the GUI-less version of Windows. With fewer applications to be patched, the system requires less maintenance and management to keep operational.

Note - With the new remote administration capabilities of Windows Server 2008 R2, covered in Chapter 20, “Windows Server 2008 R2 Management and Maintenance Practices,” administrators can now remotely manage a Server Core system from the Server Manager GUI interface on another server. This greatly enhances the management of Server Core hosts so that administrators can use a GUI console to manage the otherwise GUI-less version of Windows Server.

What’s New and What’s the Same About Windows Server 2008 R2?

From a Microsoft marketing perspective, Windows Server 2008 R2 could be said to be faster, more secure, more reliable, and easier to manage. And it is true that the Windows Server 2008 R2 operating system has all these capabilities. However, this section notes specifically which changes are cosmetic changes compared with previous Windows operating systems and which changes truly improve the overall administrative and end-user experience due to improvements in the operating system.

Visual Changes in Windows Server 2008 R2

The first thing you notice when Windows Server 2008 R2 boots up is the new Windows 7-like graphical user interface (GUI). This is obviously a simple cosmetic change to standardize the current look and feel of the Windows operating systems. Interestingly, with the release of Windows Server 2008 R2, Microsoft did away with the “Classic View” of the administrator Control Panel. For all the network administrators who always switched their server Control Panel to the Classic View, that is now gone, and you will need to figure out the “updated” Control Panel that was the standard starting with Windows XP.

Continuation of the Forest and Domain Model

Windows Server 2008 R2 also uses the exact same Active Directory forest, domain, site, organizational unit, group, and user model as Windows 2000/2003/2008. So if you liked how Active Directory was set up before, it doesn’t change with Windows Server 2008 R2 Active Directory. Even the Active Directory Sites and Services, Active Directory Users and Computers (shown in Figure 1.4), and Active Directory Domains and Trusts administrative tools work exactly the same.

Figure 1.4

Active Directory Users and Computers tool.

There are several changes to the names of the Active Directory services as well as significant improvements within Active Directory that are covered in the section “Changes in Active Directory” a little later in this chapter.

Changes That Simplify Tasks

Windows Server 2008 R2 has added several new capabilities that simplify tasks. These capabilities could appear to be simply cosmetic changes; however, they actually provide significant benefits for administrative management.

New Server Manager Tool

A tool that was added in Windows Server 2008 is the Server Manager console, shown in Figure 1.5. Server Manager consolidates all of the administrative management consoles from Windows 2000/2003 into a single management tool. Now instead of having to open up the Active Directory Users and Computers console, Control Panel system properties, the DNS management console, and so on, and then toggle to the appropriate console you want, all of the information is now available in one screen.

Figure 1.5

Server Manager.

Updated in Windows Server 2008 R2 is the ability for an administrator to use the Server Manager tool to access not only the server resources on the current server system, but also to remotely access server resources through the Server Manager tool on remote server systems. This remote capability of Server Manager minimizes the need of the administrator to remotely log on to systems to manage them; it allows the administrator to sit at a single Server Manager console and gain access to other servers in the organization.

Additionally, other tools like the Group Policy Management Console (GPMC) show up in Server Manager under the Features node and provide an administrator with the ability to edit group policies, change policies, and apply policies from the same console to which the administrator can make DNS changes, add users, and change IP configuration changes to site configuration settings.

PowerShell for Administrative Tasks

Another updated server feature in Windows Server 2008 R2 is the extension of PowerShell for server administration and management. PowerShell has now been extended to be a full scripting language for administration tasks in Windows Server 2008 R2. PowerShell was first introduced in Exchange 2007 as the Exchange Management Shell (EMS) that underlies all functions of Exchange 2007 administration. PowerShell (version 2.0) is now installed by default in Windows Server 2008 R2, as opposed to being an add-in feature in Windows Server 2008. As a built-in component, all administrative tasks are now fully PowerShell enabled.

PowerShell in Windows Server 2008 R2 provides the ability for administrators to script processes, such as adding users, adding computers, or even more complicated tasks such as querying a database, extracting usernames, and then creating Active Directory users, and to provision Exchange mailboxes all from a PowerShell script. Additionally, PowerShell in Windows Server 2008 R2 allows an administrator to script installation processes so that if, for example, the administrator creates a Remote Desktop server or web server with specific settings, the administrator can use a PowerShell script and deploy additional servers all identically configured using the same script over and over.

And with PowerShell 2.0 built in to Windows Server 2008 R2, PowerShell scripts and commands can be run against remote servers. This enables an administrator to sit at one server and remotely execute scripts on other servers in the environment. Using secured server-to-server session communications, an administrator can configure a group of servers, manage a group of servers, and reboot a group of servers all from a series of PowerShell commands.

All future server products released from Microsoft will have the PowerShell foundation built in to the core Windows Server 2008 R2 operating system, thus making it easier for products running on Windows Server 2008 R2 to use the same administrative scripting language. PowerShell is covered in detail in Chapter 21, “Automating Tasks Using PowerShell Scripting.”

Active Directory Administrative Center

New to Windows Server 2008 R2 and built on PowerShell v2.0, the Active Directory Administrative Center is a customizable console that an organization can create for specific administrators in the organization. As an example, an organization might have an administrator who only needs to reset passwords, or another administrator who only needs or manage print queues. Rather than giving the administrator access to the full Active Directory Users and Computers or Print Management consoles, an Active Directory Administrative console can be created with just a task or two specific to the administrator’s responsibilities.

