Full of I.T.

Day 3 – Another TechEd Day

Didn’t get in as early as I should have, but still managed to get a lot accomplished.  After a bit of morning blogging, I made it over to the TechEd Store to buy a couple of goodies for my kids.  (They come to expect SOMETHING from Dad every time I go away to TechEd, and I never dissappoint.) 

The afternoon was spent again working in the Exchange TLC. 

One thing I love about TechEd every year is making new acquaintences, and seeing old ones from TechEd’s past.  I also ran into (not literally) an old friend and coworker who I haven’t seen in years. 

And today I shook Mary Jo Foley’s hand.  I hope I don’t get in trouble.  I hear she can suck company confidential information out of you that way. 

Now she’s probably wondering just what the heck “Microsoft Fruit Pie 2007” is going to be.  It’s a good thing they keep me ignorant (and hungry) at this show.

The night was a good one for parties.  I was fortunate to have several to choose from.  The Windows Mobile folks had a party at the Boston Harbor Hotel.  And following that we (Harold Wong and I) went to the Microsoft Exchange Staff Party.  And to top it off we went to the TechNet Magazine party, where I played some pool with John Alexander and Jeff Julian – the guys who run “Geeks with Blogs”.  They also are the moderators for www.techedbloggers.net and www.techneteventsbloggers.net.

Coolest demo I saw:
Saw (and video taped) a very well done demo of the benefits and workings of Microsoft Live Communication Server 2005.

Funniest thing I heard:
Actually, I don’t remember hearing anything funny  – though I know I did laugh quite a bit yesterday.  As I hear them, I’ll have to immediately write down two for tomorrow. 

I actually did SEE something funny.  At least I thought it was.  Take a look at this picture of something with a (Microsoft Logo on it) we’re selling in the TechEd Store.  It’s a little caddie for carrying things in your car.  That alone isn’t funny.  But check out the example pictured on the page next to them…

And I leave you with a couple of other photos I took on Day 3:

Ever wonder what a webcast looks like?

This is great.  The TechNet Webcast folks have put together a really useful test-drive of webcasts.  So.. if you don’t have time to view a whole webcast, or maybe you’re looking for a quick taste of what a webcast looks like, you can check out this site.

Click HERE to check it out.

The idea is that they’ll post a new set of clips from recent “best of” webcasts (highly rated based on evaluation scores), and you’ll get to see tidbits – or click on links that can bring you to the full webcast.

And dig this… I was thrilled to see that they picked one of my recent webcasts on Exchange Server “Tips, Tricks, and Shortcuts” to include their inaugural compilation of webcasts.  Made my day!  (Thanks Dean!)

Day 2 – A Proper TechEd Day

Finally got into the typical TechEd routine.  Breakfast, Breakouts, and [insert something else here that starts with B that you’d find at TechEd]

I had another chance to witness an incredible presenter work his magic yet again.  Steve Riley did a great presentation on what’s new and cool in ISA Server 2006. 

Here are a couple of his comments that delighted the audience:

"If you want to let me know that you disagree with me, that's fine!  …I'll just let you know where you're wrong and then we'll move on."

“Of course you’ll first install this in your lab.  And as everyone knows, ‘Lab’ is just a synonym for ‘Pre-Production’."

"NLB does unnatural acts with Network Switches"

“I don’t DO demos.  Demos have zero risk; they ALWAYS fail.”

"The DMZ is dead.  Get over it.  Get out your trumpet and play taps.  It is a solution to a problem that existed 10 years ago."

Then in the afternoon I enjoyed browsing through the TLCs (Technical Learning Centers) and the Exhibit Hall.  From 5–9PM I worked answering questions in the Messaging TLC, answering (or attempting to answer) Exchange Server questions.  Actually, and honestly, I think I did more learning than answering.  But I helped a few people and enjoyed talking with everyone I met.  Also finally met MVP, fellow blogger, and good friend of the SBS community in Florida, Vlad Mazek.  (Vlad – I need your email so I can send you a larger copy of this picture of us!)

