We had a great show this Tuesday, the first session after the keynote was about Windows Server 2008 R2 and we had lot of stuff to show and to share with the audience, you can get the presentation here,

I promise I was going to drop the powershell scripts here, and here they are,

Remote Powershell and Best Practices Analyzer Example

TechNET Migration Portal CMDLets

TechNET did a great work to ease migration experience to Windows 2008 R2, go and take a look to the TechNET Migration Portal. During the demostration we migrated a File Server role from a Windows 2008 server to a Windows 2008 R2 server.

1. #En ambos servers
   
   Add-PSSnapin Microsoft.Windows.ServerManager.Migration
2. #Primero: Desde server origen
   
   Receive-SmigServerData
3. #2do: Desde Server destino
   
   Send-SmigServerData -ComputerName <DestinationServer> -SourcePath d:\users -DestinationPath d:\shares\users -Recurse -Include All -Force

Active Directory Recycle Bin

The credits for the “Enable AD Recycle Bin” part are for  Leandro Amore, I took the script from his blog, I know he wont be mad about it :).

1. #Enable AD recycle bin
   
   import-module activedirectory

   $forest=Get-ADForest -Current loggedonuser

   Set-ADForestMode -Identity $forest.name -ForestMode ‘windows2008r2forest’ -confirm:$false

   Enable-ADOptionalFeature -Identity ‘Recycle Bin Feature’ -Scope forest -Target $forest.name -confirm:$false

   Get-ADOptionalFeature -filter ‘name -eq "Recycle Bin Feature"’

2. #Mostrar computadoras en el recycle bin
   
   Get-ADObject -filter ‘isdeleted -eq $true -and name -ne "Deleted Objects"’ -includeDeletedObjects -property * | Select samAccountName,displayName,lastKnownParent | Out-GridView
3. #Restore de computadora una ves ubicada
   
   Get-ADObject -filter ’samAccountName -eq "TN-SCO1$"’ -includeDeletedObjects | Restore-ADObject

Active Directory Managed Accounts

Finally, we configured a service to run under the identity of a Managed Service account a cool new feature of AD DS on Windows Server 2008 R2.

1. #registrar MSA
   
   Import-Module ActiveDirectory

   New-ADServiceAccount -Name wwwTN-SCO1 -Enabled $true

   Add-ADComputerServiceAccount -Identity TN-SCO1 -ServiceAccount wwwTN-SCO1

2. #instalar MSA
   
   Install-ADServiceAccount -Identity wwwTN-SCO1

Hope you enjoy it!

Esto va en castellano en honor a mi lengua nativa, quisiera compartir con ustedes una camino para IT Pros para meterse en el mundo de los STSs e Identidad Federada de la mano de Windows Identity Foundation (ADFS v2.0). Al momento ya desplegué varios laboratorios y 2 ambientes de pre-producción de Geneva Server Beta 2 y es momento de recapitular un poco de donde salieron las cosas,

Para llegar a primera base y tener los conceptos básicos, les recomiendo leer un artículo que me hizo entender que habáía atrás de todo el tema de identidad y STS, es parte de la entrega 16 del Architecture Journal dedicada a identidad, el artá­culo es Claims and Identity: On-Premise and Cloud Solutions de Vittorio Bertocci. A modo de introducción también pueden rememorar la charla que dio Matias Woloski en Microsoft este año Microsoft Architecture Day: Roadmap to Identity.

Con la visión, Tokens, Claims y STSs en el bolsillo, vamos en concreto a la implementación de Microsoft que es ADFS v2 (aka Geneva Server). La mejor documentación técnica al momento se ve en el Site de ADFS v2 dentro de TechNET. Geneva Server está documentado alineado con dos casos de uso, “Web SSO Design” y “Federated Web SSO Design” si bien el segundo es el mas rico por atacar el tema de federación es importante que se entiendan ambos. Luego de comprendido el tema de Federation Server, saltamos al tema deProxy Server que utilizamos para acomodarnos a DMZs, al leer estas secciones presten especial atención al tema DNS.

Es importante manejar el tema de certificados (Sobre todo si usan publicaciones con proxy reverso de ISA Server). Hay certificados en cada Federation Server y en cada Proxy Server para garantizar autenticación segura con tokens. Finalmente, esto tiene que ver con la capa de STS exclusivamente. Recordemos que debajo de esta capa seguramente tengamos una granja NLB de Windows 2008 R2 que es un tema aparte.

Espero sea de ayuda y quisiera en futuros posts profundizar en detalles de implementación que han surjido en la práctica,

RUN Reloaded 09 (the official Windows 7 Launch in AR) will happen next 24/25 November, hosted in the UADE University (Lima 717 - Aula Magna).

Registration is not open and there is room for 325 attendees, targeted for Microsoft customers. This event will go through the following technologies Windows 7, Windows Server 2008 R2, Expression 3, Silverlight 3, Sharepoint Server, Office 2010, Exchange Server 2010 and Visual Studio 2010.

I will be driving the following sessions

• Que hay de Nuevo en Windows Server 2008 R2 – Alberto Ortega
• Mejoras en Virtualizacion en Windows Server 2008 R2 – Martin Berra - Alberto Ortega- Leandro Amore

And you can apply on the following links…

IT Sessions (8.30 to 13hs, IT Guys wake-up earlier )
Day 1) http://msevents.microsoft.com/CUI/InviteOnly.aspx?EventID=87-89-49-55-52-F8-06-07-7D-2B-C0-13-F9-6E-04-68&Culture=es-AR
Day 2) http://msevents.microsoft.com/CUI/InviteOnly.aspx?EventID=87-89-49-55-52-F8-06-07-DB-F0-DE-BA-96-08-99-FD&Culture=es-AR

Dev Sessions (13.30hs to 18hs)
Day 1) http://msevents.microsoft.com/CUI/InviteOnly.aspx?EventID=87-89-49-55-52-F8-06-07-87-1C-0C-A6-7C-6E-3A-5D&Culture=es-AR
Day 2) http://msevents.microsoft.com/CUI/InviteOnly.aspx?EventID=87-89-49-55-52-F8-06-07-F7-F9-55-05-54-0A-29-EE&Culture=es-AR

CU!!

