Directory & Identity Session Abstracts
Following is a sampling of the sessions that will be offered at The Experts Conference Europe for Directory & Identity 2010. We will be adding additional sessions and abstracts as speakers are selected.
Pre-Conference Workshops Workshops
Best Practices for Deploying Windows Server 2008 R2 PKI
Speaker: Brian Komar
Get ready for a hands-on best practices installation of Windows Server 2008 R2 PKI. This half-day workshop will include:
- Discussions on private key protection for offline and issuing CAs
- Planning your revocation checking infrastructure
- Deploying an offline root CA
- Deploying an online issuing CA
- Publishing PKI information to Active Directory
- Using Group Policy to facilitate certificate distribution
- Equipment for this workshop will be provided. Space is limited; register early.
Masters of Disaster – Data Recovery in Active Directory
Speaker: Jorge de Almeida Pinto , Guido Grillenmeier , Gil Kirkpatrick, Ulf B. Simon-Weidner
After replacing a failed domain controller, the most common recovery task in Active Directory involves restoring deleted or altered data. The process for recovering Active Directory data varies from version to version of Active Directory, and can be surprisingly complicated. In this workshop Jorge de Almeida Pinto, Guido Grillenmeier, and Gil Kirkpatrick will explain the way data is stored in Active Directory, how to properly recover object data from backup, how to reanimate deleted objects, and how to leverage the new Active Directory recycle bin. Equipment for this workshop will be provided. Space is limited; register early.
Keynote Sessions:
Speakers: Dan Plastina and Dean Wells
The Experts Conference for Directory & Identity will be kicked off by Dan Plastina, director of program management, Identity and Access, and Dean Wells, senior program manager, Directory Services, as well as program management leaders representing the complete Microsoft Identity stack. Join us for a look at the future of Microsoft’s key directory and identity technologies.
Directory Services Sessions:
ADFS 2.0 Deep Dive
Speaker: Brian Puhl
ADFS 2.0 is deployed, and now it’s time to dig in. Come join us as we dissect the claims rule language, explore debug techniques, and try to break (and then fix) as much as we can in an hour…
A DS Geek’s Notes from the Field – Active Directory Recovery Unveiled
Speaker: Ulf Simon-Weidner
You’ve got R2 and enabled Recycle-Bin, so no other actions are necessary to prepare for an AD-Recovery? Or you haven’t yet deployed R2 (or switched to the forest-level)? Are you aware that even with today’s possibilities are not prepared for every scenario? You have to blend in certain features. You also have to manage them and adjust your processes accordingly! This session will give you an insight into experiences and practices from a field perspective about what can go wrong, what should you do to manage and look after AD in a proactive way. In this session, you’ll hear experiences from the field about Active Directory Disaster-prevention and recovery among interesting thoughts, scripts and scenarios. Think beyond and get inspired. This session will distinguish you from the Admins who keep their CV updated in case anything goes wrong to the ones who are prepared instead.
Extending Certificate Enrollment Beyond Your Forest with Windows Clients
Speaker: Brian Komar
Windows Server R2 introduces two new features that can help you streamline your PKI and reduce the costs associated with your PKI. The first new feature is the ability to issue certificates from a CA in a resource forest to users and computers in account forests. The session will discuss the requirements to enable cross-forest enrollment, demonstrate the configuration, and discuss migration strategies from your existing PKI. The second new feature involves the two new Role Services in Active Directory Certificate Services: Certificate Enrollment Web Service and Certificate Enrollment Policy Web Service. These two role services open the possibility of autoenrollment of certificates to non-Windows devices (such as Linux workstations) by using HTTP as the enrollment protocol. The session also will look at how the HTTP-based enrollment works, how you define policies for enrollment, and discuss the implications of enabling HTTP-based enrollment.
Flying in the Clouds – How MSIT Manages Identity and Authorization with Cloud Services Azure,Exchange, LiveID Oh MY!
Speaker: Brian Puhl
What does an Identity Management team do as they watch applications and resources lift off into the sky? Come find out how the Microsoft IT IDM team has been leading through the adoption of Online Services (such as Exchange), integration with Live ID applications, and the mass migration of internal LOB applications to Windows Azure…while trying to maintain their sanity and security.
Hardcore Windows Troubleshooting
Speaker: Brian Desmond
In many organizations, Active Directory and Exchange support personnel are often the top of the escalation chain for Wintel support in general. In this session we’ll look at a number of scenarios that will demonstrate tried and tested troubleshooting methodologies and toolsets. Many of these scenarios are extremely frequent Wintel problems that are often also frequent PSS calls. This is a demo heavy talk – we’ll use sample applications written specifically for this session as well as data from actual customer issues to troubleshoot live.
How to Not Screw Up Your PKI Development
Speaker: Brian Komar
If you want to learn from the mistakes performed by others, this is the session for you. The session will look at the Top 10 most common deployment mistakes when deploying a PKI in your network.
Inside Kerberos
Speaker: Brian Desmond and Joe Kaplan
In this session we’ll discuss how Kerberos and Active Directory integrate as well as how the various Kerberos message sequences which are critical to using AD operate. We will look at the role of the KDC, authentication requests, service tickets, service principal names, etc.
Locating Domain Controllers for AuthN and SYSVOL/NETLOGON Access
Speaker: Jorge de Almeida Pinto
This session will focus on locating Active Directory Domain Controllers for two very important processes. The first process is authenticating accounts in AD followed by the process to access data stored on the SYSVOL/NETLOGON shares such as for example GPOs and logon scripts. Each purpose uses its own mechanism to locate a domain controller to service the request made. Both processes will be explained how these work under the hood and how these interact with each other.
