Arquivo
Falando sobre Windows Server: Reanimação de Objetos de Exclusões do Active Directory
Updated: January 9, 2009
Applies To: Windows Server 2008 R2
What are the major changes?
Accidental deletion of Active Directory objects is a common occurrence for users of Active Directory Domain Services (AD DS) and Active Directory Lightweight Directory Services (AD LDS).
In Windows Server 2008 Active Directory domains, you could recover accidentally deleted objects from backups of AD DS that were taken by Windows Server Backup. You could use the ntdsutil authoritative restore command to mark objects as authoritative to ensure that the restored data was replicated throughout the domain. The drawback to the authoritative restore solution was that it had to be performed in Directory Services Restore Mode (DSRM). During DSRM, the domain controller being restored had to remain offline. Therefore, it was not able to service client requests.
Also, in Windows Server 2003 Active Directory and Windows Server 2008 AD DS, you could recover deleted Active Directory objects through tombstone reanimation. In Windows Server 2003 and Windows Server 2008, a deleted Active Directory object was not physically removed from the database immediately. Instead, the object’s distinguished name (also known as DN) was mangled, most of the object’s non-link-valued attributes were cleared, all of the object’s link-valued attributes were physically removed, and the object was moved to a special container in the object’s naming context (also known as NC) named Deleted Objects. The object, now called a tombstone, became invisible to normal directory operations. Tombstones could be reanimated anytime within the tombstone lifetime period and become live Active Directory objects again. The default tombstone lifetime was 180 days in Windows Server 2003 and Windows Server 2008. You could use tombstone reanimation to recover deleted objects without taking your domain controller or your AD LDS instance offline. However, reanimated objects’ link-valued attributes (for example, group memberships of user accounts) that were physically removed and non-link-valued attributes that were cleared were not recovered. Therefore, administrators could not rely on tombstone reanimation as the ultimate solution to accidental deletion of objects.
Active Directory Recycle Bin in Windows Server 2008 R2 builds on the existing tombstone reanimation infrastructure and enhances your ability to preserve and recover accidentally deleted Active Directory objects. For more information about tombstone reanimation, see Reanimating Active Directory Tombstone Objects (http://go.microsoft.com/fwlink/?LinkID=125452).
Windows Server 2008 R2 Active Directory Recycle Bin helps minimize directory service downtime by enhancing your ability to preserve and restore accidentally deleted Active Directory objects without restoring Active Directory data from backups, restarting AD DS, or rebooting domain controllers.
What does Active Directory Recycle Bin do?
When you enable Active Directory Recycle Bin, all link-valued and non-link-valued attributes of the deleted Active Directory objects are preserved and the objects are restored in their entirety to the same consistent logical state that they were in immediately before deletion. For example, restored user accounts automatically regain all group memberships and corresponding access rights that they had immediately before deletion, within and across domains. Active Directory Recycle Bin works for both AD DS and AD LDS environments.
Who will be interested in this feature?
The following groups might be interested in Active Directory Recycle Bin in Windows Server 2008 R2:
- Early adopters of Windows Server 2008 R2 and information technology (IT) administrators, planners, and analysts who are evaluating Windows Server 2008 R2
- Enterprise IT planners and designers
- IT operations managers who are accountable for network and server management, IT hardware and software budgets, and technical decisions
- Active Directory administrators
Are there any special considerations?
- By default, Active Directory Recycle Bin is disabled. To enable it, you must first raise the forest functional level of your AD DS or AD LDS environment to Windows Server 2008 R2. This in turn requires that all domain controllers in the forest or all servers that host instances of AD LDS configuration sets be running Windows Server 2008 R2.
- In Windows Server 2008 R2, the process of enabling Active Directory Recycle Bin is irreversible. After you enable Active Directory Recycle Bin in your environment, you cannot disable it.
What new functionality does Active Directory Recycle Bin provide?
The following diagram shows the life cycle of a new Active Directory object in Windows Server 2008 R2 when the Active Directory Recycle Bin feature is enabled.
