I just posted that in R2 Microsoft plans to provide a true Recycle Bin for AD objects that were deleted, but until then the best we’ve got is Windows Server 2008 Active Directory.
After hours of researching “how do AD snapshots in 2008 help me recover a deleted object(s), it’s attributes, and referring objects (i.e. groups pointing back to the deleted user)?” I was disappointed.
From what I can tell, the answer is: built in tools allow for no additional automation over 2003 AD, other than using cut and paste to restore attributes from the snapshot to live AD (after you’ve reanimated the object in live AD).
You may be able to mount AD snapshots, and even view them with Users and Computers and other AD tools, but you really can’t DO ANYTHING with that data So I went searching for how others were solving this.
Here’s one of a few tools that tries to automate the process of finding the tombstoned object in your live AD, find it’s old info in a snapshot, and dumping that data back in to the reanimated object in AD:
Jorge from dirteam.com talks about it, basically describing my realization in greater detail
We’re starting our plan for upgrading our Domain Controllers to Win2008. A few cool features are snapshots of AD (may replace our lag sites if we can figure out how to use snapshots for item recovery) and local admins of the DC’s don’t have to be domain admins. Our GPO replication also leaves legacy FRS technology for DFSR. Lots of other little things are improved, but that’s the big stuff.
Honestly 2008 wasn’t that exciting for us AD fans. No recycle bin, no PowerShell support, same old MMC w/o quick search, no native “web services” for AD… But it looks like they plan to take care of ALL that and more in Win2008 R2 (RTM 2010):
- Whole new PowerShell-based GUI console
- 85 PowerShell command-lets (CMDlets) for AD/LDS
- PowerShell will use AD Web Services and WCF
- Some of this stuff won’t work in Server Core (I’ve written off Core as a 1.0 product that should be avoided in 98% of cases. Eventually I think Core will just be Server w/o any added features.)
- Optional recycle bin (likely the most highly requested feature of AD in it’s 10 year life)
- New object type for service accounts (no password policy, no interactive logon)
- Offline domain join
- Built-in Best Practice Analyzer (love the Exchange, ISA, and SQL BPA’s)
Here’s a breakdown from TechEd EMEA
How many emails have you sent, where you wished you could pull it back within seconds/minutes of clicking send? I call this the “Oh No Minute”, and Outlook can help.
I used an excellent idea found at the How-To Geek site for creating a rule to prevent the “Oh No!” reaction after sending an email you realize you didn’t mean to send. (i.e. forgot the attachment, left someone off the To: line, etc.). This rule will delay any message you send in Outlook for a period of time (in minutes). It will look like it sent, but actually is waiting in your Outbox.
I tweaked that rule a bit from the How-To above. First, mine is only 1 minute, not 5 as the tutorial above suggests. I find that you almost always “Oh No” with in 60 seconds. Second, I put in an exception to send right now if i mark the email as high importance (exclamation mark). Try it out!
There are many other posts about the pros/cons of Windows Server 2008 as a client machine/desktop/laptop/workstation. Mostly false claims of faster-then-Vista performance, etc. I’m using it on a laptop in x64 strictly for training purposes (not as my main OS) and had to work out these few issues before I could fully use it in that scenario:
- WebDAV Access. Lets say you want to browse to a SharePoint site using UNC path names, or maybe use the new fabulous sysinternals \\live.sysinternals.com\tools way of getting their tools quickly… we’ll you can’t until you add the 2008 feature “Desktop Experience” which will then add the WebClient service. That service is what allows you WebDAV access to other servers. Don’t confuse this with the IIS 7 WebDAV which will allow you to serve up WebDAV content to others. Also note that in Windows Server 2003 the WebClient service is disabled by defaut so if you have the same issues in that OS, enable and set to automatic. It’s a security thing since most don’t use servers to browse web content.
- Wireless Access. You need to install the feature Wireless LAN Service to use a WiFi card.
- Hyper-V. = no sleep/hibernate (fixed: read update below). It’s been said on many other sites, but once you add the Hyper-V role to Server 2008 these features are disabled… making it harder to use it on a laptop.
- Internet Explorer Enhanced Security Configuration (IE ESC). To make the web useable from IE, you need to disable this, which you’ll find under Server Manager Summary page where the Security Information is at.
update: Have a GUI do all this for you and more! Over at the Windows Server 2008 Workstation Converter blog.
update 11/15/2008: A reg entry has been found for disabling Hyper-V and allowing power states and sleep/hibernate to work. However, in my experiance, each change of the setting requires a full reboot, so if you disable Hyper-V and reboot, then want to start a VM in Hyper-V, you’ll need to change the setting back and reboot again.
I’m hosting my 2nd year of a TechEd ITPro Birds-of-a-Feather session. Didn’t attend this BoF last year? Read my post session summary. It’s on Wednesday, June 11th at 4:30pm to 5:45pm in S330 E (vCalendar Apt.)
The datacenter is rapidly changing as we shift to vitalizing many of our application and Web servers to virtual workloads. This is a forum to discuss physical design changes from the “one box, one OS” to various options like blade heads (build out), 16-way heads (build up), and SAN storage of disks. Topic starters like “NFS, LUN, or CIFS for virtual hard drive storage?”, “Why NOT to use iSCSI?”, “What do you require before considering the jump from VMWare to Microsoft for hosting or management”, “Anyone using Citrix over the others?”, “Anyone aggressive with SCVMM and/or Hyper-V yet?”. Hear big and small shops describe what works and what doesn’t for them; how they address F.U.D., bottlenecks, disaster recovery, backups, and more. This discussion is product agnostic and focused around how we can do more OS’s with less hardware. We had this BOF last year—come by to talk about how much has changed.