I was in the middle of the setup of SCVMM 2008 R2 on a lab environment and got to the point that I needed to configure the Library Share Settings. I wanted the Library to be on a separate physical drive (1TB SATA drive) but it was really annoying to shutdown the VM, add the drive, map the drive to the VM and turn it on again…

Enlightened, I realized that I was running Hyper-V R2 and I had Storage Hot-Add feature ready to be tested!!! Well, it went pretty well I must tell, in 3 minutes I was continuing with my wizard without even closing it! thanks, thanks…

1. Hot-add a 1TB SATA drive to my box
   
2. Hot-add the Offline drive to my VM a an SCSI disk
    
3. Add the volume on my VM and we are done!
   

Today I had to deploy SCCM 2007 SP2 RC on a Windows Server 2008 R2 system. The installation went pretty straightforward, however it can become a little tricky if you have not installed previous versions of SCCM. This procedure deploys SCCM in mixed mode, on a future post I will show how to deploy the needed PKI infrastructure to support the native mode of SCCM.

Below you will find the step-by-step:

1. OS Pre-requisites
   1. Features > Background Intelligent Transfer Service (BITS) – Add every role and service required.
   2. Features > Remote Differential Compression
   3. Role > Web Server (IIS): Add the following components to the default selection.
      1. ASP.NET
      2. Windows Authentication
      3. Dynamic Content Compression
      4. IIS6 Metabase Compatibility
      5. IIS6 WMI Compatibility
      6. WebDAV Publishing
      7. ASP
2. SQL Server 2008 + SP1
   1. Database Engine Services.
   2. Reporting Services.
   3. Management Tools – Complete.
   4. Use NETWORK SERVICE for every SQL Server Service.
   5. Configure SSRS in native mode.
   6. After installation, download and install SQL Server 2008 SP1.
3. WSUS 3.0 SP2
   1. Download and install “Microsoft Report Viewer Redistributable 2008 SP1”
   2. Download and Install  WSUS 3.0 SP2
      1. Use the SQL Server 2008 db deployed before to store the updates.
      2. Create a dedicated IIS Website for WSUS.
      3. Run the initial configuration wizard and select the behavior and types of updates you want.
4. Configure WebDAV on IIS7.5
   1. Open the WebDAV properties on the Default Website
      
   2. Click on “Enable WebDAV” on the Actions pane.
   3. Click on “Add Authoring rule” on the Actions pane.
      • Allow Access To: All Content
      • Allow access to this content to: All Users
      • Permissions: Read
   4. Click on “WebDAV Settings” on the Actions pane.
      • Property Behavior > Allow Anonymous Property Queries = True
      • Property Behavior > Allow Custom Property = Fals
      • Property Behavior > Allow Property Queries with Infinite Depth = True
      • WebDAV Behavior > Allow Hidden Files to be Listed = True
        
   5. Modify on the ApplicationHost.config the <requestFilter> directive
      1. Open C:\Windows\System32\inetsrv\config\applicationHost.config
      2. Allow the file extension “.mdb” by editting the <requestFiltering> section:
         
5. SCCM 2007 SP2 RC
   1. Extend the AD Schema: This is a non-reversible operation and should be executed on production environments without taking rollback measures before.
      1. Run the EXTADSCH.EXE file under an account with enough privileges to modify the AD schema (Member of Schema Admin security group)
         
      2. If you have any problem with this step, check the log file on c:\ExtADSch.log
      3. Now that you have extended the schema you need to enable the publishing of SCCM information into AD, to do this
         1. Manually create the System Management Container in AD: http://technet.microsoft.com/en-us/library/bb632591.aspx
         2. Set the security properly on that container: http://technet.microsoft.com/en-us/library/bb633169.aspx
         3. And after the installation finishes verify that SCCM is automatically publishing this information: http://technet.microsoft.com/en-us/library/bb680711.aspx (This is created by default)
   2. Run the Pre-requisite checker to verify there you pass every test.
   3. Run the SCCM Setup
      1. Select “Install a Configuration Manager site server”.
      2. Select “Custom Settings”
      3. Select “Primary Site””
      4. Enter Site Code (“eg: TNA”) and  Site name
      5. Install a mixed mode configuration (We did not deploy needed certificated for the native mode)
      6. Select local SQL Instance and default DB name.
      7. Setup a provider on the localhost.
      8. Install a management point on the localhost.
      9. Use the default port for communications (80)
      10. Select a local folder to download the SCCM updates, this will take a while
          
      11. Finally, launch the SCCM installation.
6. SCCM Post-Deployment Configuration Tasks
   1. I suggest to follow this checklist to begin using your SCCM deployment: http://technet.microsoft.com/en-us/library/bb633240.aspx
   2. Configure Site Boundaries
      
   3. Select the roles
      
   4. Client Installation
      1. Configure Client Push Installation using a Domain Admin account.
      2. Configure Discovery Methods: Enable Active Directory Discovery
         

Now wait for the discover to occur and begin managing!!