Windows Server 2008 R2: Active Directory and Server Manager Remoting

Table of Contents

Windows Server 2008 R2: Active Directory and Server Manager Remoting ... 1

Exercise 1 Simplifying Management using Active Directory Administrative Center and AD PowerShell ... 2 Exercise 2 Simplifying Management using Server Manager Remoting ... 5

Page 1 of 6

Windows Server 2008 R2: Active Directory

and Server Manager Remoting

Objectives

_{After completing this lab, you will be better able to:}

 Simplify management using Active Directory Administrative Center and AD PowerShell

 Simplify management using Server Manager Remoting

Scenario

Active Directory management for large directory structures can be cumbersome using the existing MMC-based tools. These tools are over 10 years old and have not changed, even though the practices and models used to manage Active Directory have. The Active Directory Administrative Center is a new tool that represents a new model that will be used for management of roles and services on future versions of Windows. This tool is task oriented and allows

management without knowing necessarily where an object resides in the directory structure. Active Directory Administrative Center is built on top of the Active Directory PowerShell module. This provides cmdlets that let you perform almost any function in Active Directory, giving you a powerful set of scripting tools.

Server Manager is a great tool for managing the configuration and roles on a server from a central location. R1 of Windows Server 2008 did not include the ability to manage a server other than the local server using this method. Windows Server 2008 R2, with the advent of Windows PowerShell Remote Management, enables Server Manager to connect to both full and core installations on remote systems.

Prerequisites

Prerequisites

Estimated Time to

Complete This Lab

30 Minutes

Computers used in this

Lab

_DEN-DC-01

DEN-Core-01

DEN-SRV-02

The password for the Administrator account on all computers in this lab is:

Exercise 1

Simplifying Management using Active Directory

Administrative Center and AD PowerShell

Scenario

Active Directory management for large directory structures can be cumbersome using the existing MMC-based tools. These tools are over 10 years old and have not changed, even though the practices and models used to manage Active Directory have. The Active Directory Administrative Center is a new tool that represents a new model that will be used for management of roles and services on future versions of Windows. This tool is task oriented and allows management without knowing necessarily where an object resides in the directory structure. Active Directory Administrative Center is built on top of the Active Directory PowerShell module. This provides cmdlets that let you perform almost any function in Active Directory, giving you a powerful set of scripting tools.

Tasks Detailed Steps Complete the following

task on: DEN-DC-01 1. Simplifying Management using Active Directory Administrative Center and AD PowerShell

Note: In this demonstration I will show you the new look and feel for administration tools in Active Directory. To do this, I’ll show you how to perform some common tasks in the new administrative center, while at the same time giving you some insight into the structure of the new tools.

Active Directory Administrative Center is the first of a new generation of

administration tools that are more focused on the tasks you most commonly perform, making it easier to do your job as opposed to figuring out how to use the tools provided to do your job. Like all administrative tools, it’s found on the Administrative Tools menu.

Let’s begin by looking at the Overview page and how you can quickly change a password.

a. On the Start menu, click Administrative Tools/Active Directory Administrative Center.

b. In the Overview panel, in the User name, type Woodgrovebank\AbigailHeirford

and then press TAB.

Note: Note that the status message indicates the password will be reset for a valid user account.

c. In Password, and in Confirm password, type msdemo.1 and then click Apply. Note: the status message indicates the password has been changed.

As you can see, this is a very different approach to Active Directory management. The welcome page is made of up customizable panels that represent the most common tasks that a user can perform. You can add and remove panels and customize the overview page to enable you to quickly get to the tasks you perform most often. Navigation and search has also been given an overhaul. Two features, search-based navigation and breadcrumbs, make it very easy to locate.

d. In Active Directory Administrative Center, expand Woodgrovebank (local).

e. Expand America.

Note: Use the small arrow to expand with.

f. Type Was in the “Find in this column” field and then expand Washington. Note: The search scope is narrowed to only entries that start with WAS.

Page 3 of 6

Tasks Detailed Steps

g. Type King and then expand King.

Note: The search scope is narrowed to only entries that start with King.

h. Type Red and then double-click Redmond.

Note: The contents of the Redmond OU are displayed.

i. Click the contents pane to remove the navigation panes.

Note: Property pages have also been made easier to use. Property pages now bear

similarities to common data entry applications such as CRM systems, with easy-to-locate fields and customizable property panels.

j. Select Abigail Heiford. Note: You will see a Summary tab.

k. Double-click Abigail Heiford.

l. Click Profile.

Note: The focus is switched to the Profile section.

m. Click the X to remove the Profile section.

Note: Removing sections allows you to customize the view so only the properties that are important to you are displayed.

n. Click Add Sections and then check Profile. Note: You can easily add additional available sections.

