Eric S.

Uy

Active Directory Certificate Services Overview

Updated: March 31, 2008
Applies To: Windows Server 2008, Windows Server 2008 R2
Active Directory Certificate Services (AD CS) provides customizable services for issuing and managing public key certificates used
in software security systems that employ public key technologies.
In the following sections, learn more about AD CS, the required and optional features, and hardware and software used for running
AD CS. At the end of this topic, learn how to open the management interface for AD CS and how to find more information.
Features in AD CS
By using Server Manager, you can install the following components of AD CS:
Certification authorities (CAs). Root and subordinate CAs are used to issue certificates to users, computers, and services, and
to manage certificate validity.

CA Web enrollment. Web enrollment allows users to connect to a CA by means of a Web browser in order to request certificates
and retrieve certificate revocation lists (CRLs).

Online Responder. The Online Responder service accepts revocation status requests for specific certificates, evaluates the
status of these certificates, and sends back a signed response containing the requested certificate status information.

Network Device Enrollment Service. The Network Device Enrollment Service allows routers and other network devices that do
not have domain accounts to obtain certificates.

Certificate Enrollment Web Service. The Certificate Enrollment Web Service enables users and computers to perform
certificate enrollment that uses the HTTPS protocol. Together with the Certificate Enrollment Policy Web Service, this enables
policy-based certificate enrollment when the client computer is not a member of a domain or when a domain member is not
connected to the domain.

Certificate Enrollment Policy Web Service. The Certificate Enrollment Policy Web Service enables users and computers to
obtain certificate enrollment policy information. Together with the Certificate Enrollment Web Service, this enables policy-based
certificate enrollment when the client computer is not a member of a domain or when a domain member is not connected to the
domain.
Benefits of AD CS
Organizations can use AD CS to enhance security by binding the identity of a person, device, or service to a corresponding private
key. AD CS gives organizations a cost-effective, efficient, and secure way to manage the distribution and use of certificates.
Applications supported by AD CS include Secure/Multipurpose Internet Mail Extensions (S/MIME), secure wireless networks, virtua
private network (VPN), Internet Protocol security (IPsec), Encrypting File System (EFS), smart card logon, Secure Socket
Layer/Transport Layer Security (SSL/TLS), and digital signatures.
The new features of AD CS in Windows Server 2008 R2 include:
Certificate enrollment that uses the HTTPS protocol.

Certificate enrollment across Active Directory Domain Services (AD DS) forest boundaries.

Improved support for high-volume certificate issuance.

Support for CAs on a Server Core installation of Windows Server 2008 R2.

Hardware and software considerations

Although AD CS can be deployed on a single server, many deployments will include multiple servers configured as CAs, other
servers configured as Online Responders, and others serving as Web enrollment portals. CAs can be installed on servers running a
variety of operating systems, including Windows Server 2008 R2, Windows Server 2008, Windows Server 2003, and Windows 2000
Server. However, not all operating systems support all features or design requirements, and creating an optimal design will require
careful planning and testing before you deploy AD CS in a production environment.
Installing AD CS
After you finish installing the operating system, you can use Server Manager to set up a CA and other optional components.
Additional configuration steps need to be completed by using the appropriate snap-ins before a CA or Online Responder is
functional. For more information, refer to the related Help topics for the Certification Authority snap-in and the Online Responder
snap-in.
Managing AD CS
You can use either Server Manager or Microsoft Management Console (MMC) snap-ins to manage AD CS role services. Use the
following steps to open the snap-ins:
To manage a CA, use the Certification Authority snap-in. To open the Certification Authority snap-in, click Start, click Run
type [Link], and click OK.
To manage certificates, use the Certificates snap-in. To open the Certificates snap-in, click Start, click Run, type [Link]
and click OK.

To manage certificate templates, use the Certificate Templates snap-in. To open the Certificate Templates snap-in, click Start
click Run, type [Link], and click OK.

To manage an Online Responder, use the Online Responder snap-in. To open the Online Responder snap-in, click Start, click Run
type [Link], and click OK

Active Directory Domain Services Overview

Updated: April 25, 2007
Applies To: Windows Server 2008, Windows Server 2008 R2
By using the Active Directory® Domain Services (AD DS) server role, you can create a scalable, secure, and manageable
infrastructure for user and resource management, and you can provide support for directory-enabled applications, such as
Microsoft® Exchange Server.
In the following sections, learn more about AD DS, features in AD DS, and software and hardware considerations. For more
information about planning, deploying, and operating the AD DS server role, see Active Directory Domain Services
([Link]

What is the AD DS server role?

AD DS provides a distributed database that stores and manages information about network resources and application-specific data
from directory-enabled applications. Administrators can use AD DS to organize elements of a network, such as users, computers
and other devices, into a hierarchical containment structure. The hierarchical containment structure includes the Active Directory
forest, domains in the forest, and organizational units (OUs) in each domain. A server that is running AD DS is called a domain
controller.
Organizing network elements into a hierarchical containment structure provides the following benefits:
The forest acts as a security boundary for an organization and defines the scope of authority for administrators. By default, a
forest contains a single domain, which is known as the forest root domain.
Additional domains can be created in the forest to provide partitioning of AD DS data, which enables organizations to replicate
data only where it is needed. This makes it possible for AD DS to scale globally over a network that has limited available
bandwidth. An Active Directory domain also supports a number of other core functions that are related to administration, including
network-wide user identity, authentication, and trust relationships.

OUs simplify the delegation of authority to facilitate the management of large numbers of objects. Through delegation, owners can
transfer full or limited authority over objects to other users or groups. Delegation is important because it helps to distribute the
management of large numbers of objects to a number of people who are trusted to perform management tasks.

Features in AD DS
Security is integrated with AD DS through logon authentication and access control to resources in the directory. With a single
network logon, administrators can manage directory data and organization throughout their network. Authorized network users
can also use a single network logon to access resources anywhere in the network. Policy-based administration eases the
management of even the most complex network.
Additional AD DS features include the following:
A set of rules, the schema, that defines the classes of objects and attributes that are contained in the directory, the constraints
and limits on instances of these objects, and the format of their names.

A global catalog that contains information about every object in the directory. Users and administrators can use the global catalog
to find directory information, regardless of which domain in the directory actually contains the data.

A query and index mechanism, so that objects and their properties can be published and found by network users or applications.

A replication service that distributes directory data across a network. All writable domain controllers in a domain participate in
replication and contain a complete copy of all directory information for their domain. Any change to directory data is replicated to
all domain controllers in the domain.
 Feature Description

Active Directory Administrative Center provides users and network

Active
administrators with an improved data management experience and a rich graphical user interface (GUI) to perfor
Directory
common Active Directory object management tasks. Built on Windows PowerShell™ technology, Active Directo
Administrative
Administrative Center makes it possible for users and network administrators to administer directory servic
Center
objects through both data-driven navigation and task-oriented navigation.

The Active Directory module for Windows PowerShell is a command-line interface that administrators can use
Active configure and diagnose all instances of Active Directory Domain Services (AD DS) and Active Directory Lightweig
Directory Directory Services (AD LDS) in their environments.
module for This feature includes a set of Windows PowerShell cmdlets and a provider. The provider exposes th
Windows Active Directory database through a hierarchical navigation system, which is very similar to the file system. As wit
PowerShell drives in a file system (C:, D:), you can connect Windows PowerShell drives to Active Directory domains an
AD LDS instances, as well as Active Directory snapshots.
Active Directory Recycle Bin minimizes directory service downtime by improving the ability to preserve and restor
accidentally deleted Active Directory objects without having to restore Active Directory data from backups, resta
AD DS, or restart domain controllers. When Active Directory Recycle Bin is enabled, all link-valued and non-lin
valued attributes of the deleted objects are preserved and the objects are restored in their entirety to the sam
Active
consistent logical state that they were in immediately before deletion. For example, restored user accoun
Directory
automatically regain all group memberships and corresponding access rights that they had within and acros
Recycle Bin
domains immediately before deletion. Active Directory Recycle Bin is functional for both AD DS and AD
environments.
Active Directory Recycle Bin requires the Windows Server 2008 R2 forest functional level, and it is disabled b
default. To enable it, you can use [Link] or the Windows PowerShell Enable-ADOptionalFeaturecmdlet.
Active ADWS is a Windows service that provides a Web service interface to AD DS and AD LDS directory service instance
Directory Weband to Active Directory snapshots that are running on the same Windows Server 2008 R2 server as ADWS. ADWS
Services (ADWS)installed automatically when you add the AD DS or AD LDS server roles to your Windows Server 2008 R2 server.
Authentication Mechanism Assurance packages information about the type of logon method (smart card or use
name/password) that is used to authenticate domain users inside each user’s Kerberos token. When this feature
Authenticationenabled in a network environment that has deployed a federated identity management infrastructure, such a
Mechanism Active Directory Federation Services (AD FS), the information in the token can then be extracted whenever a us
Assurance attempts to access any claims-aware application that has been developed to determine authorization based on
user’s logon method.
Authentication Mechanism Assurance requires the Windows Server 2008 R2 domain functional level.
An offline domain join is a new process that computers running Windows® 7 or Windows Server 2008 R2 can us
Offline domain join
to join a domain. The offline domain join process can complete the domain join operation without netwo
connectivity.
 • Operations master roles (also known as flexible single master operations or FSMO). Domain controllers that hold operations
master roles are designated to perform specific tasks to ensure consistency and eliminate conflicting entries in the directory.