Then after getting back to the hotel and changing, I hopped the shuttle to the TechEd “Jam Session” and managed to belt out a couple of tunes with many talented folks there.  (Pictures and proof are forthcoming.  A couple friends were there taking photos – so as soon as I get a good one from them I’ll post it here.  In the meantime, here’s one of the folks on stage.

Coolest demo I saw:
Well, it wasn’t a demo, because he doens’t DO demos.  But Steve Riley described how ISA Server 2006 can actually provide the load-balancing mechanism for a web server farm.  It lets you manage the servers, mark them as Active, Removed, or about to be removed (called “Draining”, so it can finish up processing current requests before you remove it from the farm), and ISA 2006 will handle distributing the load appropriately.  Awesome!

Funniest thing I heard:
Another from Steve Riley –
"Do the criminals login before they attack your web server?  No.  We have a special name for those kinds of attackers:  ‘Employees’."

I didn’t get to bed ‘til 2:00am, so I missed the first sessions of the morning (don’t tell my boss).   Time to head in now!

Day 1 – Exchange Server 2007 Pre-Conference Session and Keynotes

Today I worked as a proctor in the pre-conference instructor-lead session on Exchange Server 2007.  My time was spent learning more than helping, but I managed to answer a few questions.  My team mate and partner here at TechEd, Harold Wong, answered many more. 

The evening really represented the kick-off to TechEd, with the big Keynote talks given by Bob Muglia, Ray Ozzie, and Chris Capossela.  A fun twist on the evening was the appearance of the Fox television show “24” cast member Mary Lynn Rajskub really playing up her role as everybody’s favorite ultra-geek, Chloe O’Brian. 

Coolest demo I saw today:

Example of the Virtualized Server re-provisioning via MOM (or SCOM).

Funniest thing I heard today:

“…and in Exchange 2007, you will no longer need WINS for anything.”
“Really?”
“Really.”
“No.. I mean, REALLY?”
“Really REALLY.”

Tomorrow I’m going to attend a few sessions, play with a few HOLs, visit the Exhibit Hall, and tomorrow night I have a shift in the TLC (Messaging Area) from 5–9pm. 

I hear that Windows Vista Beta 2 is in the bag that all attendees are getting at TechEd.  That’s great news for the many who have been trying to download it and not having much luck.

(It’s hard for any company to have the bandwidth to allow the whole world to download that stuff!)

I’m heading over to register right now. 

Day 0 – Travel to Boston

Yes!  I’m here!  Bean town!  TechEd 2006!

As you can see from the photo, even the baggage claim at Logan is welcoming us to TechEd.

My room is nice (I’m at the Cambridge Marriott), and I’m just relaxing after a nice burger and beer at the bar downstairs.  (They have my current favorite, on tap!)  Things are looking up!  Room has a big plasma TV, too.  Sweeet!  (Or is that, “Suite!” ?)

Tomorrow is Sunday – the true “Day 1” of TechEd (hence the header above).  I’m heading over to the Convention Center nice and early to register, and then I will be spending most of my day in 258ABC, helping out as a lab proctor during the instructor lead Exchange 2007 pre-conference labs.  And then, of course, the big keynotes are tomorrow night.

Stay tuned… I’ll be posting pictures and commentary here.  I also have my video camera along again this year, so expect some videos from TechEd here soon.

This ad is just the best!  Worth sharing here just for the humour value.

(And it puts me in the mood to watch one of my all-time favourite movies, too.)

 “That’s one more, in’it…”

Below I’ve pasted an edited and cleaned up copy of most of the Q&A from today’s webcast on Active Directory Fundamentals. 

HUGE thank you to Chris Henley, John Baker, John Weston for handling the Q&A on the back-end, and who’s work this really represents.

Also – here is the resource page I put together for this topic also.

-Kevin

—

Questions and Answers:

"Where can I find a step by step guide to setup this on my network?"

http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/directory/activedirectory/stepbystep/default.mspx
is the best place to start for step by step guides

"One thing I did not understand is which machine do you use to manage the active directory. Is it a seperate server which has access to all machines on network?"

You can manage AD from any DC or any workstation or server that has the Adminpak installed and has access to a DC. http://www.microsoft.com/downloads/details.aspx?familyid=c16ae515-c8f4-47ef-a1e4-a8dcbacff8e3&displaylang=en

"Doesn't the OU security customization defeat the overall purpose of AD? restriction vs. transitive trust?"