.gif)
After you enable Active Directory Recycle Bin in Windows Server 2008 R2, when an Active Directory object is deleted, the system preserves all of the object’s link-valued and non-link-valued attributes, and the object becomes “logically deleted”, which is a new state that is introduced in Windows Server 2008 R2. A deleted object is moved to the Deleted Objects container, and its distinguished name is mangled. A deleted object remains in the Deleted Objects container in a logically deleted state throughout the duration of the deleted object lifetime. Within the deleted object lifetime, you can recover a deleted object with Active Directory Recycle Bin and make it a live Active Directory object again. Within the deleted object lifetime, you can also recover a deleted object through an authoritative restore from a backup of AD DS. For more information, see Active Directory Recycle Bin Step-by-Step Guide (http://go.microsoft.com/fwlink/?LinkId=133971).
After the deleted object lifetime expires, the logically deleted object is turned into a recycled object and most of its attributes are stripped away. A “recycled object,” which is a new state in Windows Server 2008 R2, remains in the Deleted Objects container until its recycled object lifetime expires. After the recycled object lifetime expires, the garbage-collection process physically deletes the recycled Active Directory object from the database. A recycled object cannot be recovered with Active Directory Recycle Bin or with the steps in Reanimating Active Directory Tombstone Objects (http://go.microsoft.com/fwlink/?LinkID=125452). This is a new behavior in Windows Server 2008 R2.
By default, a recycled object in Windows Server 2008 R2 preserves the same set of attributes as a tombstone object in Windows Server 2003 and Windows Server 2008. To change the set of attributes that are preserved on a Windows Server 2008 R2 recycled object (that is, to make sure that a particular attribute of an object is preserved when this object becomes recycled), set the value of the searchFlags attribute in the schema to 0x00000008. This process is similar to the process for preserving attributes on Windows Server 2003 and Windows Server 2008 tombstone objects. For more information, see Search-Flags Attribute (http://go.microsoft.com/fwlink/?LinkID=125453).
.gif) Important |
|---|
| When Active Directory Recycle Bin is enabled, all objects that were deleted before Active Directory Recycle Bin was enabled (that is, all tombstone objects) become recycled objects. These objects are no longer visible in the Deleted Objects container, and they cannot be recovered with Active Directory Recycle Bin. The only way to restore these objects is though an authoritative restore from a backup of AD DS that was taken of the environment before Active Directory Recycle Bin was enabled. |
The deleted object lifetime is determined by the value of the msDS-deletedObjectLifetime attribute. The recycled object lifetime is determined by the value of the legacy tombstoneLifetime attribute. By default, msDS-deletedObjectLifetime is set to null. When msDS-deletedObjectLifetime is set to null, the deleted object lifetime is set to the value of the recycled object lifetime. By default, the recycled object lifetime, which is stored in the tombstoneLifetime attribute, is also set to null. When tombstoneLifetime is set to null, the recycled object lifetime defaults to 180 days. You can modify the values of the msDS-deletedObjectLifetime and tombstoneLifetime attributes anytime. When msDS-deletedObjectLife is set to some value other than null, it no longer assumes the value of tombstoneLifetime.
Are there any dependencies?
By default, Active Directory Recycle Bin is disabled in Windows Server 2008 R2. To enable it, you must first raise the forest functional level of your AD DS or AD LDS environment to Windows Server 2008 R2. This in turn requires that all domain controllers in the forest or all servers that host instances of AD LDS configuration sets be running Windows Server 2008 R2.
How should I prepare to deploy Active Directory Recycle Bin?