Identity Management for UNIX

Identity Management for UNIX is a role service of AD DS that can be installed only on domain controllers. Two Identity
Management for UNIX technologies, Server for NIS and Password Synchronization, make it easier to integrate computers running
Microsoft Windows® into your existing UNIX enterprise. AD DS administrators can use Server for NIS to manage Network
Information Service (NIS) domains. Password Synchronization automatically synchronizes passwords between Windows and UNIX
operating systems.

Installing the AD DS server role

After you finish installing the operating system, you can use Initial Configuration Tasks or Server Manager to install server roles. To
install the AD DS server role, click Add roles to start the Add Roles Wizard, and then click Active Directory Domain Services
Follow the steps in the Add Roles Wizard to install the files for the AD DS server role. After you complete the Add Roles Wizard,
click the link to start the Active Directory Domain Services Installation Wizard.
Follow the steps in the Active Directory Domain Services Installation Wizard to complete the installation and configuration of your
domain controller. Most wizard pages have a Help link for more information about the settings that you can configure.
To automate domain controller installations, you can use an answer file or you can specify unattended installation parameters at
the command line. For more information about installing AD DS, see the AD DS Installation and Removal Step-by-Step Guide
([Link]

Managing the AD DS server role

You can manage server roles with Microsoft Management Console (MMC) snap-ins. To manage a domain controller (that is, a
server that is running AD DS), click Start, click Control Panel, click Administrative Tools, and then double-click the appropriate
snap-in:
To manage Active Directory objects by using the newest GUI tool, with improved options for viewing and managing
Active Directory data, click Active Directory Administrative Center.

To manage Active Directory objects by using a predefined set of Windows PowerShell cmdlets and a provider, click Active
Directory Module for Windows PowerShell.

To manage user and computer accounts, click Active Directory Users and Computers.
To manage Active Directory trusts, functional levels, and forest-wide operations master roles, click Active Directory Domains
and Trusts.

To manage Active Directory sites and site links, click Active Directory Sites and Services.

As an alternative, you can double-click the appropriate snap-in on the Active Directory Domain Services page in Server
Manager.
Experienced programmers and system administrators can manage the Active Directory schema, but the Active Directory Schema
snap-in is not installed by default. In addition, the [Link] file must be registered before the snap-in can be installed.
To install the Active Directory Schema snap-in
Click Start, right-click Command Prompt, and then click Run as administrator.
If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Yes.
At the command prompt, type the following command, and then press ENTER:
regsvr32 [Link]
Click OK to close the dialog box that confirms that the operation succeeded.
Click Start, click Run, type mmc, and then click OK.
If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Yes.
On the File menu, click Add/Remove Snap-in.
Under Available snap-ins, click Active Directory Schema, click Add, and then click OK.
To save this console, on the File menu, click Save.
In the Save As dialog box, do one of the following:
To place the snap-in on the Administrative Tools menu, in File name, type a name for the snap-in, and then clickSave.

To save the snap-in to a location other than the Administrative Tools folder, in Save in, navigate to a location for the snap-in
In File name, type a name for the snap-in, and then click Save.

Active Directory Federation Services

Active Directory Federation Services (AD FS) simplifies access to systems and applications using a claims-based access (CBA)
authorization mechanism to maintain application security. AD FS supports Web single-sign-on (SSO) technologies that help
information technology (IT) organizations collaborate across organizational boundaries. AD FS 2.0 is a downloadable
Windows Server 2008 update that is the successor to AD FS 1.0, which was first delivered in Windows Server 2003 R2, and
AD FS 1.1, which was made available as a server role in Windows Server 2008 and Windows Server 2008 R2. Previous versions o
AD FS are referred to collectively as AD FS 1.x.

Active Directory Lightweight Directory Services Overview

Updated: November 5, 2012
Applies To: Windows Server 2008, Windows Server 2012
By using the Windows Server® 2008 Active Directory® Lightweight Directory Services (AD LDS) role, formerly known as
Active Directory Application Mode (ADAM), you can provide directory services for directory-enabled applications without incurring
the overhead of domains and forests and the requirements of a single schema throughout a forest.
In the following sections, learn more about the AD LDS server role, the features in it, and the software and hardware
considerations for installing it.

What is the AD LDS server role?

AD LDS is a Lightweight Directory Access Protocol (LDAP) directory service that provides flexible support for directory-enabled
applications, without the dependencies that are required for Active Directory Domain Services (AD DS). AD LDS provides much of
the same functionality as AD DS, but it does not require the deployment of domains or domain controllers. You can run multiple
instances of AD LDS concurrently on a single computer, with an independently managed schema for each AD LDS instance.
AD DS provides directory services for both the Microsoft® Windows Server server operating system and for directory-enabled
applications. For the server operating system, AD DS stores critical information about the network infrastructure, users and
groups, network services, and so on. In this role, AD DS must adhere to a single schema throughout an entire forest.
The AD LDS server role, on the other hand, provides directory services specifically for directory-enabled applications. AD LDS does
not require or rely on Active Directory domains or forests. However, in environments where AD DS exists, AD LDS can use AD DS
for the authentication of Windows security principals.

When should I use the AD LDS server role?

The following sections describe common AD LDS enterprise directory solutions.
Providing an enterprise directory store
AD LDS is a full-fledged LDAP directory solution for enterprises. All directory-enabled enterprise applications can use AD LDS as
their directory store.
AD LDS can store “private” directory data, which is relevant only to the application, in a local directory service—possibly on the
same server as the application—without requiring any additional configuration to the server operating system directory. This data,
which is relevant only to the application and which does not have to be widely replicated, is stored solely in the AD LDS directory
that is associated with the application. This solution reduces replication traffic on the network between domain controllers that
serve the server operating system directory. However, if necessary you can configure this data to be replicated between multiple
AD LDS instances.
Enterprise applications must often store personalization data that is associated with authenticated users in AD DS. Storing this
personalization data in AD DS would require AD DS schema changes. In this scenario, an application can use AD LDS to store
application-specific data, such as policy and management information, while it uses the user principals in AD DS for authentication
and for controlling access to objects in AD LDS. Such a solution makes it unnecessary for each AD LDS directory to have its own
user database. Therefore, this solution prevents a proliferation of user IDs and passwords for end users every time a new
directory-enabled application is introduced to the network.