The entire Active Directory Administrative Center is powered by Windows PowerShell. Windows Server 2008 R2 includes a built in Active Directory PowerShell module that allow you to perform advanced management of Active Directory using Windows PowerShell. Let’s look at some examples of what you can do.

o. On the Start menu, click Windows PowerShell ISE.

p. In Windows PowerShell ISE, click File/Open.

q. Open c:\DemoFilesCD\ADPS-1.ps1. r. Highlight Line 2 and then press F8.

Note: This command loads the Active Directory module to give you access to the Active Directory Cmdlets.

s. Highlight Line 5 and then press F8.

Note: This command displays all the loaded modules.

t. Highlight Line 8 and then press F8.

Note: This command displays all available Active Directory related commands.

u. Highlight Line 11 and then press F8.

Note: This command lists all domain user accounts and the SIDs for each account.

v. Highlight Line 14 and then press F8.

Note: This command displays all properties for the administrator account.

w. Highlight Line 17 and then press F8.

Note: This command display s basic information about the domain.

x. Highlight Line 20 and then press F8.

Note: This command searches for and lists all domain controllers.

Tasks Detailed Steps

Note: This command creates a new OU named Europe.

z. Highlight Line 26 and then press F8.

Note: Displays information on the new Europe OU.

This demo gave you a look at the new look and feel for administrative tools in Windows Server 2008 R2. The new layout and tools will make it easier for new administrators to become productive in your environment by allowing them to administer any object to which they have permissions without needing specific knowledge of the location of the object, and by giving them rapid access to the tasks they perform most often.

Page 5 of 6

Exercise 2

Simplifying Management using Server Manager Remoting

Scenario

Server Manager is a great tool for managing the configuration and roles on a server from a central location. R1 of Windows Server 2008 did not include the ability to manage a server other than the local server using this method. Windows Server 2008 R2, with the advent of Windows PowerShell Remote Management, enables Server Manager to connect to both full and core installations on remote systems.

Tasks Detailed Steps Complete the following

task on: DEN-DC-01 1. Simplifying Management using Server Manager Remoting

Note: In this demonstration I will show you how Windows Server 2008 R2 can simplify management of the servers on your network through the new remoting capability found in Server Manager.

When the new Server Manager tool was introduced in Windows Server 2008 RTM, it gave administrators an all-up view of the entire health and configuration of their system. Role-specific information is presented in a consolidated, simple view that lets an administrator quickly determine what is installed, what is running, and the overall health. The one drawback was that it only supported the local system.

That has changed with Windows Server 2008 R2 and Windows 7. Server Manager is now part of the RSAT or Remote Server Administration Tools. It lets you pick the server you want to manage.

Let’s look at how to do this.

a. On the Taskbar, click Server Manager.

b. In Server Manager, select Server Manager and click Configure Server Manager Remote Management.

Note: Remote management is already enabled; this was done for the demo and is not

the default setting. It must be enabled on each server before you can connect to it remotely.

You can also enable this by running Enable-PSRemoting in PowerShell.

c. Click Cancel.

d. Click Server Manager (DEN-DC-01) and then click Action/Connect to Another Computer.

e. Type DEN-SRV-02 and then click OK.

f. Expand Roles.

Note: You can see the roles that are installed on the remote server.

g. Expand Features.

Note: You can see the features that are installed on the remote sever.

h. Expand Diagnostics.

Note: You can access server diagnostics information.

As you can see, from a remote server, you can now have a quick and accurate view of any server and review the overall health of the server using only what is included in the box with Windows Server 2008 R2.

This is not limited to full installations; you can also use this to manage Server Core installations. For example, you can monitor the roles and feature information, and you can manage partitions, user accounts, schedule tasks and much more.

Tasks Detailed Steps

i. Click Server Manager (DEN-SVR-02), and then click Action/Connect to Another Computer.

j. Type DEN-Core-01 and then click OK.

Note: The connection may take a few minutes to complete.

k. Click Server Manager.

Note: You can view Server Summary information in Server Manager.

l. Expand Roles.

Note: You can see the roles that are installed on the remote server.

m. Expand Configuration.

n. Click Services.

Note: Service management is available via Server Manager.

o. Expand Local Users and Groups.

p. Click Groups.

Note: You can manage group memberships on the server core computer.

As you can see, you no longer need to use Terminal Server or Remote Desktop to connect to a server in order to use the Server Manager tool to evaluate the health of the server. You can manage roles and features and review configuration on any Server running Window Server 2008 R2 from the comfort of any Windows Server 2008 R2 server, or even, with the Remote Server Administration Tools, your own Windows 7 workstation.