Introduction 1
Part I Windows Server 2012 Overview
1 Windows Server 2012 Technology Primer 5
When Is the Right Time to Migrate? 15
Versions of Windows Server 2012 16
Improvements for Continuous Availability 20
Enhancements for Flexible Identity and Security 23
Enabling Users to Work Anywhere 29
Simplifying the Datacenter 35
Addition of Migration Tools 44
Identifying Which Windows Server 2012 Service to Install or Migrate to First 45
Summary 49
Best Practices 49
2 Planning, Prototyping, Migrating, and Deploying Windows Server 2012 51
Determining the Scope of Your Project 52
Identifying the Business Goals and Objectives to Implement
Windows Server 2012 52
Identifying the Technical Goals and Objectives to Implement Windows Server 2012 55
The Discovery Phase: Understanding the Existing Environment 61
The Design Phase: Documenting the Vision and the Plan 64
The Migration Planning Phase: Documenting the Process for Migration 69
The Prototype Phase: Creating and Testing the Plan 74
The Pilot Phase: Validating the Plan to a Limited Number of Users 76
The Migration/Implementation Phase: Conducting the Migration or Installation 79
Summary 80
Best Practices 81
3 Installing Windows Server 2012 and Server Core 85
Planning for a Server Installation 85
Installing a Clean Version of Windows Server 2012
Operating System 91
Upgrading to Windows Server 2012 99
Understanding Server Core Installation 103
Managing and Configuring a Server Core Installation 105
Performing an Unattended Windows Server 2012 Installation 113
Summary 113
Best Practices 113
Part II Windows Server 2012 Active Directory
4 Active Directory Domain Services Primer 115
The Evolution of Directory Services 116
Understanding the Development of AD DS 117
AD DS Structure 118
Outlining AD DS Components 121
Understanding Domain Trusts 125
Defining Organizational Units 127
Outlining the Role of Groups in an AD DS Environment 128
Understanding AD DS Replication 130
Outlining the Role of DNS in AD DS 132
Outlining AD DS Security 134
Outlining AD DS Changes in Windows Server 2012 135
Summary 146
Best Practices 146
5 Designing a Windows Server 2012 Active Directory 149
Understanding AD DS Domain Design 149
Choosing a Domain Namespace 151
Examining Domain Design Features 152
Choosing a Domain Structure 154
Understanding the Single-Domain Model 155
Understanding the Multiple-Domain Model 158
Understanding the Multiple Trees in a Single-Forest Model 160
Understanding the Federated-Forests Model 162
Understanding the Empty-Root Domain Model 165
Understanding the Placeholder Domain Model 167
Understanding the Special-Purpose Domain Model 169
Renaming an AD DS Domain 170
Summary 173
Best Practices 173
6 Designing Organizational Unit and Group Structure 175
Defining Organizational Units in AD DS 176
Defining AD Groups 178
OU and Group Design 182
Starting an OU Design 182
Using OUs to Delegate Administration 184
Group Policies and OU Design 186
Understanding Group Design 186
Exploring Sample Design Models 188
Summary 193
Best Practices 194
7 Active Directory Infrastructure 195
Understanding AD DS Replication in Depth 195
Understanding Active Directory Sites 200
Planning Replication Topology 207
Windows Server 2012 IPv6 Support 214
Detailing Real-World Replication Designs 216
Deploying Read-Only Domain Controllers 220
Deploying a Clone Virtualized DC 223
Summary 226
Best Practices 226
8 Creating Federated Forests and Lightweight Directories 229
Keeping a Distributed Environment in Sync 229
Active Directory Federation Services 235
Synchronizing Directory Information with Forefront
Identity Manager 238
Harnessing the Power and Potential of FIM 241
Summary 244
Best Practices 244
9 Integrating AD in a Unix Environment 245
Understanding and Using Windows Server 2012 UNIX Integration
Components 245
Reviewing the Subsystem for UNIX-Based Applications 252
Administrative Improvements with Windows Server 2012 253
Summary 255
Best Practices 255
Part III Networking Services
10 Domain Name System, WINS, and DNSSEC 257
The Need for DNS 258
Getting Started with DNS on Windows Server 2012 262
Resource Records 265
Understanding DNS Zones 269
