Last week I attended a four-day training session titled Windows Server 2012 R2 Capabilities, Administration and Support. The class consisted of nine modules with nine labs. While this class was primarily directed at Windows Administrators to provide a general overview of the operating system, it did provide a few great snippets of information, but also a few terrible ones. I’ll try to keep this as brief and yet informative as possible…I’m sorry about the wall of text.
The first day was an overview of new and exciting features in Server 2012 followed by an introduction to PowerShell administration.
This is the most important day of class for someone new to Server 2012. The first half of the day introduced the new layout of Server 2012. It’s the same design as Windows 8, so it is very daunting to the average person who hates 8. The instructor spent awhile explaining how to avoid the start screen and how to find programs and pin them to the desktop or taskbar.
A lot of time was spent looking at the new Server Manager. I want to use Server 2012 exclusively just for that dashboard. It’s that awesome. Besides looking cool, most important configurations are right there; no need to hunt all over the system.
Remote administration is great in Sever 2012. Now you can create Server Groups and add servers to those groups using Server Manager. You don’t have to log into every box or use complex PowerShell statements. It’s a bit like having a Central Management Server in SQL Server. I don’t know all the limitations yet, but I plan to explore soon.
Interesting note: If you promote a server to a Domain Controller using the GUI, everything works normally. If you promote via PowerShell, Server Manager will forever have a task assigned asking you to promote to a DC. Supposedly this is fixed for Windows 10, but it is a low priority fix never going to happen in Server 2012.
The PowerShell module was little more than an introduction on how to open PowerShell and use Get-Help. Throughout the rest of the class, scripts were provided to complete tasks as an alternative to the GUI, but learning PowerShell takes more than one or two rushed hours. I pitied anyone there who had never touched PowerShell; I’m sure all it did was reinforce their idea that PowerShell is too complicated to learn.
My one piece of advice is that you triple check that you are on the correct machine before you run a PowerShell script! To my own embarrassment, I admit that I had to troubleshoot and repair configurations more than once because I wasn’t paying attention to which Virtual Machine I was playing on.
The next two days were mostly a blur of features that I will probably never touch again, except perhaps in lab scenarios. I’ll briefly mention a few things.
One module consisted of Hyper V setup and administration. All the virtual machines used Hyper V, and the class started feeling like a marketing ploy to convert your existing environment to Hyper V. The feature looks nice; I just wish my home processor supported SLAT so I could run it. I’ll stick with Virtual Box till I upgrade hardware.
Also mentioned today were ISCSI Storage, Data Deduplication – this sounds useful for reducing storage sizes, Work Folders, Dynamic Access Control, and Offload Data Transfer. The instructor skipped a section on DAC Management.
Labs consisted of joining to a domain, setting up a SCSI disk, preparing virtual machines for SAN storage using Storage Roles, creating an ISCSI target, and connecting to the ISCSI target. There was mention that two of the virtual machines will be clustered later in the week. Cool!
If you are interested in working with Server Core, but are afraid to make the jump, you can install the GUI, configure the server, and then uninstall the GUI. Optionally you can leave Server Manager available or go straight to the minimal core setup and just do your administration remotely. Sounds pretty cool, and I plan to play with this feature in home labs too.
Active Directory & Networking were the topics for the third day of class. Another day of topics that were mostly over my head and that I would not have access to in my regular role.
A few notes:
- No support for Domain controllers in a live environment for virtualization.
- Prior to 2012, restarting or restoring a DC could cause failure when the RID pool would issue RIDs below the pool amount from the rest of the DCs. Server 2012 now validates the pool before issuing RIDs.
- Recycle Bin must be enabled for recoverable objects in AD
- New or upgraded features: DHCP Failover, Policy based admin, PowerShell DHCP module, DHCP integration with DNS
- IPAM: new feature that doesn’t work that well. It works till it breaks, then you are doomed. Manages IP addresses, domain names, and device identities (instead of using something like Excel)
- DCPromo is deprecated, but still available through PowerShell. Evidently the Microsoft instructor still prefers using deprecated features. Curious.
- In 2012, you can restore an AD user using “Restore To” to eliminate the issue of having to restore the entire structure of an old user, this will let you put them anywhere without issue.
Now for the crazy scenario of Day 3…
While setting up new accounts using Active Directory Administrative Center, the instructor was apparently showing user passwords in clear text. Someone pointed this out, and the instructor began a VERY long discussion on why this is not a security issue. He argued that administrators should be able to see any account’s password if they created it. After pressing that this is a major security hole, he spoke with an AD Admin he knew. Finally he realized that the field in question was actually the user account field, he was incorrectly typing the password there. Crisis averted…but the fallout remains.
WHY would a Microsoft employee defend the idea that clear text passwords are not a security flaw? This still is very concerning to me. In this hypothetical situation, I don’t care if you audit logins; if the admins steal user passwords, that they can plainly see, it would be tracked, sure, but we know people share passwords with other accounts even if it’s a horrible security practice. Why would you make it so easy for an admin to possibly gain access to someone’s email, utility logins, or bank accounts? I could write a whole, very long blog about this, so I will move on.
Rushing to finish early on Friday, we covered three modules on Thursday, the last one being Failover Clustering. I had been waiting all week for this one! Too bad it was marred by marketing lies.
First, the cool aspects. We got to build a failover cluster using virtual machines. However, it went perfectly, so obviously this was not a real world scenario! Nothing much to report about the cluster creation, but if you have made few or no clusters, this part of the class is fun.
A few “new” features:
New in Server 2012! One node clusters! Yet in 2005…
New in Server 2012! Split Brain scenarios gone! Quorums have been around for a while.
The last day was a blur of 80 slides smashed into about an hour, and then a lab that was demoed to us with the hopes that we would work along with the instructor. Lots of rush to get us out the door on the last day. Not much I can say about the day, because I did not have a lot of time to write notes or process the information.
Remote Desktop Services was the topic of the day. This can be installed via Server Manager, and then administered from the same spot. Weird caveat here is that everything grayed out is installed, while anything highlighted in green has not been deployed. The appearance is a bit misleading.
Major issues throughout the class were out-of-date lab documentation, duplicate labs, typos, and generally bad directions. For instance, the written instructions directed us to use the laptop has a host machine, but in reality we should have used one of the virtual machines. Another time, an earlier lab invalidated the directions for a later lab. We had to undo our earlier work (once the instructor realized the error) so that the later lab could be completed. The three huge hard copy manuals were even further out of date than the electronic copies. They were nothing more than a massive waste of paper.
The first day of the class is great for someone who is scared to work with Server 2012. It should dispel the fears of a new layout and excite you for all the new features at your fingertips. Beyond that, the benefit of the class is limited to those who would be dealing with every feature on a day-to-day basis. While I appreciate knowing a bit more of server administration, I feel that reading a few articles and then working in a 2012 virtual environment for a few hours would have been just as effective, if not more so.