Good Question. The OU customization does not defeat the purpose because of the heirarchical structure of AD. Each Level of OU structure can provide the benefits of inheritance and granular control for security purposes while the trust relationships can provide access at the forest and domain levels above.

"What are the differences between OU's and Containers?"

An organizational unit is a heirarchical object component of Active Directory while a container is simply a holding area for objects until we decide which OU they should be a part of. 
Another benefit of OUs over Containers is that OUs can have policy (Group Policy) applied to them; containers can not.  And you can delegate administration to OUs, but not to containers.

"Where can I download the GPMC?"

http://www.microsoft.com/downloads/details.aspx?FamilyID=0a6d4c24-8cbd-4b35-9272-dd3cbfc81887&DisplayLang=en

"So we might have objects that reside both in OU's and Containers or can they be present only in one of these at any point in time ?"

Object can only reside in ONE OU or container at any time. It can't exist in both places.

"Is the extention .com required or necessary in AD naming? Is .you or .org allowable? .com implies an HTTP protocol, doesn't it?"

There are several schools of thought on this.  The reality of it is that there is no restriction on what you use for your AD domain names.  Many companies use their DNS namespace as a part of their AD domain name root.  For example, Contoso might have Contoso.com as their external domain space for their WWW site and other applications, but internally they may have "corp.Contoso.com" as the root of their Active Directory namespace. 

"Is there a way to get a report on who is in which OU?"

I think you'd have to create a custom script. Check this link for scripts for managing OU's http://www.microsoft.com/technet/scriptcenter/scripts/ad/ous/default.mspx

"Back to group policy for a moment... I understand distributing software packages via the AD infrastructure is also supported. What are the possible deployment targets? Only OUs, or can these packages be targeted at single users or computers, or the entire domain?"

Group Policy can be applies at 3 levels. Sites, Domains, or OU's. When planning software deployments generally we deploy them to the OU level. It is possible to filter group policies so that only a single user or group of users receive the software you are deploying.

"I just missed the part of how to create the active directory, can you give the direction?"

Active directory can be installed by using the "dcpromo" command from a command line.

"AD replication site need ports ???"

Check this link and scroll down to Active Directory Communication http://www.microsoft.com/technet/prodtechnol/exchange/DE/Guides/E2k3FrontBack/f9733398-a21e-4b40-8601-cfb452da82ad.mspx?mfr=true

"There's a minimal number of DNS server that I must have in my infraestructure, or only one by domain is the recommended ?"

The minimum number of DNS servers necessary to allow active directory to function is 1. Depending on the structure and connectivity of your organization you might implement any number of strategies to supply DNS resolution for Active Directory. There is no specific rule on number of DNS servers per domain.

"What kind of objects can dynamically register in DNS?"

Forests, Domains, and computers from the active directory. Other services might also register such as the Kerberos Key distribution Center.

"What is a cost value?"

A site link is a connection object between two or more sites. A site link allows the administrator to assign cost, a replication schedule, and a transport for replication. Cost is an arbitrary value selected by the administrator to reflect the relative speed and reliability of the physical connection between the sites; the lower the cost, the more desirable is the connection. See link and scroll to "Site Links" http://www.microsoft.com/technet/archive/windows2000serv/technologies/activedirectory/deploy/adguide/adplan/adpch03.mspx?mfr=true

"Is there a way to assign static IPs to workstations through AD or GPOs?"

No, how would the machine be able to get GPO if is didnt already have an IP address?  You need to do this using DHCP.
Another option, though a bit odd (not sure why you would need to do this) would be to use a WMI script - maybe as part of the startup or login script.  You can use WMI commands to configure the NIC.  But.. again, the first time it's run you'd have to first have it dynamically get an address, then the script could launch to reset it to a static address. 

"Can you give a typical rule of thumb figure in bps of how much BW is used for intersite replication?"

It really depends on the number of changes that are made at each individual site and the replication interval between the sites. There is really no standard figure.

"Can users and computers be migrated from one domain to another?"

Yes. 