Performing Zone Transfers 273
Understanding DNS Queries 276
Other DNS Components 277
Understanding the Evolution of Microsoft DNS 285
DNS in Windows Server 2012 286
DNS in an Active Directory Domain Services Environment 288
Troubleshooting DNS 292
Secure DNS with DNSSEC 301
Reviewing the Windows Internet Naming Service 308
Installing and Configuring WINS 308
Planning, Migrating, and Maintaining WINS 312
Summary 316
Best Practices 316
11 DHCP, IPv6, IPAM 319
Understanding the Components of an Enterprise Network 319
Exploring DHCP 321
Exploring DHCP Changes in Windows Server 2012 329
Enhancing DHCP Reliability 336
Exploring Advanced DHCP Concepts 347
Securing DHCP 348
IPv6 Introduction 349
Configuring IPv6 on Windows Server 2012 360
IP Address Management 367
Installing the IPAM Server and Client Features 368
Exploring the IPAM Console 382
Summary 385
Best Practices 385
12 Internet Information Services 387
Understanding Internet Information Services 8 387
Planning and Designing IIS 8 391
Installing and Upgrading IIS 8 393
Installing and Configuring Websites 399
Installing and Configuring FTP Services 408
Securing IIS 8 418
Summary 426
Best Practices 427
Part IV Security
13 Sever-Level Security 429
Defining Windows Server 2012 Security 429
Deploying Physical Security 430
Using the Integrated Windows Firewall with Advanced
Security 433
Hardening Servers 437
Examining File-Level Security 445
Malware and Backup Protection 450
Using Windows Server Update Services 452
Summary 457
Best Practices 458
14 Securing Data in Transit 459
Introduction to Securing Data in Transit in Windows
Server 2012 460
Deploying a Public Key Infrastructure with
Windows Server 2012 461
Understanding Active Directory Certificate Services in
Windows Server 2012 463
Active Directory Rights Management Services 472
Using IPsec Encryption with Windows Server 2012 475
Summary 477
Best Practices 478
15 Network Policy Server, Network Access Protection and Routing and Remote Access 479
Understanding Network Access Protection in Windows
Server 2012 480
Deploying a Windows Server 2012 Network
Policy Server 482
Enforcing Policy Settings with a Network
Policy Server 485
Verifying the Client-Side Configuration 492
Deploying a Virtual Private Network Using RRAS 494
Summary 500
Best Practices 501
Part V Migrating to Windows Server 2012
16 Migrating from Active Directory 2008 / 2008 R2 to Active Directory 2012 503
Beginning the Migration Process 504
Big Bang Migration 507
Phased Migration 512
Multiple Domain Consolidation Migration 527
Summary 542
Best Practices 543
17 Compatibility Testing 545
The Importance of Compatibility Testing 546
Preparing for Compatibility Testing 547
Researching Products and Applications 553
Verifying Compatibility with Vendors 556
Microsoft Assessment and Planning Toolkit 562
Lab-Testing Existing Applications 562
Documenting the Results of the Compatibility Testing 565
Determining Whether a Prototype Phase Is Required 565
Summary 566
Best Practices 567
Part VI Windows Server 2012 Administration and Management
18 Windows Server 2012 Administration 569
Defining the Administrative Model 570
Examining Active Directory Site Administration 571
Configuring Sites 574
Windows Server 2012 Active Directory Groups 582
Creating Groups 583
Managing Users with Local Security and
Group Policies 588
Managing Printers with the Print Management Console 596
Summary 602
Best Practices 602
19 Windows Server 2012 Group Policies and Policy Management 605
Group Policy Overview 605
Group Policy Processing: How Does It Work? 607
Local Group Policies 609
Domain-Based Group Policies 611
Security Templates 611
Understanding Group Policy 612
Group Policy Policies Node 625
Group Policy Preferences Node 628
Policy Management Tools 628
Designing a Group Policy Infrastructure 637
GPO Administrative Tasks 641
Summary 660
Best Practices 661
20 Windows Server 2012 Management and Maintenance Practices 663
Going Green with Windows Server 2012 664
Server Manager Dashboard 665
Managing Windows Server 2012 Roles and Features 667
Creating a Server Group 672
Viewing Events 672
Server Manager Storage Page 682