To enable Active Directory Recycle Bin in your AD DS environment, do the following:
- Run Adprep to update your Active Directory schema with the necessary Active Directory Recycle Bin attributes. Membership in the Schema Admins group is the minimum required to complete the following Adprep tasks:
.gif)
Note If you are performing a clean install of an Active Directory forest in Windows Server 2008 R2, you do not have to run Adprep. In addition, your Active Directory schema will automatically contain all the attributes that are necessary for Active Directory Recycle Bin to function properly. If, however, you are introducing a Windows Server 2008 R2 domain controller into your existing Windows Server 2003 or Windows Server 2008 forest and, subsequently, you are upgrading the rest of the domain controllers to Windows Server 2008 R2, you must run Adprep to update your Active Directory schema with the attributes that are necessary for Active Directory Recycle Bin to function correctly. - Prepare the forest by running the adprep /forestprep command on the server that holds the schema master operations master (also known as flexible single master operations or FSMO) role to update the schema.
- Prepare the domain by running the adprep /domainprep /gpprep command on the server that holds the infrastructure operations master role.
- If a read-only domain controller (RODC) is present in your AD DS environment, you must also run the adprep /rodcprep command.
To enable Active Directory Recycle Bin in your AD LDS environment, do the following:
- Upgrade the schema of your AD LDS configuration set with the necessary Active Directory Recycle Bin attributes by running the following command:
Ldifde.exe –i –f MS-ADAM-Upgrade-2.ldf –s server:port –b username domain password –j . -$ adamschema.catNote If you are upgrading your environment to Windows Server 2008 R2, you can upgrade the schema first and then upgrade the operating system. If you select this approach, you will have to first locate and download the necessary MS-ADAM-Upgrade-2.ldf and adamschema.cat files. Or you can do the reverse: upgrade the operating system first and then upgrade the schema. This is the recommended approach, because both MS-ADAM-Upgrade-2.ldf and adamschema.cat are available in Windows Server 2008 R2 in the C:WindowsADAM directory. - Make sure that all servers that are hosting instances of your AD LDS configuration set are running Windows Server 2008 R2.
- Raise the functional level of your AD LDS configuration set to Windows Server 2008 R2.
Which editions include Active Directory Recycle Bin?
Active Directory Recycle Bin is available in the following editions of Windows Server 2008 R2:
- Windows Server 2008 R2 Standard
- Windows Server 2008 R2 Enterprise
- Windows Server 2008 R2 Datacenter
Active Directory Recycle Bin is not available in the following editions of Windows Server 2008 R2:
- Windows Server 2008 R2 for Itanium-Based Systems
- Windows Web Server 2008 R2
Additional references
For more information about how to enable Active Directory Recycle Bin in Windows Server 2008 R2 and how to recover deleted Active Directory objects, see the Active Directory Recycle Bin Step-by-Step Guide (http://go.microsoft.com/fwlink/?LinkId=133971).
Talking about In Place Windows 2008 Domain Upgrade Part2 – Ceyhun Kirmizitas
Talking about In Place Windows 2008 Domain Upgrade Part3 – Ceyhun Kirmizitas
Falando sobre In Place Windows 2008 Domain Upgrade Part1 – Ceyhun Kirmizitas
Falando sobre Prometric MCTS 70-640 Us-english exam not available | Microsoft Certification Ebook
Falando sobre Prometric MCTS 70-640 Us-english exam not available | Microsoft Certification Ebook
70-640 is basically being replaced by 83-640 in English language. 70-640 was just available until the end of May and afterwards you can only schedule and take 83-640 exam (English version, the rest versions should become available shortly).
Microsoft is using the 83-### numbering scheme to distinguish lab-based exams from the traditional multiple-choice and interactive item-type exams (70-###).
The study objectives are the same for both exams; the content has not changed, just the format.
83-640: http://www.microsoft.com/learning/en/us/Exams/83-640.aspx
Citação
Prometric MCTS 70-640 Us-english exam not available | Microsoft Certification Ebook
Falando sobre IT Careers – Convergência Digital – Crise aumenta investimento de empresas em certificações
|
|
Crise aumenta investimento de empresas em certificações
IT Careers – Convergência Digital
:: Fernanda Ângelo :: 09/04/2009
Uma pesquisa realizada recentemente revelou que as crescentes pressões decorrentes da crise têm tornado os profissionais de TI menos ambiciosos e menos centrados no desenvolvimento de suas carreiras, com 45% deles afirmando ter suspendido quaisquer planos de investimento na profissão. De fato, a decisão de investir dinheiro na especialização em uma determinada tecnologia não é fácil. Ainda mais quando não se sabe o dia de amanhã.