Providing an extranet authentication store

Consider the example of a Web portal application that manages extranet access to corporate business applications and services
identities that are external to the corporate AD DS. Another example might be a hosting scenario in which a provider offers
domain and storage services to its customers by maintaining and updating customer-dedicated Web or data servers, with no
customers having access to these servers.
These servers and portal applications that are deployed in an extranet have custom identity needs. They require an authentication
store to save authorization information for the identities that they service. AD LDS is a good candidate for this authentication store
because it can host user objects that are not Windows security principals but that can be authenticated with LDAP simple binds. In
other words, Web clients can be serviced by portal applications that can run on any platform while they use AD LDS as a simple
LDAP authentication store.
If a portal application that you deploy in an extranet must service internal AD DS-authenticated identities that are currently
located outside the corporate firewall, you can still deploy AD LDS as the authentication store with the corporate account
credentials of these identities provisioned on the extranet instances of AD LDS, as shown in the following illustration.
You can also deploy AD LDS as an extranet authentication store along with Active Directory Federation Services (AD FS). This
configuration enables Web single-sign-on (SSO) technologies to authenticate users to multiple Web applications with a single user
account. For more information, see Active Directory Federation Services Overview ([Link]

Consolidating identity systems

You may have a scenario in which a data model restriction, such as a single LDAP partition view or a single organizational unit
(OU) view, is imposed on an enterprise directory-enabled application that must access data that is associated with AD DS
authenticated users, applications, or network resources that are located in multiple forests, domains, or OUs in the enterprise.
Identity information for this directory-enabled application must be consolidated from multiple Active Directory forests, domains
and OUs or from multiple identity systems and other directories, such as human resource databases, SAP databases, telephone
directories, and so on.
AD LDS offers a consolidating directory solution because you can deploy it along with a metadirectory. Metadirectories, such as
Microsoft Forefront Identity Manager (FIM), can provide directory-enabled applications with a unified view of all known identity
information about enterprise users, applications, and network resources by performing identity integration, directory
synchronization, account provisioning and deprovisioning, and password synchronization between AD DS and AD LDS, as shown in
the following illustration.
Providing a development environment for AD DS and AD LDS
Because AD LDS uses the same programming model and provides virtually the same administration experience as AD DS, it can
be a good fit for developers who are staging and testing various Active Directory-integrated applications. For example, if an
application under development requires a different schema from the current server operating system AD DS, the application
developer can use AD LDS to provide the application with a tailored schema that works for business needs, data requirements, and
workflow processes, without altering the configuration of the corporate Active Directory deployment. Developers can work with an
AD LDS instance without the need for a complicated setup and later move the application to AD DS. Developers may want a
directory that they can easily program to without requirements for extensive setup or hardware support during the development
process. This can be achieved through AD LDS as it can easily be installed and uninstalled on any Windows Server 2008 computer.
This allows rapid restoration to a clean state during the application prototyping and development process.
Providing a configuration store for distributed applications in Windows Server
You may have a distributed application that requires a configuration store with multimaster update and replication capabilities to
service its multiple components, for example, a firewall application that accesses network and application ports data, a junk mail
filtering application that accesses e-mail address lists, or a workflow application that accesses enterprise and policy data. You can
deploy AD LDS as a lightweight configuration store for such applications, as shown in the following illustration.
In this scenario, an AD LDS instance that serves as the application's configuration store is bundled with a distributed application.
This way, application designers do not have to be concerned about the availability of a directory service before the installation of
the application. Instead, they can include AD LDS as a part of their application’s installation process to ensure that the application
has access to a directory service immediately upon installation. The application then configures and manages AD LDS entirely on
its own or partially, depending on the application’s exposure to the AD LDS management, and it uses AD LDS to address its
various data requirements.
Migrating legacy directory-enabled applications
Your organization may use an already established directory with X.500-style naming (O=<organization>,C=<country>) to serve
various legacy applications, but it may also want to migrate its enterprise directory to AD DS. In this scenario, you can use AD LDS
as an interim solution. You can deploy AD LDS to serve and provide support for the legacy applications that rely on X.500-style
naming, while you can use AD DS in the enterprise to provide a shared security infrastructure. You can use a metadirectory, such
as FIM, to automatically synchronize the data in AD DS and AD LDS for a seamless migration experience. The following illustration
describes this AD LDS deployment.
Features in the AD LDS server role
You can use the AD LDS server role to create multiple AD LDS instances on a single computer. Each instance runs as a separate
service in its own execution context. The AD LDS server role includes the following features to make it easy to create, configure,
and manage AD LDS instances:
A wizard that guides you through the process of creating an AD LDS instance

Command-line tools for performing unattended installation and removal of AD LDS instances

Feature Description

Install from With this feature, you can use a one-step [Link] or [Link] process
Media (IFM) to
Generation create installation media for subsequent AD LDS installations.
With this feature, you can set up AD LDS auditing with a new audit
subcategory
to log old and new values when changes are made to objects and their
Audit AD attributes.
LDS changes
Note
This feature also applies to AD DS. For more information, see AD DS:
Auditing ([Link]
Data Mounting With this feature, you can view directory data that is stored online in
Tool snapshots
That are taken at different points in time to better decide which data to
restore,
 without having to restart the server.
Note
This feature also applies to AD DS. For more information, see AD DS: Data
Mounting Tool ([Link]
With this feature, you can use the Active Directory Sites and Services snap-in
to
manage replication among AD LDS instances. To use this tool, you must
Support for import
Active theclasses in [Link] to extend the schema of a
Directory Sites configuration that you want to manage. To connect to an AD LDS instance
and Services that hosts
your configuration set, specify the computer name and the port number of a
server
that hosts this AD LDS instance.
Dynamic list
of LDAP Data
With this feature, you can make custom LDIF files available during AD LDS
Interchange
instance
Format
setup—in addition to the default LDIF files that are provided with AD LDS—
(LDIF) files
by adding the files to the %systemroot%\ADAM directory.
during instance
setup
With this feature, you can create a single LDAP query that can follow
Recursive nested attribute
linked-attribute links. This can be very useful in determining group membership and
queries: ancestry

Microsoft Management Console (MMC) snap-ins for configuring and managing AD LDS instances, including the schema for each
instance

AD LDS-specific command-line tools for managing, populating, and synchronizing AD LDS instances
In addition to these tools, you can also use many Active Directory tools to administer AD LDS instances.
The Windows Server 2008 operating system includes the additional AD LDS features in the following table.

In the Windows Server 2008 R2 operating system, AD LDS includes the following new features (also available for AD DS in
Windows Server 2008 R2) that help improve its manageability and supportability:
Active Directory Recycle Bin: Enhances your ability to preserve and recover accidentally deleted Active Directory objects. For more
information, see What's New in AD DS: Active Directory Recycle Bin ([Link]

Active Directory PowerShell: Provides command-line scripting for administrative, configuration, and diagnostic tasks, with a
consistent vocabulary and syntax. For more information, see What's New in AD DS: Active Directory PowerShel
([Link]

Active Directory Web Services: Provides a Web service interface to Active Directory domains, AD LDS instances, and
Active Directory Database Mounting Tool instances. For more information, see What's New in AD DS: Active Directory Web
Services ([Link]

Hardware and software considerations

Use performance counters, testing in the lab, data from existing hardware in a production environment, and pilot roll-outs to
determine the capacity needs for your server.
Note
A limited set of server roles is available for the Server Core installation option of Windows
Server 2008 and for Windows Server 2008 for Itanium-Based Systems.

Installing AD LDS
To install AD LDS on Windows Server 2012
Open Server Manager Dashboard, click Add roles and features.
On the Before you begin page, select Role-based or Feature-based installation and then select the option Select a server
from the server pool.
Select the server name, and follow the rest of the instructions on the AD LDS installation wizard.
To install AD LDS on Windows 8
In Windows 8, AD LDS is listed within Windows Features. To install AD LDS, open control panel, click Programs, click Turn
Windows features on or off, select Active Directory Light Weight Directory Services
Follow the rest of the instructions on the installation wizard.
Note
AD LDS is not supported on Windows Vista and earlier clients.
To install AD LDS on Windows Server 2008 and Windows Server 2008 R2
After you finish installing the operating system, a list of initial configuration tasks appears.
To install AD LDS, in the list of tasks, click Add roles, and then click Active Directory Lightweight Directory Server.
After you add the AD LDS server role to your server, you can create an AD LDS instance. To create an AD LDS instance
click Start, point to Administrative Tools, and then click Active Directory Lightweight Directory Services Setup Wizard.

Application Server Role

Updated: May 16, 2008
Applies To: Windows Server 2008
Application Server is an expanded server role in the Windows Server® 2008 operating system. The new version of Application
Server provides an integrated environment for deploying and running custom, server-based business applications. These
applications respond to requests that arrive over the network from remote client computers or from other applications. Typically,
applications that are deployed and run on Application Server take advantage of one or more of the following:
Internet Information Services (IIS) (the Hypertext Transfer Protocol (HTTP) server that is built into Windows Server)

Microsoft® .NET Framework versions 3.0 and 2.0. (If you have applications that are built with the .NET Framework 3.5, you can
download and install the .NET Framework 3.5 onto the operating system.)