Auditing the Environment 686
Managing Windows Server 2012 Remotely 695
Common Practices for Securing and Managing
Windows Server 2012 701
Keeping Up with Service Packs and Updates 703
Maintaining Windows Server 2012 707
Summary 717
Best Practices 717
21 Automating Tasks Using PowerShell Scripting 719
Understanding Shells 720
Introduction to PowerShell 722
Understanding PowerShell Fundamentals 724
Using Windows PowerShell 751
Summary 782
Best Practices 783
22 Documenting a Windows Server 2012 Environment 785
Benefits of Documentation 786
Types of Documents 787
Planning to Document the Windows Server 2012 Environment 788
Knowledge Sharing and Knowledge Management 788
Windows Server 2012 Project Documents 789
Administration and Maintenance Documents 802
Network Infrastructure 806
Disaster Recovery Documentation 807
Change Management Procedures 810
Performance Documentation 810
Baselining Records for Documentation Comparisons 811
Routine Reporting 811
Security Documentation 812
Summary 813
Best Practices 813
23 Integrating System Center Operations Manager 2012 with Windows Server 2012 815
Windows Server 2012 Monitoring 816
Understanding How OpsMgr Works 818
OpsMgr Architecture Components 823
Securing OpsMgr 834
Fault Tolerance and Disaster Recovery 839
Understanding OpsMgr Components 845
Putting It All Together in a Design 850
Installing Operations Manager 2012 858
Configuring OpsMgr 873
Administering OpsMgr 882
Exploring the Windows 2012 Management Pack 889
Summary 900
Best Practices 900
Part VII Remote and Mobile Technologies
24 Server-to-Client Remote and Mobile Access 903
What’s New for Remote Access in Windows Server 2012 905
VPN in Windows Server 2012 907
RAS System Authentication Options 911
VPN Protocols 913
DirectAccess in Windows Server 2012 918
Choosing Between Traditional VPN Technologies
and DirectAccess 928
Setting Up the Unified Remote Access Role 932
DirectAccess Scenario 933
VPN Scenario 941
Monitoring the Remote Access Server 958
Summary 962
Best Practices 963
25 Remote Desktop Services 965
Why Implement Remote Desktop Services? 966
How Remote Desktop Works 968
Understanding the Name Change 970
RDS Roles 971
Configuration Options and Fine-Tuning Terminology 979
Planning for RDS 985
Deploying RDS 991
Deploying Virtual Desktops 1003
Enabling RemoteFX 1011
Securing and Supporting RDS 1013
Summary 1017
Best Practices 1017
Part VIII Desktop Administration
26 Windows Server 2012 Administration Tools for Desktops 1019
Managing Desktops and Servers 1020
Operating System Deployment Options 1021
Windows Server 2012 Windows Deployment Services 1024
Installing Windows Deployment Services 1026
Customizing Boot Images 1037
Creating Discover Images 1041
Pre-Creating Active Directory Computer Accounts for WDS (Prestaged Systems) 1042
Creating Custom Installations Using Capture Images 1046
Automating Image Deployment Using Unattend Files 1049
General Desktop Administration Tasks 1050
Summary 1050
Best Practices 1050
27 Group Policy Management for Network Clients 1053
The Need for Group Policies 1054
Windows Group Policies 1055
Group Policy Feature Set 1058
Planning Workgroup and Standalone Local Group Policy
Configuration 1063
Planning Domain Group Policy Objects 1066
Managing Computers with Domain Policies 1075
Configuring Preference Item-Level Targeting 1083
Managing Users with Policies 1093
Managing Active Directory with Policies 1100
Summary 1112
Best Practices 1112
Part IX Fault Tolerance Technologies
28 File System Management and Fault Tolerance 1115
Windows Server 2012 File System Overview 1115
File System Access Services and Technologies 1125
Managing Windows Server 2012 Disks 1126
Adding the File and Storage Services Role 1132
Managing Data Access Using Windows Server 2012 Shares 1133
File Server Resource Manager 1137
The Distributed File System 1149
Planning a DFS Deployment 1154
Installing and Configuring DFS 1157
Using the Volume Shadow Copy Service 1163
Configuring Data Deduplication 1166
Configuring Storage Spaces 1168
Dynamic Access Control 1172
Summary 1185
Best Practices 1186
29 System-Level Fault Tolerance (Clustering / Network Load Balancing) 1189