The console is built on PowerShell, so underlying the GUI are simple PowerShell scripts. Anything that can be done in PowerShell on a Windows Server 2008 R2 server can be front-ended by the administration console. An example of the console is shown in Figure 1.6, and the tool is covered in detail in Chapter 18, “Windows Server 2008 R2 Administration.”

Figure 1.6

Active Directory Administrative Center.

Increased Support for Standards

The release of Windows Server 2008 introduced several industry standards built in to the Windows operating system that have since been updated in Windows Server 2008 R2. These changes continue a trend of the Windows operating system supporting industry standards rather than proprietary Microsoft standards. One of the key standards built in to Windows Server 2008 and Windows Server 2008 R2 is IPv6.

Internet Protocol version 6 (or IPv6) is the future Internet standard for TCP/IP addressing. Most organizations support Internet Protocol version 4 (or IPv4). Due to the Internet numbering scheme running out of address space in its current implementation of addressing, Internet communications of the future need to support IPv6, which provides a more robust address space.

Additionally, IPv6 supports new standards in dynamic addressing and Internet Protocol Security (IPSec). Part of IPv6 is to have support for the current IPv4 standards so that dual addressing is possible. With Windows Server 2008 R2 supporting IPv6, an organization can choose to implement a dual IPv6 and IPv4 standard to prepare for Internet communications support in the future. IPv6 is covered in detail in Chapter 10.

 Changes in Active Directory

As noted earlier in this chapter, Active Directory in Windows Server 2008 R2 hasn’t changed to the point where organizations with solid Active Directory structures have to make changes to their directory environment. Forests, domains, sites, organizational units, groups, and users all remain the same. There are several improvements made in Active Directory and the breadth of functionality provided by directory services in Windows Server 2008 R2.

The changes made in Active Directory are captured in the name changes of directory services as well as the introduction of a Read-Only Domain Controller service introduced in Windows Server 2008.

Renaming Active Directory to Active Directory Domain Services

In Windows Server 2008, Active Directory was renamed to Active Directory Domain Services (AD DS), and Windows Server 2008 R2 continues with that new name. Active Directory Domain Services refers to what used to be just called Active Directory with the same tools, architectural design, and structure that Microsoft introduced with Windows 2000 and Windows 2003.

The designation of Domain Services identifies this directory as the service that provides authentication and policy management internal to an organization where an organization’s internal domain controls network services.

For the first time, AD DS can be stopped and started as any other true service. This facilitates AD DS maintenance without having to restart the domain controller in Directory Services Restore Mode.

Renaming Active Directory in Application Mode to Active Directory Lightweight Directory Service

Another name change in the directory services components with Windows Server 2008 from Microsoft is the renaming of Active Directory in Application (ADAM) to Active Directory Lightweight Directory Services (AD LDS). ADAM has been a downloadable add-in to Windows 2003 Active Directory that provides a directory typically used in organizations for nonemployees who need access to network services. Rather than putting nonemployees into the Active Directory, these individuals—such as contractors, temporary workers, or even external contacts, such as outside legal counsel, marketing firms, and so on—have been put in ADAM and given rights to access network resources such as SharePoint file libraries, extranet content, or web services.

AD LDS is identical to ADAM in its functionality, and provides an organization with options for enabling or sharing resources with individuals outside of the organizational structure. With the name change, organizations that didn’t quite know what ADAM was before have begun to leverage the Lightweight Directory Services function of Active Directory for more than resource sharing but also for a lookup directory resource for clients, patients, membership directories, and so on. Active Directory Lightweight Directory Services is covered in detail in Chapter 8, “Creating Federated Forests and Lightweight Directories.”

Expansion of the Active Directory Federation Services

That leads to the third Active Directory service called Active Directory Federation Services, or AD FS. Active Directory Federation Services was introduced with Windows 2003 R2 edition and continues to provide the linking, or federation, between multiple Active Directory forests, or now with Windows Server 2008 R2 Active Directory Federation Services, the ability to federate between multiple Active Directory Domain Services systems.

Effectively, for organizations that want to share information between Active Directory Domain Services environments, two or more AD DS systems can be connected together to share information. This has been used by organizations that have multiple subsidiaries with their own Active Directory implemented to exchange directory information between the two organizations. And AD FS has been used by business trading partners (suppliers and distributors) to interlink directories together to be able to have groups of users in both organizations easily share information, freely communicate, and easily collaborate between the two organizations.

Active Directory Federation Services is covered in detail in Chapter 8.

 Introducing the Read-Only Domain Controller

Another change in Active Directory in Windows Server 2008 that was continued in Windows 2008 R2 was the addition of a Read-Only Domain Controller, or RODC. The RODC is just like a global catalog server in Active Directory used to authenticate users and as a resource to look up objects in the directory; however, instead of being a read/write copy of the directory, an RODC only maintains a read-only copy of Active Directory and forwards all write and authentication requests to a read/write domain controller.

1 2 3 4 5 6 7 8 9 Page 3
Page 3 of 9
IT Salary Survey: The results are in