I’m currently getting ready for some speaking engagements:
Tuesday next week (Sept 21st) I’m proud to moderate the Windows Infrastructure Track of the IIR IT-Admin Tech Talk. In this track we are covering not only the operating system related technologies, but also Cloud, Office 365, Sharepoint and Exchange. I’ll also present two sessions myself there:
13 Years Active Directory
an overview of previous and future scenarios
I will cover various design considerations, misunderstandings of early designs, whether corporate infrastructures have adjusted or should be adjusted. At the end we will take a look into challenges for future designs, on-premises and in the cloud.
Who am I in the cloud?
In this session I will talk about challenges and opportunities of cloud computing in general and Office 365 in special: Does cloud mean sunshine for the CIO and rain for the Admin? Which skills are needed? What is the long-term strategy for cloud computing in your enterprise?
The IT-Admin TechTalk will be in Frankfurt and is in German language.
Also the next international conference is coming up. The Experts Conference
Europe will also be in Frankfurt in October this year. It is about half a year after TEC USA in Las Vegas. TEC is known to be the best and high-skilled conference when it comes to Directory Services, and has expanded over the years beyond the AD and FIM tracks to also cover Exchange, Sharepoint and Cloud technologies in different tracks. TEC is attracting the most high-skilled speakers, Microsoft values the conference so much that they send more Program Managers and Developers of the product groups to TEC than to their own IT-Pro Conference TechEd. Additionally TechEd EU will not happen this year, so maybe you are able to convince your boss. Las Vegas has been a great success, lots of interesting sessions, a lot of community interaction, and I’m very much looking forward to Frankfurt. This conference is in English.
At The Experts Conference I will speak three sessions, but will post details later when the agenda is done.
In case you missed it: yesterday was the Keynote of the BUILD-conference (the Professional Developer Conference got a new name), and Steven Sinofski (Vice President of the Windows Server Division at Microsoft) officially introduced the first version of Windows “8” to the broad public. Pretty exciting and a lot of changes. You can see the keynote at www.buildwindows.com, and download the developer preview at dev.windows.com. If you are a MSDN subscriber there are more versions and information available, including a developer preview of the server version. If you are at BUILD, I highly recommend to see the server sessions also, as far as I know there is one today which will present the overview what’s coming in the next server version. Pretty exciting!
- Windows “8” is a codename and might change
- It is a developer preview – not a quite-stable beta – only for testing and starting to develop for the new user interface (Metro, the same than Windows Phone)
And BTW, some tipps:
- Since Vista you can install using a USB-Key which I find totally cool. You are likely to have to re-format your USB-Key. You can do this using Diskpart.exe, “List Disk”, “Select Disk #” (make sure you have the Key selected, and we will wipe it in the next step). “Clean” will wipe the key, then you have to “Create Partition Primary”, make it “Active”, and format it NTFS “Format FS=NTFS QUICK”. Fat or Fat32 won’t work since the image of the developer preview is over 4 GB. Copy all Files from the ISO-Image (extracted) to the USB-Key. Afterwards you can boot from the key and install.
- If installation is failing to find the disk drive prompting you to point to a driver, it might be an issue with the USB-Key (some are detected as harddrive and make issues when installing). Try a different key, or burn the ISO. Bad message here – you need to burn it to a dual-layer DVD since it’s to large. And installing from a USB-Key is usually faster than from DVD.
Enjoy the preview!
I was asked many times “what may break if I update the forest or domain mode?”. Usually … nothing! Actually I’ve never heard of anything breaking when you increased the forest or domain mode. However, in Windows Server 2008 or lower versions of domain controllers there was no possibility to roll back the forest or domain mode.
OK – you were able to do a forest recovery (recovering at least one DC of each domain in the forest and rebuild the forest), however I doubt that this is a option usually.
What domain or forest modes for? Actually the only thing they are responsible for, is to tell all domain controllers that each domain controller at the domain or forest has now a certain operating system level, that there will not be new dcpromos of down level operating systems (or at least will not be successful, so no down level DCs will be added to the domain), and that the domain controller can enable certain features which are only allowed if all DCs are at the same level. Examples for this is linked value replication at the Windows Server 2003 Level, fine grained password policies at the Windows Server 2008 domain mode, automatic changes of SPNs or the possibility to turn on AD Recycle Bin at the Windows Server 2008 R2 forest mode. The domain or forest functional level change does only ensure that there are no downlevel DCs at that point, and publishes the status letting all DCs know. Each DC locally will do the changes he needs to do to communicate at the new level, such as changing the database when the recycle bin is turned on, or publishing that he is willing to replicate attribute values separately instead of on a big blob.
However, companies were anxious to increase the forest or domain level. Not because there’s known harm, but because a recovery is not easy if there might happen anything.
In Windows Server 2008 R2 the Active Directory product group made some changes: you are able to increase the domain and forest mode, and you are also able rollback the mode to Windows Server 2008, and switch around as you like. The upgrade of the forest or domain mode is reversible …
… unless you enable a optional feature which requires this mode!
So this has changed. Forest or domain mode upgrades do not automatically enable features which make the mode non-reversible, you can first upgrade the forest or domain mode, wait for a few hours/days/weeks (as you like or your companies working behaviors require), and after you ensured that all applications are working turn on the features you like. Each new Active Directory feature (right now in Windows Server 2008 R2 there is only the Recycle Bin) states if it is able to turn it off and whether it requires a forest or domain level. The Recycle Bin cannot be reversed and – as stated – needs Windows Server 2008 R2 Forest level.
So rollback of the forest / domain mode is possible. However, once you increased the mode to Windows Server 2008 R2, the user interface will not allow you to decrease the mode again. This might lead to some confusion.
But we also got the Powershell Commandlets for Active Directory to help us out.
First we need to load the Powershell Commandlets for AD:
Then we need to decrease the forest mode first (the forest mode specifies the minimum version of the domain mode of any domain in the forest, therefore we cannot decrease the domain mode when the forest mode is higher):
Set-ADForestMode -identity (Get-ADForest).name -ForestMode Windows2008Forest
You can also specify the forest name in the “-identity” parameter, however I’m lazy, so I’m just getting the name of the current forest.
Next we are are able to decrease the domain mode:
Set-ADDomainMode -identity (Get-ADDomain).name -DomainMode Windows2008Domain
And here is the result, the mode has changed and is changeable again:
Voila, hopefully you don’t have to do this in production, but at least it is possible and should ease your migration efforts.