Building Fault-Tolerant Windows Server 2012 Systems 1190
Windows Server 2012 Clustering Technologies 1192
Determining the Correct Clustering Technology 1198
Overview of Failover Clusters 1200
Deploying Failover Clusters 1206
Backing Up and Restoring Failover Clusters 1228
Deploying Network Load Balancing Clusters 1232
Managing NLB Clusters 1240
Network Teaming 1242
Summary 1243
Best Practices 1243
30 Backing Up the Windows Server 2012 Environment 1245
Understanding Your Backup and Recovery Needs and Options 1246
Creating the Disaster Recovery Solution 1249
Documenting the Enterprise 1250
Developing a Backup Strategy 1251
Windows Server Backup Overview 1252
Using Windows Server Backup 1255
Managing Backups Using the Command-Line Utility Wbadmin.exe and Windows PowerShell Cmdlets 1261
Backing Up Active Directory 1264
Backing Up Windows Server 2012 Roles 1269
Volume Shadow Copy Service 1270
Extending Server Backup to the Enterprise with Data Protection Manager 2012 1271
Summary 1271
Best Practices 1272
31 Recovering from a Disaster 1273
Ongoing Backup and Recovery Preparedness 1273
When Disasters Strike 1277
Disaster Scenario Troubleshooting 1279
Recovering from a Server or System Failure 1282
Managing and Accessing Windows Server Backup Media 1289
Windows Server Backup Volume Recovery 1290
Recovering Role Services and Features 1294
Summary 1301
Best Practices 1301
Part X Optimizing, Tuning, Debugging, and Problem Solving
32 Optimizing Windows 2012 for Branch Office Communications 1303
Key Branch Office Features in Windows 2012 1304
Understanding Read-Only Domain Controllers 1304
Using BitLocker with Windows Server 2012 1321
BranchCache in Windows 2012 1332
Printing with Branch Office Direct Printing 1345
Summary 1347
Best Practices 1347
33 Logging and Debugging 1349
Using the Task Manager for Logging and Debugging 1349
Using Event Viewer for Logging and Debugging 1357
Performance Monitoring 1368
Setting Baseline Values 1395
Using the Debugging Tools Available in Windows Server 2012 1397
Task Scheduler 1411
Summary 1416
Best Practices 1417
34 Capacity Analysis and Performance Optimization 1419
Defining Capacity Analysis 1419
Using Capacity-Analysis Tools 1424
Monitoring System Performance 1442
Optimizing Performance by Server Roles 1451
Summary 1457
Best Practices 1458
Part XI Integrated Windows Application Services
35 Sharepoint 2010 Products 1459
History of SharePoint Technologies 1460
SharePoint Foundation 2010 Versus SharePoint Server 2010 1462
Identifying the Need for SharePoint 2010 Products 1466
Designing a SharePoint 2010 Farm 1467
Exploring a Basic SharePoint 2010 Site 1471
Lists and Libraries in SharePoint 2010 1474
Managing the Site Collection 1486
Summary 1494
Best Practices 1494
36 Deploying and Using Windows Virtualization 1497
Understanding Microsoft’s Virtualization Strategy 1497
Integration of Hypervisor Technology in
Windows Server 2012 1500
Planning Your Implementation of Hyper-V 1504
Installing the Microsoft Hyper-V Role 1507
Becoming Familiar with the Hyper-V Administrative Console 1510
Installing a Guest Operating System Session 1516
Modifying Guest Session Configuration Settings 1520
Launching a Hyper-V Guest Session 1523
Using Snapshots of Guest Operating System Sessions 1525
Quick Migration and Live Migration 1527
Utilizing Hyper-V Replica for Site-to-Site Redundancy 1540
Summary 1547
Best Practices 1548
Index 1549
Rand Morimoto, Ph.D., MVP, MCITP, CISSP, has been in the computer industry for more than 30 years and has authored, coauthored, or been a contributing writer for dozens of books on Windows, Security, Exchange, BizTalk, and Remote and Mobile Computing. Rand is the president of Convergent Computing, an IT-consulting firm in the San Francisco Bay area that has been one of the key early adopter program partners with Microsoft, implementing the latest Microsoft technologies, including Microsoft Windows Server 2008 R2, System Center 2012, Windows 7, Exchange Server 2013, Windows Server 2012, and SharePoint 2010 in production environments more than 18 months before the initial product releases.