Operating RODCs in the DMZ – Improvements with Windows Server 2008 R2
Speaker: Guido Grillenmeier
Windows Server 2008 was the first OS that allowed us to safely deploy RODCs in the DMZ – this approach can helps you to reduce the costs of managing multiple AD forests in the DMZ and simplify overall management of the DMZ. It was and is a key reason for HP to leverage RODCs quite to the surprise of Microsoft at the time. In the meantime this solution has been embraced by Microsoft and further work has been done in R2 to improve the manageability of this solution. This session will recap where RODCs in the DMZ are a good fit in your enterprise and how the solution has become even more attractive with Windows Server 2008 R2.
Provisioning Architectures – How to Optimize it for AD and the Rest of IT
Speaker: Martin Kuppinger
In this presentation, Martin Kuppinger will discuss different architectures for identity provisioning, GRC, and IT service management from the viewpoint of Active Directory architects. Provisioning projects using the typical monolithic architectural approach often run into problems because different system environments like SAP and Active Directory have specific issues which need to be addressed with a single provisioning technology. Modern provisioning architectures can accommodate these specific needs and can help IT organizations avoid many of the organizational and “political” issues these projects can create. Martin Kuppinger will discuss in detail the pros and cons of different architectural approaches for overall IT requirements as well as for AD-specific requirements.
Under the Hood: What _Really_ Happens During Critical Active Directory OperationsUpgrading Domains from Windows Server 2003 to Windows Server 2008+
Speaker: Ulf B. Simon-Weidner
In this session we will take away the fear – or make you really scared: are you fully aware what “critical” operations in AD really do? We will look at those operations and look into the details what they are doing, to distinguish whether they are critical to our environment or not. With a lot notes from the field, approaches to challenges and scenarios on how to manage the associated risks and prepare for rollback.
Virtualizing Active Directory with Hyper-V and System Center Virtual Machine Manager
Speaker: Guido Grillenmeier
This session will desribe the benefits and the risks of virtualizing AD on Hyper-V from an enterprise deployment of Hyper-V. There are various aspects of virtualization and how it may impact the operation of your AD infrastructure, that are critical to understand before making the decision either for or against virtualizing your AD domain controllers. This session will share the expericence gained from a large scale, global Hyper-V deployment, centrally managed through SCVMM, which included the partial virtualization of AD.
Forefront Identity Manager (FIM) Sessions
Advanced Workflow in FIM 2010 – One Year Later
Speaker: Jeremy Palenchar
Get ready for an in-depth look at workflows in FIM 2010. Last year, we did self-service password reset using a cell phone. One year later, a lot has been learned about workflows in FIM. We’ll revisit the password reset scenario and examine some common patterns for developing advanced workflows in FIM. Attendees will leave this session with a solid understanding of workflow in FIM 2010 and several examples of Enterprise-class workflows suitable for their environment. Tips for making your workflows manageable, flexible, and scalable will also be given.
Applying Policy Retroactively with FIM 2010
Speaker: Brad Turner
What do you do when you need to apply policy across a subset of users and can’t wait for a new request or set transition? How can you use policy to apply targeted actions or workflows to a set of users? How do you apply that Provisioning Sync Rule you worked so hard to build on all of your pre-existing AD accounts? This session will discuss the finer points of using the Run On Policy Update (ROPU) Workflow feature to solve these problems and discuss common pitfalls. Don’t get roped into a corner, add ROPU as the next tool in your FIM arsenal.
Automating FIM Deployments with Microsoft PowerShell
Speaker: Craig Martin
In a FIM deployment of any size, administrators will want to automate the management and maintenance of their servers and configuration as much as possible. Come to this interactive and demo-filled session to see real-world examples of Powershell automation and scripts that you can use to improve your FIM maintenance experience. Whether you are new to the Powershell “game” or a seasoned pro, you will find tips, tricks, and advice that you can start using right away within your environment.
Developer Tools for the FIM IT Pro
Speakers: Craig Martin and Jeremy Palenchar
You’ve sat through presentations telling you how to diagnose a failing project, but how do you revive it? Turns out as an industry we are very bad at what we do, so sit in and hear tips for successfully deploying FIM projects. This session balances stodgy methodology coverage with interesting tools and techniques for deployment and test automation.
FIM 2010 Performance Tuning (SQL and more)
Speaker: David Lundell
Learn how to tune FIM 2010 to make it scream. Take a look at the various architectures and what they buy you. Learn how crucial SQL is to FIM performance and what to do about it. You’ll also learn tips for workflows and the FIM web service and receive a crash course in the SQL Server Optimization.
Logging and Auditing in FIM 2010
Speakers: Jeremy Palenchar and Gil Kirkpatrick
FIM provides a rich logging and auditing architecture out of the box. However, accessing this information can be tricky. In this session, we will present a methodology and the source code necessary to extract the logging and auditing information from the FIM system and store it in a user-friendly data warehouse. The solution leverages the ILM Sync engine and SQL Reporting Services so it will be easy to integrate into any FIM solution. This session promises to take logging and auditing from boring and painful to fun and easy.
Proper Care and Feeding of Your Databases: FIM, ILM, CLM, RMS, SharePoint and OCS
Speaker: David Lundell
Without proper care and feeding of your databases (FIM Meta Directory Services, FIM Certificate Services, FIM Web Service, RMS, SharePoint and OCS logging), chaos will result. Learn to conquer the chaos as David Lundell, SQL expert and ILM/FIM MVP, teaches you appropriate backup strategies, database and index maintenance tactics, and performance optimization tricks including guidance on fillfactor settings for SharePoint. You will also receive a crash course in the SQL Transaction Log, SQL Recovery Models, Database Maintenance Plans, Index Optimization, SQL Backups, and SQL Agent Jobs.