"Has anything changed around Active Directory in Vista? Is there anything to mention about any of the following scenarios? (1) Connecting Vista clients to Win2k3 DCs (2) Connecting XP/Win2k3 clients to Vista Server DCs (3) Connecting Vista clients to Vista Server DCs.”

Watch some of the great webcasts on Windows Vista that are currently available on the webcast archives, or in up-coming webcasts.

"Is the KCC automatically run or is there some manual process that needs to occur there?"

Automatic.

“Is there a ‘best practices’ guide on how to audit Active Directory?”

I would use the active directory deployment guides here http://www.microsoft.com/windowsserver2003/technologies/directory/activedirectory/default.mspx

"Thanks Kevin - Great talk! Although not necessarily within the scope of the talk, I do have some additional questions around how flexible the software deployment options are through Active Directory. Are there ways to deploy things other than single MSI packages? What are .ZAP files, and what does AD do with them?"

As promised, here are some software deployment resources for you:
Using Active Directory -
http://www.microsoft.com/technet/prodtechnol/windows2000serv/howto/instmain.mspx
Using Microsoft Systems Management Server 2003 (SMS 2003) -
http://www.microsoft.com/smserver/evaluation/capabilities/appdeploy.mspx

"I'm running classrooms and a lab in an elementary school, and wanadd a file server. Do I lose anything if I don't use Active Directory?"

I guess it depends on how you're handling authentication for the sake of securing the files or other resources. If you're okay with leaving things wide open, then you're fine. If you're only managing a few computers, then doing peer-to-peer authentication is okay. But any more resources than that become difficult to manage without some central directory. I highly recommend you look at Small Business Server 2003.

"What are the core differences between Win2k and Win2k3 AD features based on today's presentation?"

GREAT question.  Here's a really good "What's new" chat, with additional links to resources that should make it pretty clear: http://www.microsoft.com/technet/community/chats/trans/windowsnet/wnet0630.mspx

—

Kevin’s Webcast Resources:

Active Directory Fundamentals

Here are some resources relating to the webcast topic presented.  I hope you find them useful.

Kevin

Announced at WinHEC 2006…

Microsoft made some big announcements about our Virtualization product road map yesterday at WinHEC 2006.  (I’m sorry I wasn’t able to get the news out about it sooner, but was busy attending and presenting at a seminar in St. Louis.)  Two products and an acquisition were announced:

• Windows Server Virtualization
• Microsoft System Center Virtual Machine Manager (SCVMM)
• Acquisition of Softricity, Inc

Windows Server Virtualization is the “hypervisor” you may have heard something about.  It’s a thin layer of virtualization that will be optimized for 64 bit environments using the new virtualization support in the newer Intel and AMD processors. 

“Wait a second, Kevin.  I thought Virtual Server 2005 R2 SP1 was going to also take advantage of the ‘virtualization support’ in the new processors?”

True.  It will.  (Expect to see a free beta of Virtual Server 2005 R2 SP1 soon).  But as opposed to Virtual Server 2005 R2, which is software running on top of the host OS, Windows Server Virtualization is a thin layer that allows multiple OS’s to be managed and run more efficiently, running under a thin, optimized version of “Longhorn” Server.  It will support the same .VHD disk format (so you can move easily to it when it arrives, and will support 64bit guest OS’s as well.  We expect to release it around the time “Longhorn” Server is released.

The Virtual Machine Manager is “a centralized, enterprise management solution for the virtualized data center, to meet the growing customer need for improved physical hardware utilization.”  (When I can’t say it better, I quote the press release.)  The tool is to be a part of the System Center family of tools, and will integrate nicely into that suite for the sake of centrally managing your virtual machines running on both Virtual Server 2005 R2 and Windows Server Virtualization.  Expect to see a beta of this product in a couple months.

The intent to acquire Softricity, Inc. comes from a desire to support something called “virtualized applications”. 

“Huh?”

That’s what I said at first, too.  Think about it this way: In Virtual PC or Virtual Server you virtualize entire machine OS installations by putting a virtualization layer in place to make an OS installation think it’s installed and running on it’s own machine, right?  Now take that layer up one level and instead let’s just do that for the applications and services that run on an OS – let them think that they’re installed and running on your OS, when in reality they’re being hosted in a way that doesn't actually have them installed or potentially conflicting with other applications or services.   