Michael Noel, MCITP, MVP, is an internationally recognized technology expert, bestselling author, and well-known public speaker on a broad range of IT topics. He authored multiple major industry books that have been translated into more than a dozen languages worldwide. Michael has presented at over one hundred technical and business conferences in more than fifty countries around the world and on all seven continents, including the first ever IT conference in Antarctica. Currently a partner at Convergent Computing (www.cco.com) in the San Francisco Bay area, Michael’s writing and extensive public-speaking experience across all seven continents leverage his real-world expertise in helping organizations realize business value from Information Technology infrastructure.
Guy Yardeni, MCITP, CISSP, MVP, is an accomplished infrastructure architect, author, and overall geek-for-hire. Guy has been working in the IT industry for more than 15 years and has extensive experience designing, implementing, and supporting enterprise technology solutions. Guy is an expert at connecting business requirements to technology solutions and driving to successful completion the technical details of the effort while maintaining overall goals and vision. Guy maintains a widely read technical blog at www.rdpfiles.com and is a Windows MVP.
Omar Droubi, MCSE, MCTS, has maintained a successful career and delivered quality work as a senior Information Technology professional for more than 20 years by keeping current with the latest technological developments and trends. As a writer, he has coauthored several Sams Publishing best-selling books, including Microsoft Windows Server 2003 Unleashed, Windows Server 2008 Unleashed, and Windows Server 2008 R2 Unleashed. Omar has also been a contributing writer and technical reviewer on several Microsoft Exchange Server books and publications. He has been deeply involved in testing, designing, and prototyping Windows 8 and Windows Server 2012 for the past several years and plans to assist organizations in getting the most out of the latest features included in the products.
Andrew Abbate enjoys the position of principal consultant and partner at Convergent Computing. With nearly 20 years of experience in IT, Andrew’s area of expertise is understanding a business’s needs and translating that to process and technologies to solve real problems. Having worked with companies from the Fortune Ten to companies of 10, Andrew has a unique perspective on IT and a grasp on “big picture” consulting. Andrew has also written eight industry books on varying technologies ranging from Windows to Security to Unified Communications.
Chris Amaris, MCITP, MCTS, CISSP/ISSAP, CHS III, is the chief technology officer and cofounder of Convergent Computing. He has more than 20 years experience consulting for Fortune 500 companies, leading companies in the technology selection, design, planning, and implementation of complex information technology projects. Chris has worked with Microsoft System Center products such as Operations Manager and Configuration Manager since their original releases in 2000 and 1994. He specializes in messaging, security, performance tuning, systems management, and migration. Receiving his first Microsoft technologies certification in 1993, Chris is a current Microsoft Certified IT Professional (MCITP) with multiple Microsoft Certified Technology Specialist (MCTS) certifications in System Center technologies, a Certified Information Systems Security Professional (CISSP) with an Information System Security Architecture Professional (ISSAP) concentration, Certified Homeland Security (CHS III), a Novell CNE, a Banyan CBE, and a Certified Project Manager. Chris is also an author, writer, and technical editor for a number of IT books, including System Center 2012 Unleashed, Network Security for Government and Corporate Executives, Exchange 2010 Unleashed , and Microsoft Windows Server 2008 R2 Unleashed.
|
Ask a Question About this Product More... |
|