[Link]

COM+

Message Queuing
Web services that are built with Windows Communication Foundation (WCF)

We recommend that you use the Application Server role when Windows Server 2008 runs applications that depend on role
services or features that are part of the integrated Application Server role and that you select during the installation process. An
example might be a specific configuration of Microsoft BizTalk® Server that uses a set of role services or features that are part of
the Application Server environment.
Typically, the Application Server role is recommended when you are deploying a business application that was developed within
your organization (or developed by an independent software vendor (ISV) for your organization) and when the developer has
indicated that specific role services are required. For example, your organization may have an order-processing application that
accesses customer records that are stored in a database. The application accesses the customer information through a set of WCF
Web services. In this case, you can configure one Windows Server 2008 computer as an application server, and you can install the
database on the same computer or on a different computer.
Not every server application benefits from the installation of the Application Server role. For example, the Application Server role
is not necessary to support Microsoft Exchange Server or Microsoft SQL Server on Windows Server 2008.
To determine if the Application Server role is useful for running your organization's business applications, have your administrators
work closely with the application's developers to understand the requirements of the application, for example, whether it uses
the .NET Framework 3.0 or COM+ components.

If you have applications that are built with the .NET Framework 3.5, you can download and install
the .NET Framework 3.5 onto the operating system.
What does Application Server do?
Application Server provides the following:
A runtime that supports effective deployment and management of high-performance server-based business applications. These
applications are able to service requests from remote client systems, including Web browsers connecting from the public Internet
or from a corporate network or intranet, and remote computer systems that may send requests as messages.

The .NET Framework 3.0, which provides developers with a simplified programming model for connected server applications.
Developers can use the built-in .NET Framework libraries for many application functions, including input/output (I/O), numerica
and text processing, database access, XML processing, transaction control, workflow, and Web services. For system
administrators, the .NET Framework provides a secure and high-performance execution runtime for server-based applications, as
well as a simplified application configuration and deployment environment.
Windows Server 2008 installation by means of a new, user-friendly Add Roles Wizard that helps you choose the role services and
features that are necessary to run your applications. The Add Roles Wizard automatically installs all features that are necessary for
a given role service and makes it easier for you to set up and provision a computer as an application server for your business
applications.

Who will be interested in this role?

This information about the Application Server role is primarily for information technology (IT) professionals who are responsible for
deploying and maintaining an organization's line-of-business (LOB) applications. LOB applications are typically developed in your
organization or for your organization.
An application server environment consists of one or more servers running Windows Server 2008 that are configured with the
Application Server role. This includes servers that do the following:
Host applications that are built with the .NET Framework 3.0

Host applications that are built to use COM+, Message Queuing, Web services, and distributed transactions

Connect to an intranet or to the Internet to exchange information

Host applications that expose or consume Web services

Host applications that expose Web pages

Interoperate with other remote systems running on disparate platforms and operating systems

An extended Application Server environment can also include the following:

Domain-joined client computers and their users

Computers that are used primarily for management of the application servers

Infrastructure servers that run resources, such as Active Directory Domain Services (AD DS) or other Lightweight Directory Access
Protocol (LDAP) repositories, Certificate Services, security gateways, process servers, integration servers, application or data
gateways, or databases

What new functionality does this role provide?

The new, expanded version of the Application Server role is installed through the Add Roles Wizard in Server Manager
Administrators who have LOB applications that are built with the .NET Framework 3.0 may discover that setting up a hosting
environment for these applications is simpler with this server role. The Add Roles Wizard guides the administrator through the
process of selecting the role services or supporting features that are available in this role and may be necessary to run specific
LOB applications.
Application Server Foundation
Application Server Foundation is the group of technologies that are installed by default when you install the Application Server
role. Essentially, Application Server Foundation is the .NET Framework 3.0. (If you have applications that are built with the .NET
Framework 3.5, you can download and install the .NET Framework 3.5 onto the operating system.)
Windows Server 2008 includes the .NET Framework 2.0, regardless of any server role that is installed. The .NET Framework 2.0
contains the Common Language Runtime (CLR), which provides a code-execution environment that promotes safe execution of
code, simplified code deployment, and support for interoperability of multiple languages, as well as extensive libraries for building
applications.
Application Server Foundation adds the .NET Framework 3.0 features to the baseline .NET Framework 2.0 features. For more
information about the .NET Framework 3.0, see .NET Framework Developer Center ([Link]

If you have applications that are built with the .NET Framework 3.5, you can download and
install the .NET Framework 3.5 onto the operating system.

Why is this functionality important?

The key components of Application Server Foundation are installed as a set of code libraries and .NET assemblies. The following
are the key components of Application Server Foundation:
Windows Communication Foundation (WCF)

Windows Workflow Foundation (WF)

Windows Presentation Foundation (WPF)

Of these three, WCF and WF are commonly used in server-based applications as well as client-based applications. WPF is used
primarily in client-based applications, and it is not discussed further here. For more information about WPF, see Windows
Presentation Foundation ([Link]
WCF is the Microsoft unified programming model for building connected applications that use Web services to communicate with
each other. These applications are also known as service-oriented applications (SOA), and they are becoming increasingly more
important for business. Developers can use WCF to build SOA applications that employ secure, reliable, transacted Web services
that communicate across platforms and interoperate with existing systems and applications in your organization.
WCF enables developers to compose or combine the various technologies that are available today for building distributed
applications (COM+ and .NET Enterprise services, Message Queuing, .NET Remoting, [Link] Web Services, and Web Services
Enhancements (WSE)) in ways that make sense for your organization’s business needs and computing environment. For more
information about WCF, see What is Windows Communication Foundation? ([Link]
WF is the programming model and engine for building workflow-enabled applications quickly on Windows Server 2008. A workflow
is a set of activities that describe a real-world process, such as an order-purchasing process. A workflow is commonly described
and viewed graphically—something like a flowchart. The description of the workflow is often called "the model." Work items pass
through the workflow model from start to finish.
Work items or activities within the model can be executed by people or by systems or computers. While it is possible to describe a
workflow in traditional programming languages as a series of steps and conditions, for more complex workflows or workflows that
support simpler revisions, designing the workflow graphically and storing that design as a model is typically much more
appropriate and flexible.
WF supports system workflow and human workflow across a variety of scenarios, including the following:
Workflow in LOB applications

The sequential flow of screens, pages, and dialog boxes as presented to the user in response to the user's interaction with the
user interface (UI)

Document-centric workflow, for example, the processing of a purchase order or a medical record

Human workflow interaction, such as sending e-mail to a business client and receiving e-mail from the client

Composite workflow for SOA

Business-rule-driven workflow, for example: "On a Monday at 17:00, send an update catalogue request to business partners."

Workflow for systems management

For more information about WF, see Windows Workflow Foundation ([Link]
What works differently?
Although there is an Application Server role in Windows Server 2003, the new, expanded Application Server role that is available in
Windows Server 2008 is not simply an upgrade from the application server configuration tool that is included in
Windows Server 2003 or an earlier operating system. Because the role functionality is completely new, administrators should be
aware that there is no migration path for the Application Server configuration tool from Windows Server 2003 or earlier operating
systems.
How do I resolve these issues?
If you upgrade your server to Windows Server 2008 from Windows Server 2003 or an earlier operating system, and you want to
use the capabilities of the Application Server role, you must reinstall the Application Server role by using the Add Roles Wizard in
Server Manager. As long as you configure Windows Server 2008 with the correct application services by using the Add Roles
Wizard in Server Manager, you can easily move your applications from Windows Server 2003 to Windows Server 2008.
When should I use the Application Server role?
If the server-based LOB applications that you need to deploy and manage require one or more of the following technologies:
Microsoft .NET Framework 3.0, Message Queuing, COM+, or distributed transactions, consider configuring your server in the
Application Server role.

If you have applications that are built with the .NET Framework 3.5, you can download and
install the .NET Framework 3.5 onto the operating system.

How should I prepare for installation?

As a part of your preparation for installing the Application Server role, create an inventory of the applications that you will run on
this server. If you are an administrator, work with your developers or the ISV who developed the applications to identify the
supporting technologies and configurations that must be present on the server to run the applications. Then, map these
technologies to the role services that are described in the following sections so that you can select and properly configure the
services during server role installation. Typically the developer or ISV provides a list of the technologies that are required to be
installed for this application, for example, the .NET Framework 3.0.