Por outro lado, a mesma crise tem obrigado as empresas do setor a buscarem qualificações nas tecnologias de seus parceiros. Aquelas interessadas em sobreviver, especialmente entre os integradores de TI, precisam fazer investimentos no sentido de obter diferenciais em relação à concorrência. E quem ganha com isso são os colaboradores dessas companhias.
A explicação é simples: a demanda por qualificação junto a fabricantes acaba por se traduzir em investimentos na certificação de profissionais.
Interessada em se estabelecer definitivamente no mercado de redes, Telecom e soluções de conectividade, a FDM Network, por exemplo, investiu em 2008 algo em torno de R$ 28 mil para certificar profissionais em diversas tecnologias de soluções de conectividade da Systimax, marca detida pela CommScope. Só assim entraria para o seleto grupo de 60 integradores no Brasil aptos a instalar hardware e configurar software da companhia. O resultado? Nada menos do que 40 certificações concedidas a oito de seus profissionais. Fábio Sidney, CEO da FDM Network, acredita que se dependesse apenas do investimento desses profissionais, muito provavelmente eles não as teriam obtido.
Segundo o executivo, é política da empresa investir na capacitação de seus funcionários, sejam eles da área que forem. “Inclusive, só recebe aumento salarial o funcionário que tiver realizado algum tipo de curso de extensão ou especialização relacionado às suas atividades cotidianas”, destaca Sidney, acrescentando que a FDM destina uma verba mensal especificamente a esses treinamentos. “Desde que relacionados ao seu trabalho na empresa, todos os cursos sugeridos pelos nossos funcionários são subsidiados de alguma forma. Em muitos casos, esse suporte financeiro chega a 100%”, orgulha-se o CEO. Ele conta que os treinamentos devem ser fora do horário de expediente.
Ele reconhece que quanto maior a capacitação de seu profissional, maior o risco de perdê-lo para concorrentes. "Esse risco torna ainda mais difícil a decisão de investir nos profissionais e este é um dos motivos pelos quais muitas empresas seguram investimentos nesse sentido", afirma. "É uma questão delicada, que envolve ética", diz Sidney. As alternativas para minimizar esse risco, segundo o executivo, são os contratos que obrigam a permanência do funcionário na empresa por um determinado tempo após a conclusão do treinamento ou o investimento em ações paralelas que garantam a satisfação desses profissionais. "A FDM investiu em uma série de programas envolvendo o RH e outras áreas da empresa para assegurar que nossos profissionais não queiram sequer ouvir outras propostas", revela.
A estratégia parece ter surtido efeito. “No último semestre não perdi nenhum profissional para o mercado”, celebra. E o motivo não foi a falta de propostas. Caio Esteves, analista de TI da FDM Network e um dos oito certificados nas tecnologias Systimax, conta que recebeu recentemente uma proposta de uma operadora de telecom, mas declinou. “O investimento e a aposta que a FDM deposita em mim me fazem, no mínimo, analisar com muito cuidado qualquer proposta para deixar a empresa. Um salário superior muitas vezes não compensa deixar o bom ambiente de trabalho e as boas oportunidades de crescimento que a empresa nos garante”, avalia.
Esteves discorda dos profissionais que congelam planos de carreira por medo da crise, embora compreenda o fato de muitos colegas temerem investir na certificação em tecnologias que podem, amanhã ou depois, desaparecer do mercado. “Eu sempre investi na minha especialização, invisto e continuarei investindo”, assegura, destacando que muitas certificações, embora oferecidas por um determinado fabricante, servem para produtos de outros. "Há especializações, como as da Cisco, que servem para soluções de outros fabricantes, como 3Com, Juniper e Enterasys", exemplifica. "Outras envolvem muitas questões de normas de mercado, que independem do fabricante."