“My head hurts.”

Yeah.. mine too.  And add to that the capability to serve up those applications now from a central server instead.  “On-Demand Application Streaming”.  I can’t wait to play with it.  It has some really cool potential.  Apparently it was demonstrated during Bob Muglia’s keynote at the Microsoft Management Summit, so I’m going to watch the recording of his keynote to check it out.

Today, if I weren’t going to be on a plane home, I’d be watching Bill Gate’s keynote being broadcast from WinHEC 2006.  (It’ll be recorded, so I’m sure I’ll see it later.)

Wondering about Windows Desktop Search?

Wonder no more!

My friend and “cow-orker”** Matt “Mongo” Hester has created a very detailed, beautifully done screencast all about how it works and what it does for you.

He’s also in the process of submitting an article to a magazine about this.  I’ll let you know when it’s available.

Do you use a desktop search engine?  Are you going to install it after you view his video? 

**Extra points if you can comment here on where the “cow-orker” reference comes from. 

Windows Media Player 11 Beta

Yes, you can download the beta of Windows Media Player 11.  This is the version that will ship in Windows Vista, as well as be available for other OS’s.

Along with this, you can try out a new music service called URGE from the MTV folks. 

I just learned about a feature that is coming in Microsoft Word 2007 (part of the 2007 Office System) that has me pretty excited. And I asked permission to post this to my blog today.  The feature will be seen for the first time (although incomplete) in the soon-to-be-released “beta 2” of 2007 Office.

Would you like to post to your blog right from Word?  Well… who wouldn’t?

That’s what you can do now. In fact, I’m recording a screencast even as I make this post, showing exactly how it’s done.

Check back here for a link to view the recording of my quick-and-dirty-demo.

—

UPDATE: Here is the video containing my quick-and-dirty demo.

After I do a live TechNet Event, Microsoft Campus Connection Event, or TechNet Webcast, and the content has contained something about the new products coming out, the one question I’m asked the most is, “How do I get the beta?”

“Okay.. so how do I get the beta?”

Well, the best way of course is a TechNet Plus subscription.  That will include having betas sent directly to you.  But another way to keep tabs on what is new and available is to subscribe to the TechNet Flash e-mail newsletter.  This page here gives you the details and steps to take for signing up, so you’ll get the word when a new beta or CTP (Community Technology Preview) is available for you.

And.. I don’t think I will get in trouble telling you this - but I’m running an “escrow build” – a build that is in it’s final stages of being tested for beta release – of Windows Vista Beta 2.  It’s “flippin’ sweeet!”

Live Event Resources

For the past year or so I’ve gotten into the habit of typing out my live event and webcast resources, and making them available to my event attendees.  The response has been overwhelmingly positive.  And this quarter is no exception.  This time around, though, the document is HUGE!

Still, I’m printing them out and will bring them to my Des Moines and St. Paul events next week.  And for those of you who do NOT want to type in URLs, you can do directly to the document here.

“What are you guys covering this time?”

I’m glad you asked!  Here is the description of our three sessions.  (More details, dates, times, and places can be found at http://www.technetevents.com.)

Take Charge of Your Security with TechNet Events

Your customers are being bombarded with attacks and your boss wants to know what you’re going to do about it. What now? Join the TechNet Events team as we show you how to securely deploy and assess a wireless network – despite the existing threats. You’ll leave these must-see sessions armed and ready to deal with the bad guys. TechNet Events are your free, local ticket to the best IT information available. We’re talking solid technical resources that you can put into practice today.

Session 1: Implementing Security for Wireless Networks
• How to securely configure a WLAN using password authentication
• The 802.xx standard and the differences between PEAP, WPA and WEP
• Existing threats to wireless security

Session 2: Responding to Computer Attacks
• How to manage the most common security incidents
• How to detect, trace and assess network intrusions
• How to create and implement an incident response team

Session 3: What’s Next for Microsoft® Security?
• Microsoft’s new security innovations, such as Windows Defender
• Upcoming security products, services and technologies
• Where we’re headed next in the battle against security breaches

Be empowered!  Be secure!

-Kevin