Web Server
This option installs IIS version 7.0, the Web server that is built into Windows Server 2008. IIS has been available in Windows Server
for many years, but has been revised significantly for Windows Server 2008 to provide improvements in performance, security
management, supportability, reliability, and modularity.
IIS provides the following baseline benefits:
IIS makes it possible for Application Server to host internal or external Web sites or services with static or dynamic content.

IIS provides support for running [Link] applications that are accessed from a Web browser.

IIS provides support for running Web services that are built with Microsoft WCF or [Link].

COM+ Network Access

This option adds COM+ Network Access for remote invocation of applications that are built on and hosted in COM+ and Enterprise
Services components. Such applications are also sometimes called Enterprise Services components.
COM+ Network Access is one of the remote invocation capabilities that has been supported in Windows Server since
Windows 2000 Server, and it continues to be supported in Windows Server 2008. Newer applications typically use WCF to support
remote invocation because WCF provides interoperability across multiple platforms.

Windows Process Activation Service

This option adds Windows Process Activation Service (WAS). WAS can start and stop applications dynamically, based on messages
that are received over the network through HTTP, Message Queuing, TCP, and named pipes protocols. Dynamic start and stop of
applications means that server resources are used more efficiently. WAS is a new service in Windows Server 2008.

[Link] Port Sharing

This option adds the [Link] Port Sharing Service. This role service makes it possible for multiple applications to use a single TCP
port for incoming communications. For example, an SOA that is built with WCF can share the same port. Sharing ports is often a
requirement when firewall configurations or network restrictions allow only a limited number of open ports or when multiple
distinct instances of a WCF application must be running and available at the same time.
So that multiple WCF applications can share ports (multiplexing), the [Link] Port Sharing Service performs the multiplexing. The
[Link] Port Sharing Service accepts incoming connection requests using the TCP protocol. The service then automatically
forwards incoming requests to the various WCF services based on the target addresses of the requests. Port sharing works only
when the WCF applications use the [Link] protocol for incoming communications. [Link] Port Sharing is a new service in
Windows Server 2008.

Distributed Transactions
Applications that connect to and perform updates on multiple databases or other transactional resources may require that these
updates are performed with "all-or-none" transactional semantics—a technology that ensures that every part of the transaction is
complete or that the whole transaction is rolled back to its original state.
Support for distributed transactions in Windows Server 2008 provides a way for applications to have this requirement met.
Distributed transaction support has been in Windows Server since Microsoft Windows NT® Server 4.0, and this support continues
in Windows Server 2008.
Is this role available in all editions of Windows Server 2008?
Application Server is available in the following editions of Windows Server 2008:
Windows Server 2008 Standard

Windows Server 2008 Enterprise

Windows Server 2008 Datacenter

Windows Server 2008 for Itanium-Based Systems

The Application Server role is not available in the following edition of Windows Server 2008:
Windows Web Server 2008

Does it behave differently in some editions?

Application Server behavior does not vary based on the edition of Windows Server 2008.

Is it available in both 32-bit and 64-bit versions?

Application Server is available in both 32-bit and 64-bit versions of Windows Server 2008.

DHCP Server
When you deploy Dynamic Host Configuration Protocol (DHCP) servers on your network, you can automatically provide client
computers and other TCP/IP-based network devices with valid IP addresses. You can also provide the additional configuration
parameters these clients and devices need, called DHCP options, that allow them to connect to other network resources, such as
DNS servers, WINS servers, and routers.

DNS Server Overview

Applies To: Windows Server 2008, Windows Server 2008 R2
By using the Domain Name System (DNS) server role, you can provide a primary name resolution process for users on your
network. The name resolution process enables users to locate computers on the network by querying for a user-friendly computer
name instead of an IP address. A computer running the DNS server role can host the records of a distributed DNS database and
use the records to resolve DNS name queries that are sent by DNS client computers. These queries can include requests such as
the names of Web sites or computers in your network or on the Internet.
You can also integrate the DNS server role with Active Directory Domain Services (AD DS) to store and replicate DNS zones. This
makes multimaster replication possible, along with more secure transmission of DNS data. In turn, AD DS requires DNS so that
clients can locate domain controllers.
In the following sections, learn more about the DNS server role, the required and optional features in the DNS server role, and
hardware and software for running it. In addition, learn how to open the administrative tool for the DNS server role and how to find
more information about it.
What is the DNS server role?
DNS is a system for naming computers and network services that organizes them into a hierarchy of domains. DNS naming is used
on TCP/IP networks, such as the Internet, to locate computers and services with user-friendly names. When a user enters the DNS
name of a computer in an application, DNS clients and servers work together to look up the name and provide other information
that is associated with the computer, such as its IP address or services that it provides for the network. This process is called name
resolution.
The DNS server role makes it possible for a server running Windows Server® 2008 to act as a name resolution server for a TCP/IP
network. The network can contain computers running Windows as well as computers running other operating systems. The DNS
service in Windows Server 2008 is tightly integrated with Dynamic Host Configuration Protocol (DHCP) so that Windows-based
DHCP clients and Windows-based DHCP servers automatically register host names and IP addresses on the DNS server for the
appropriate domain.
Typically, Windows Server 2008 DNS is integrated with AD DS. In this environment, DNS namespaces mirror the Active Directory
forests and domains for an organization. Network hosts and services are configured with DNS names so that they can be located in
the network, and they are also configured with DNS servers that resolve the names of Active Directory domain controllers.
Windows Server 2008 DNS is also often deployed as a non–AD DS, or "standard," DNS solution. For example, it can be deployed for
the purposes of hosting the Internet presence of an organization.
The Windows Server 2008 DNS Server service supports and complies with standards that are specified in the set of DNS Requests
for Comments (RFCs). Therefore, it is fully compatible with any other RFC-compliant DNS server. A DNS client resolver is included
as a service in all client and server versions of the Windows operating system.
New features in the DNS server role
The central feature of the DNS server role is the DNS Server service. This service provides a DNS server that is fully compliant with
industry standards, and it supports all standards-compliant DNS clients. You can administer a Windows Server 2008 DNS server by
using a Microsoft Management Console (MMC) snap-in as well as a number of command-line tools.
Windows Server 2008 supports the new features in the following table.

Feature Description

DNAME resource
The DNAME resource record provides nonterminal domain name redirection. That
record support is, unlike the CNAME record, which creates an alias for a single node only, a single
DNAME resource record causes the renaming of a root and all descendents in a
domain namespace subtree. This makes it possible for organizations to rename a
portion of their domain namespace—for example, to merge two namespaces as a
result of a business acquisition.
Support for Internet
IPv6 Protocol version 6 (IPv6) specifies addresses that are 128 bits in length,
addresses compared to IP version 4 (IPv4) addresses, which are 32 bits long. This greater
length allows for a much greater number of globally unique addresses, which are
required to accommodate the explosive growth of the Internet around the world.
IPv6 also provides for better routing and network autoconfiguration. The DNS
server in Windows Server 2008 now supports IPv6 addresses as fully as it supports
IPv4 addresses.
Read-only domain
Windows Server 2008 introduces a new type of domain controller, the read-only
controller support
domain controller (RODC). An RODC provides, in effect, a shadow copy of a domain
controller. You can install it in locations where physical security cannot be
guaranteed, such as branch offices.
To support RODCs, the DNS server in Windows Server 2008 supports a new type of
zone, the primary read-only zone (also sometimes referred to as a branch office
zone). The primary read-only zone is created automatically when a computer
running the DNS server role is promoted to be an RODC. The zone contains a read-
only copy of the DNS data that is stored in the read-only AD DS database on the
RODC.
The writeable version of the data is stored on a centrally located domain controller,
such as a hub site domain controller. The DNS zone data on the RODC is updated
 when the DNS data is replicated from the centrally located domain controllers to
the RODC according to the configured replication schedule.
The administrator of the RODC can view the contents of the read-only primary
zone, but only a domain administrator with permissions on the centrally located
domain controller can change the zone data.
Single-label The
name
DNS Server service now supports a special zone called the GlobalNames zone
resolution to hold single-label host names. This zone can be replicated across an entire
forest, so that single-label host names (for example, webserver1) can be resolved
throughout the forest without the use of the Windows Internet Naming System
(WINS) protocol. Although the GlobalNames zone is not intended to provide peer-
to-peer single-label name resolution, you can use it to simplify the location of
servers and intranet Web sites, for example.
Hardware and software considerations
Use performance counters, testing in the lab, data from existing hardware in a production environment, and pilot roll-outs to
determine the hardware capacity that is necessary for your server.
Note
A limited set of server roles is available for the Server Core installation option of Windows
Server 2008 and for Windows Server 2008 for Itanium-Based Systems.
Typical DNS server hardware recommendations include the following:
Single-processor computers with 400-megahertz (MHz) Pentium II CPUs

512 megabytes (MB) of RAM for each processor

At least 4 gigabytes (GB) of available hard disk space

A network adapter

Using faster CPUs, more RAM, and larger hard drives improve the scalability and performance of your DNS servers. DNS servers
use approximately 100 bytes of RAM for each resource record. Using this figure, which you can obtain by looking at each zone in
the DNS snap-in, you can calculate how much memory you need.
For information about the system requirements for Windows Server® 2008 R2, see
Installing a DNS server
After you finish installing the operating system, a list of initial configuration tasks appears. To install a DNS server, in the list of
tasks, click Add roles, and then click DNS server.
Managing a DNS server
You can manage server roles with MMC snap-ins. Use the DNS snap-in to manage a DNS server. To open the DNS snap-in,
clickStart, point to Administrative Tools, and then click DNS.