Além das certificações nas tecnologias Systimax, o analista detém certificados da Microsoft e Cisco, entre outros tantos. “A FDM também me permitiu obter a certificação em Áudio Codes, tecnologia de telefonia IP”, lembra.
Em muitos casos, quando buscadas por companhias, essas certificações saem a preços inferiores àqueles de que quando procuradas individualmente pelos profissionais. Sidney conta que empresas como Linksys e a própria Áudio Codes, por exemplo, oferecem esses treinamentos aos funcionários de parceiros sem nenhum custo.
Quanto mais alto o nível de parceria entre o integrador e fabricante, maiores são os investimentos e benefícios concedidos pelo segundo ao primeiro. "Os benefícios são repassados em forma de treinamentos, bonificações, prêmios e treinamentos com profissionais estrangeiros dos fabricantes", afirma Alexandre Otto, CEO da IPconnection, outro integrador do mercado de TI e Telecomunicações.
Além disso, diz o executivo, há projetos em andamento que solicitam instalações fora do país. "Em muitos casos é mais vantajoso mandar um colaborador para o exterior do que firmar algum tipo de parceria com empresas locais", diz Otto, acrescentando ser esta outra excelente oportunidade de capacitação e experiência internacional a serem acrescentadas ao currículo do colaborador.
Otto conta que em 2008 sua empresa enfrentou dificuldades para encontrar no mercado profissionais qualificados e especializados para ocupar suas vagas em aberto. Foi quando a IPconnection decidiu investir em parcerias junto a fabricantes com os quais atua. "Colocamos mais pessoas nos cursos com parceiros e realizamos uma série de treinamentos internamente", revela, acrescentando que a IPconnection tem investido em práticas de compartilhamento e gestão do conhecimento na empresa.
Independentemente dos modelos de investimentos em especialização adotados pelos empregadores, no fim das contas, quem ganha é o seu colaborador, que, mesmo sem investir recursos próprios obtêm certificações e experiências para enriquecer seus currículos.
Fontes: http://www.convergenciadigital.com.br/cgi/cgilua.exe/sys/start.htm?infoid=18421&sid=46
Falando sobre Hyper-V:No Network when installing Windows Server 2008 Core as Guest OS | Windows Reference
Hyper-V:No Network when installing Windows Server 2008 Core as Guest OS
Before going through the process of installing the Integration Services on the Guest OS lets do some basic checks. Check if the VM guest is actually connected to a Virtual Network (should have already been created).
In the Hyper-V Manager, click the VM and then its settings button in the bottom right of the window. From the settings window, check if the network adapter is listed in the leftpane. If found, click on it to confirm the network connection and the MAC Address settings. Default is to assign Dynamic MAC Address but I rather prefer using a statiC MAC-Address for the reason it can avoid confusion during network troubleshooting.
If this looks good then let us proceed to install the integration services for the Guest OS.
While the VM is running, from the VM window menu, click Action and click “Insert Integration Services Setup Disk“. This should mount the VMGuest.iso as a CD/DVD drive. On mine, it mounted on drive D:
Browse to the drive on which it is mounted (D: here) and open the Support folder and then x86 or AMD folder based on your platform (x86 here) as follows:
C:UsersAdministrator> D:
D:> cd supportx86
D:supportx86>setup.exe
Here, you should find a setup.exe file, yes you guessed it, run the setup program to install the integration services. Click OK when prompted to confirm. Once installation is complete, reboot your VM and should find the Network available.
If this still doesn’t work, shutdown the Guest Windows Server 2008 Core and click settings then click “Add Hardware” then select “Legacy Network Adapter” and click Add. This should add a Legacy Network adapter in the leftpane, click on it and again select a Virtual Network, set MAC Address (if using static) and click OK. Reboot the Guest Windows Server 2008 Core installation and should find the network.
Citação
Hyper-V:No Network when installing Windows Server 2008 Core as Guest OS | Windows Reference
Euclides - Seu Blog de tecnologia. 