November 2009 - Posts
The last day of TechEd Europe has started. It’s been great as usual. I was satisfied about my sessions, I’m satisfied about other sessions I’ve seen. However – what’s my value of TechEd?
- TechEd is inspiring: always when you are put together with a clever bunch of folks, it’s inspiring to talk about technologies, there possibilities as well as what’s lacking, and get a lot of good ideas.
- TechEd is networking: hard to keep up with all the people you know or you should know, but TechEd is one of the major places where you get so many people who work with the same technologies and share the same interests. Great place to keep in contact and meet new people – only bad thing that it’s to short
- TechEd is geeky: Couple years ago I was complaining that they didn’t have and real 400-Level Sessions at TechEd for IT-Professionals. Then I was able to deliver 400-Level sessions over the years (“A Directory Services Geek’s View on …”), mostly at TechEd EMEA but also at TechEd US. I’m glad to see that especially TechEd Europe is providing in-depth content to IT-Pros (this was actually one thing we’ve heard complains at TechEd US this year, however not at Europe! Hope this still improves). It’s fun to prepare those sessions, it’s fun delivering them, great to get the feedback and great to hear afterwards how happy the attendees are about not getting a marketing session.
- TechEd is broadening horizons: Especially when talking with attendees in the Technical Learning Center or after my sessions, or in the evening at parties, it’s broadening my horizons when they are asking questions, tell me about their scenarios and ideas. Even when working as consultant with many companies, I only get to meet a certain amount of customers. However at TechEd I’m meeting so many people every day, so many different scenarios, it’s just great to broaden my horizons and my knowledge!
- TechEd is knowledge: Breakout Sessions, Interactive Sessions, Technical Learning Center (Ask the Experts), Hands on Labs, … and about almost all Microsoft technologies – there is only one place where you can lean so much in different ways
- TechEd is community: MVPs, MCTs, CLIP, Microsoft employees, colleagues, friends, people who share the same interests, …
… there are lots of more points …
I’m doing multiple conferences a year, and TechEd is boosting knowledge in Microsoft technologies! I love it! To bad it’s the last day today, however I’m also looking forward going home and enjoying the weekend.
If you use Active Directory-Users and –Computers from Windows Server 2008 or higher (also ships with the Remote Server Administration Tools in Windows Vista or Windows 7), or the Active Directory Administrative Center in Windows Server 2008 R2 or Win7 RSAT newly created OUs are protected from accidental deletion. However, this does not apply to OUs which were there prior (migrated) or OUs which are created another way.
Therefore, during migrations or when you still run downlevel versions of the administration tools, I recommend to protect OUs from accidental deletion but you need to find another way to do it instead of looking into the Object-Tab of each OU (with Advanced View selected).
Powershell v2 and the new Active Directory Commandlets makes this easy for us:
First you need to import the Active Directory Commandlets:
import-module ActiveDirectory
Then you query all OUs, and pipe them into the set-ADOrganisationalUnit Command and specify to set the “flag” to protect the OUs from accidental deletion:
Get-ADOrganizationalUnit -filter * | Set-ADOrganizationalUnit -ProtectedFromAccidentalDeletion $true
Easy, right?
If you want to put this in a scheduled task, simply use the following commandline (in one line):
powershell.exe -command "&{import-module ActiveDirectory; get-ADOrganizationalUnit –filter *
| set-ADOrganizationalUnit –ProtectedFromAccidentalDeletion $true}"
I’ve heard from a speaker I respect the question whether Microsofts strategies are consequent because they are basing everything on Powershell, however the djoin.exe-command is not a Powershell command.
Interesting one, but also very understandable if you think about it. Djoin.exe is created to provide the following possiblity in Windows Server 2008 R2 and Windows 7:
- Create a computer account in the directory and store a file to support a offline-join of the computer to the domain
- Offline join the computer to it’s account using the file created in the prior step
The Active Directory Domain Services product group has created a lot of Powershell Commandlets to support Management of Active Directory on Windows Server 2008 R2, actually you can download the Active Directory Managment Gateway Service to support the Powershell commands running against Windows Server 2003 (R2) or Windows Server 2008 (without R2). The Management Gateway provides the Active Directory WebService, which is used by Powershell and the new Administrative Center. The WebService is automatically there if you install a Windows Server 2008 R2 Domain Controller, therefore you don’t need the Management Gateway there.
The Active Directory Powershell Commandlets are available on Windows Server 2008 R2, or Windows 7 with the Remote Server Administration Tools for Active Directory installed. If a system has not the Active Directory
As I said before, one of the two main responsibilities is to join computers offline to the domain, either in Scenarios with RODCs (e.g. in the DMZ) or mass-creation / joining e.g. if you have your hardware vendor or distributor preinstalling machines for you.
So – would we want to install the Remote Server Administration Tools for Active Directory on Clients or member servers just to join them to the domain? Nope. Would we want to have multiple powershell-modules for AD (e.g. one for server management, one for joining domains, one for directory data management, …)? Nope.
So I guess an exe for this purpose is OK, and I also guess that this is the reason behind.
Funny – I arrived at TechEd Europe and many already talked to me about my session – I figured out it’s now popular because it had been rescheduled from Tuesday morning to Wednesday morning, so everyone at TechEd got a separate paper with the session updates and mine was one from the few.
I’ve also heard it’s popular looking at the registrations, so if you plan on coming, come a bit early to make sure to get in. We also do a re-run on Thursday morning.
SIA02-IS: Active Directory: What's New in R2
Join this interactive and open discussion about Active Directory updates in Windows Server 2008 R2 or other topics that you bring up. Join product group members and an MVP with undoubted Active Directory experience.
It’s an interactive session, so we will be there (Brjann Brekkan, Technical Product Manager for Identity Management and I are presenting the session togehter), listening and talking to you about the questions you have about the new features of Active Directory Domain Services in Windows Server 2008 R2.
The session is scheduled on
- Wednesday, 9:00, Interactive Theater 4 (green)
- Thursday, 9:00, Interactive Theatre 6 (pink)
Ulf