Fax Server
You can use a computer configured as a fax server to centrally manage fax devices and enable users to send and receive faxes.
Note that to install the Fax Server role, you also must install the Print Services role.
Looking for Windows Server 2003 content? See Using Fax in Windows Server 2003 Help.
Featured Content
Overview of Fax Server and Fax Service Manager
In Windows Server 2008 R2, you can use a fax server to configure fax devices so that users in your network can send and receive
faxes.
Install and Share a Fax Printer for Network Users
Use this procedure to create a new fax printer on Windows Server 2008 R2, and then to share the fax printer so that your users
can find it. Also available for Windows Server 2008.
Windows Server 2008 Fax Server Management Pack for System Center Operations Manager 2007
Download only. This management pack monitors the performance and availability of the Fax Server role on Windows Server 2008.

File and Storage Services

File and Storage Services provides technologies that help manage storage, enable file replication, manage shared folders, ensure
fast file searching, and enable access for UNIX client computers.
Evaluate Hyper-V
Review the following resources to learn why you should use Hyper-V.
Compare VMware - Why Microsoft.
Learn about the features in Hyper-V.
Learn about the Windows and Linux supported guest operating systems for Hyper-V virtual
machines.
Download the Windows Server 2012 R2 Hyper-V Component Architecture Poster and Hyper-V
Mini-Posters.
Check out the Windows Server 2012 R2 Evaluation Center.
Find more evaluation resources about Virtualization for your modern datacenter and hybrid
cloud.
Scenarios and whitepapers
Achieving Over 1-Million IOPS from Hyper-V VMs in a Scale-Out File Server Cluster Using
Windows Server 2012 R2 (whitepaper)
Building Your Cloud Infrastructure: Scenario Overview
Increasing Server, Storage, and Network Availability: Scenario Overview
Virtualization Fabric Design Considerations Guide
Get started
Learn how you can get started with Hyper-V on Windows Server 2012, Windows Server 2012
R2, Windows 8 or Windows 8.1.
Install Hyper-V and create a virtual machine
Configure and manage Hyper-V
Configure Hyper-V
Remotely manage Hyper-V
Security guide for Hyper-V in Windows Server 2012
Hyper-V scalability in Windows Server 2012 and Windows Server 2012 R2
Hyper-V Replica
Tools for Hyper-V
Hyper-V Module for Windows PowerShell
Hyper-V Cmdlets in Windows PowerShell
Integration Services
Microsoft Virtual Machine Converter 3.0
Hyper-V WMI provider (V2)
Virtualize server workloads
Review the list of Microsoft server software that’s supported in a Hyper-V virtualized
environment and check out how you can get started virtualizing workloads like Exchange
email.
Microsoft server software and supported virtualization environments
Introduction to Active Directory Domain Services (AD DS) Virtualization (Level 100)
Exchange 2013 virtualization
Virtualize SharePoint 2013 learning roadmap
Virtualizing SQL Server on Hyper-V and on Windows Azure VMs
Building Your Cloud Infrastructure: Converged Data Center with File Server Storage
Videos
Watch subject matter experts walk through tasks and explain Hyper-V related concepts.
Introduction to Hyper-V Jump Start
The Hidden Treasures of Windows Server 2012 R2 Hyper-V?
Hyper-V Network Virtualization: 100+ Customer Service Provider Deployments
Deploying Hyper-V Network Virtualization
Migrating to Microsoft: VMware to Hyper-V and Microsoft Azure
Virtualizing Linux and FreeBSD Workloads on Windows Server Hyper-V
Blogs
Check out the latest posts from Program Managers, Product Managers, Developers and
Testers in the Microsoft Virtualization and Hyper-V teams.
Ben Armstrong's Virtualization Blog
Taylor Brown's Blog
Virtualization Blog
Windows Server Blog
Forum and newsgroups
Got questions? Talk to your peers, MVPs, and the Hyper-V product team.
Windows Server Hyper-V
 Give feedback
Give us feedback about the documentation for Hyper-V. Click Yes or No in the Did you find
this helpfulsection at the bottom of the page and add your comments.
To suggest content or request more documentation (or report an error), please contact us
atvirtua@[Link]
Stay connected
Keep connected with the latest happening with Hyper-V.
Follow us on Twitter

Hyper-V

Updated: April 4, 2016

Applies To: Windows Server 2012 R2, Windows Server 2012
Did you know that Microsoft Azure provides similar functionality in the cloud? Learn
more about Microsoft Azure virtualization solutions.
Create a hybrid virtualization solution in Microsoft Azure:
Learn about running virtual machines in Microsoft Azure
Move VM’s between Hyper-V and Microsoft Azure
Move VMware, AWS, Hyper-V and Physical Servers to Microsoft Azure
The Hyper-V server role in Windows Server lets you create a virtualized server computing environment where you can create and
manage virtual machines. You can run multiple operating systems on one physical computer and isolate the operating systems
from each other. With this technology, you can improve the efficiency of your computing resources and free up your hardware
resources. For the most current versions of the topics in this section, see Hyper-V on Windows Server 2016 Technical Preview.
The following table lists the topics in the Hyper-V documentation library for the Hyper-V role in Windows Server 2012 and Windows
Server 2012 R2. It provides links to other information resources, including downloadable content, blogs, videos and a contact link
you can use to ask questions and provide feedback.
Hyper-V resources for IT Pros
For the most current versions of these topics, see Hyper-V on Windows Server 2016 Technical Preview.
Related technologies
The following table lists technologies that you might want to use in your virtualization computing environment.
Technology Description
Client Hyper-V Virtualization
on technology included with Windows 8, Windows
 Windows 8.1 orHyper
8.1, and Windows 10 that you can install through Programs
on Windows 10 and Features in the Control Panel.
Microsoft Hyper-V Stand-alone
Server product that contains only the Windows
2012 R2 and Hyper-V hypervisor, a Windows Server driver model, and virtualization
Server 2012 components.
Windows An
Server
isolated and portable operating environment where an
Containers application can run without affecting the rest of the system
and the system won’t affect the application.
Failover Clustering Feature that enables a group of independent computers to
work together to increase the availability and scalability of
clustered roles.
File and Storage Services
Server role that includes technologies that help you set up
and manage one or more file servers, which are servers that
provide central locations on your network where you can store
files and share them with users.
Remote Desktop Client
Tool that allows you to connect to a remote PC and your work
resources from almost anywhere.
Remote Desktop Services
Server role that provides technologies that enable users to
connect to virtual desktops, RemoteApp programs, and
session-based desktops.
Virtual Machine
Tool that you use to connect to a virtual machine so that you
Connection can install or interact with the guest operating system on the
virtual machine.
Virtual Machine Manager
System Center component that provides a management
solution for the virtualized datacenter. You can configure and
manage your virtualization hosts, networks, and storage
resources so you can create and deploy virtual machines and
services to private clouds that you’ve created.

Network Policy and Access Services

Network Policy and Access Services (NPAS) allows you to provide local and remote network access and to define and enforce
policies for network access authentication, authorization, and client health. The NPAS server role includesNetwork Policy Server
(NPS), the Routing and Remote Access service (RRAS), Health Registration Authority (HRA), and Host Credentials Authorization
Protocol (HCAP).

Overview of Print Management

Applies To: Windows 7, Windows Server 2008 R2
On computers running Windows® 7 and Windows Server® 2008 R2, you can share printers on a network and centralize print
server and network printer management tasks using the Print Management Microsoft Management Console (MMC) snap-in. Print
Management helps you to monitor print queues and receive notifications when print queues stop processing print jobs. It also
enables you to migrate print servers and deploy printer connections using Group Policy.
Tools for managing a print server
There are two primary tools that you can use to administer a Windows print server:
Server Manager

Print Management

On Windows Server 2008 R2, you can use Server Manager to install the Print and Document Services server role and role services.
Server Manager also includes an instance of the Print Management snap-in, which you can use to administer the local server.
Print Management provides current details about the status of printers and print servers on the network. You can use Print
Management to install printer connections to a group of client computers simultaneously and to monitor print queues remotely.
Print Management can help you to find printers that have an error condition by using filters. It can also send e-mail notifications or
run scripts when a printer or print server needs attention. On printers that provide a Web-based management interface, Print
Management can display more data, such as toner and paper levels.
Note
To manage a remote print server, you must be a member of the Print Operators or Server
Operators groups, or the local Administrators group on the remote print server. You do not need
these permissions to monitor remote print servers, though some functionality will be disabled.
Services for print servers and network printers
The Print and Document Services role in Windows Server 2008 R2 includes the following three role services that are relevant for
managing your print servers and network printers. You can add these role services while you are installing the Print Services role
using the Add Roles Wizard of Server Manager. Or you can install them at a later time by using the Add Role Services Wizard of
Server Manager.
Note
Because Windows 7 is a client operating system, it does not include role services. Instead, it
includes the Print Management snap-in. Windows 7 also includes LPD Print Service as an optional
Windows feature. You can install LPD Print Service from Control Panel using Programs and
Features. Windows 7 does not include the Internet Printing feature or Distributed Scan Server
role service.
Print Server
Print Server is a role service that installs the Print Management snap-in. Print Management is used for managing multiple printers
or print servers and migrating printers to and from other Windows print servers. After you share a printer, Windows enables the
File and Printer sharing exception in Windows Firewall with Advanced Security.
LPD Service
The Line Printer Daemon (LPD) Service installs and starts the TCP/IP Print Server (LPDSVC) service, which enables UNIX-based
computers or other computers that are using the Line Printer Remote (LPR) service to print to shared printers on this server. It also
creates an inbound exception for port 515 in Windows Firewall with Advanced Security.
No configuration is necessary for this service. However, if you stop or restart the Print Spooler service, the TCP/IP Print Server
service is also stopped, and it is not automatically restarted.
To print to a printer or print server that uses the LPD protocol, you can use the Network Printer Installation wizard and a Standard
TCP/IP printer port. However you must install the Line Printer Remote (LPR) Port Monitor feature to print to a UNIX print server. To
do so, use one of the following methods:
In Control Panel, click Programs and Features, click Turn Windows features on or off, expand Print and Document
Services, select the LPR Port Monitor check box, and then click OK.

In Server Manager, click Add Features, select the LPR Port Monitor check box, and then click OK.

Internet Printing
The Internet Printing role service in Windows Server 2008 R2 creates a Web site hosted by Internet Information Services (IIS). This
Web site enables users to:
Manage print jobs on the server.

Use a Web browser to connect and print to shared printers on this server by using the Internet Printing Protocol (IPP). (Users must
have Internet Printing Client installed.)

To manage a server by using the Web site created by Internet Printing, open a Web browser and navigate to
[Link] where servername is the UNC path of the print server.
To install the Internet Printing Client, use one of the following methods:
In Windows 7: in Control Panel, click Programs and Features, click Turn Windows features on or off, expand Print and
Document Services,select the Internet Printing Client check box, and then click OK.

In Windows Server 2008 R2: in Server Manager, click Add Features, select the Internet Printing Client check box, and then
click OK.
Remote Desktop Services Overview

Updated: May 7, 2014

Applies To: Windows Server 2012 R2, Windows Server 2012
Remote Desktop Services accelerates and extends desktop and application deployments to any device, improving remote worker
efficiency, while helping to keep critical intellectual property secure and simplify regulatory compliance. Remote Desktop Services
enables virtual desktop infrastructure (VDI), session-based desktops, and applications, allowing users to work anywhere.
Did you mean…
Terminal Services in Windows Server 2008
Remote Desktop Services in Windows Server 2008 R2
Remote Desktop Services resources (all versions)
Microsoft Server and Cloud Platform
Did you know that Microsoft Azure provides similar functionality in the cloud? Learn
more about Microsoft Azure virtualization solutions.
Create a hybrid virtualization solution in Microsoft Azure:
Learn about Azure RemoteApp
Migrate a hybrid collection from a RemoteApp VNET to an Azure VNET
Create a hybrid collection for Azure RemoteApp
Publish an app in Azure RemoteApp
Role description
The Remote Desktop Services role provides technologies that enable users to connect to virtual desktops, RemoteApp programs,
and session-based desktops. With Remote Desktop Services, users can access remote connections from within a corporate
network or from the Internet.
Practical applications
Remote Desktop Services allows workers to work anywhere. Some of the key benefits of Remote Desktop Services include:
Unified administration experience – Administer your session and virtual desktop collections, configure your RemoteApp
programs, manage your virtual desktops, and add servers to the deployment from one centralized console.
User personalization – User profile disks allow you to preserve user personalization settings across session collections and
pooled virtual desktop collections.
Less expensive storage – Pooled virtual desktops can use local storage live migration between host computers. Personal virtua
desktops can use storage located on network shares.
Automated pooled virtual desktop management – Deploy and manage pooled virtual desktops centrally by using a virtua
desktop template. Any changes, such as application installation or security updates, are installed on the virtual desktop template,
and the pooled virtual desktops are then recreated from the virtual desktop template.
New and changed functionality for Windows Server 2012 R2
In Windows Server 2012 R2, Remote Desktop Services includes enhancements in the following areas:
Monitor and control by using session shadowing
Reduced storage requirements and improved performance accessing common data
RemoteApp programs perform more like locally-based applications
Improved reconnection performance for remote clients
Improved compression allowing improved usage of network bandwidth
Display resolution changes are automatically reflected on the remote client
RemoteFX virtualized GPU supports DX11.1
For more information about new features and functionality, see What's New in Remote Desktop Services in Windows Server.
New and changed functionality for Windows Server 2012
Remote Desktop Services enables the mobile work force to connect to desktop and applications from anywhere. In Windows
Server 2012, Remote Desktop Services includes enhancements in the following areas:
Simplified Virtual Desktop Infrastructure (VDI) deployment and management
Simplified Session Virtualization deployment and management
Centralized resource publishing
Rich user experience with Remote Desktop Protocol (RDP)
The user experience has been enhanced for Remote Desktop Services in Windows Server 2012 in the following ways:
Rich Windows desktop remoting experience
Smooth audio and video playback experience
Rich graphics and video user experience over a WAN
Enhanced device remoting support with USB Redirection for Session Virtualization and VDI
True Multi-Touch and gesture remoting
Email name discovery and subscription to administrator supplied remote resources
RemoteFX virtualized GPU provides DX 11 support
In addition to these areas of enhancement, Remote Desktop Services in Windows Server 2012 introduces a new management
console for managing the majority of Remote Desktop Services-related tasks. For more information about new features and
functionality, see What's New in Remote Desktop Services in Windows Server.
New Microsoft Remote Desktop Clients
You can use the Microsoft Remote Desktop client to connect to a remote PC and your work resources from almost anywhere.
Experience rich interactivity using a remote desktop client designed to help you get your work done wherever you are. For
example, you can connect to your work PC and have access to all of your apps, files, and network resources as if you were sitting
right in front of your work PC. You can leave apps open at work and then see those same apps using the RD client.
For information about these new features and functionality for Android, iOS, and Mac, see Microsoft Remote Desktop Clients.
Removed or deprecated functionality
For a list of deprecated features, see Features Removed or Deprecated in Windows Server 2012 R2 and Features Removed or
Deprecated in Windows Server 2012.
Hardware requirements
Remote Desktop Services requires that the Windows Server 2012 R2 or Windows Server 2012 operating system be installed. There
are no additional hardware or software requirements for running Remote Desktop Services.
There are several hardware requirements that must be met when you deploy RemoteFX virtualized GPU to hardware accelerate
your Windows client virtual desktops:
SLAT-enabled processor. The processor on the RemoteFX server must support Second-Level Address Translation (SLAT).
GPU. At least one graphics processing unit (GPU) that is capable of supporting RemoteFX is required on the RemoteFX server. The
GPU driver must support DirectX 11.
Note
Without a RemoteFX virtualized GPU, applications that require DirectX will still work using a
built in Hyper-V specific GPU.
Server Manager information
Remote Desktop Services is a server role that consists of several role services. In Windows Server 2012 R2 and Windows Server
2012, the following Remote Desktop Services role services can be installed with this role:

Role service name

Role service description
RD Virtualization
Remote Desktop Virtualization Host (RD Virtualization Host) integrates with
Host Hyper-V to deploy pooled or personal virtual desktop collections within your
organization.
RD Session Host
Remote Desktop Session Host (RD Session Host) enables a server to host
RemoteApp programs or session-based desktops. Users can connect to RD
Session Host servers in a session collection to run programs, save files, and use
resources on those servers.
RD Connection
Remote Desktop Connection Broker (RD Connection Broker):
Broker Allows users to reconnect to their existing virtual desktops, RemoteApp
programs, and session-based desktops.
Enables you to evenly distribute the load among RD Session Host servers in a
session collection or pooled virtual desktops in a pooled virtual desktop
collection.
Provides access to virtual desktops in a virtual desktop collection.
RD Web AccessRemote Desktop Web Access (RD Web Access) enables users to access
RemoteApp and Desktop Connection through the Start menu on a computer that
is running Windows 8, Windows 7, or through a web browser. RemoteApp and
Desktop Connection provides a customized view of RemoteApp programs and
session-based desktops in a session collection, and RemoteApp programs and
virtual desktops in a virtual desktop collection.
RD Licensing Remote Desktop Licensing (RD Licensing) manages the licenses required to
connect to a Remote Desktop Session Host server or a virtual desktop. You can
use RD Licensing to install, issue, and track the availability of licenses.
RD Gateway Remote Desktop Gateway (RD Gateway) enables authorized users to connect to
virtual desktops, RemoteApp programs, and session-based desktops on an
internal corporate network from any Internet-connected device.
See also
The following table provides additional resources for evaluating Remote Desktop Services.

Windows Media Services 2008 Overview

Updated: December 2, 2009
Applies To: Windows Server 2008, Windows Server 2008 R2
The Streaming Media Services role in the Windows Server 2008 operating system provides a platform for streaming digital media
content to clients over networks.
The Streaming Media Services role in Windows Server 2008 includes the Windows Media Server role service, which is required to
deploy your server computer as a Windows Media server. This role service includes Microsoft® Windows Media® Services 2008
which provides support for delivering digital media content to clients across a network.
The Streaming Media Services role also includes the following optional role services for managing a Windows Media server:
Web-based Administration. Provides support for remote Web-based administration of a Windows Media server.

Logging Agent. Provides support for logging statistics from clients that receive multicast broadcast or advertising content from a
Windows Media server.

What is a Windows Media server?

A Windows Media server streams digital audio and video content to clients over the Internet or an intranet. These clients can be
other computers or devices that play back the content using a player, such as Windows Media Player, or they can be other
computers that are running Windows Media Services (called Windows Media servers) that proxy, cache, or redistribute the
content. Clients can also be custom applications that have been developed by using the Windows Media SDK components.
The content that your Windows Media server streams to clients can be a live stream or a prerecorded digital media file. For live
content, the server connects to encoding software, such as Microsoft® Expression® Encoder, that can broadcast a live stream in a
format supported by the server.
The following types of organizations find Windows Media Services to be especially useful:
Hosting companies that deliver a fast-streaming experience to viewers in homes and offices.

Enterprises that manage network resources while delivering rich communications for executive broadcasts, online learning,
marketing, and sales.
Wireless companies that deliver wireless broadband entertainment services by using scalable and reliable Windows Media servers.

Internet broadcasters that deliver content for radio, television, cable, or satellite.

Film and music distributors that distribute audio and video content in a secure manner without excessive buffering or network
congestion.

IPTV professionals that deliver a high-quality IPTV experience on local area networks (LANs).

Features in Windows Media Services

The following features and functions in Windows Media Services 2008 make it ideal for delivering high-quality live and on-demand
streaming experiences:
Note
The features in Windows Media Services differ, depending on which version or edition of the
Windows Server operating system that you are running. For more information, see Decide which
version of Windows Server is right for you.

Cache/Proxy Management. You can configure a Windows Media server either as a cache/proxy server or as a reverse proxy
server so that it can provide caching and proxy support to other Windows Media servers. A Windows Media server that can cache
and proxy your digital media content reduces operating costs and provides a better viewing experience for users by conserving
network bandwidth, decreasing network-imposed latency, and offsetting the load on the origin server.

Advanced Fast Start. Fast Start delivers an instant-on playback experience by eliminating buffering time. When a viewer
connects to a stream, the first few seconds of data is sent using the maximum available bandwidth so that playback can begin as
soon as possible. Advanced Fast Start adds to these capabilities by enabling Windows Media Player to begin playing content as
soon as its buffer receives a minimum amount of data, further reducing the time a user must wait to begin receiving the stream.

Play While Archiving. Broadcast content can be archived to a file, and the archived content can be made available for on-
demand requests or rebroadcast, even before the broadcast is finished being archived.

Advanced FF/RW. Enhanced fast-forward and rewind ("trick mode") functionality for the video part of the content stabilizes
network bandwidth availability by using separate files for each FF/RW speed. This creates a fixed bandwidth requirement per
client, regardless of playback speed, and greatly smoothes the FF/RW experience. Potential server performance bottlenecks are
reduced because the server must read less presentation data from the source content disk, while delivering a seamless
experience to clients.

Broadcast AutoStart. In the event of an interruption, such as a power failure, broadcast publishing points can be configured to
begin running again automatically whenever the Windows Media server starts, so that viewers experience less disruption when
they view streaming content.

Absolute Playlist Time. Absolute Playlist Time adds the playlist timing value wallclock. You can use the wallclockvalue to
automate broadcast schedules by assigning real-world clock values in Coordinated Universal Time (UTC) to attributes in server-
side playlists.

Encoder Failover URL Modifiers. If your primary encoder fails or is stopped, you can configure Windows Media Services to pul
content from an alternative encoder or other content source after a specified period of time by using URL modifiers in the path of
the primary encoder. If you use redundant encoders or other alternative content sources, you increase the reliability of the source
content.

Installing Windows Media Services

The Streaming Media Services role and role administration tools for the Remote Server Administration Tools feature in Server
Manager are not included in Windows Server 2008. You must run a Streaming Media Services role installer file on the updated
platform. You can install Streaming Media Services role installer files on the full installation option for Windows Server 2008 or on
the Server Core installation option. The full installation option includes the entire Windows Media Services user interface, whereas
the Server Core installation option installs a minimal installation of Windows Media Services. Windows Media Services on the
Server Core installation option is managed from the Command Prompt window, reducing management requirements and attack
surface. For more information about Streaming Media Services installation, see the Release Notes for Windows Media Services
2008.
If you are upgrading the operating system to Windows Server 2008, you can move your existing Windows Media server
configuration settings and digital media content. For more information, see the Windows Media Services 2008 Upgrade and
Migration Guide.
You can estimate the hardware requirements for a Windows Media server network, based on your estimated audience size and the
bandwidth consumed by the digital media content that you want to deliver. For more information about common performance
issues, limitations, and performance monitoring techniques, see Optimizing Windows Media Services.
Managing a Windows Media server
Windows Media Services includes the following management interfaces:
On the full installation option for Windows Server 2008, you can use the Windows Media Services snap-in for Microsoft
Management Console (MMC) to manage the local Windows Media server. To open the snap-in, click Start, click All Programs
click Administrative Tools, and then click Windows Media Services.

You can install the optional Web-based Administration role service on the local Windows Media server and then manage the server
by opening the Windows Media Administration site ([Link] in a Web browser on a remote computer
For more information, see Administering Windows Media servers remotely.

You can install Remote Server Administration Tools for Windows Media Services on a computer that runs Windows Vista® or
Windows® 7 and then manage your remote Windows Media server from the client computer. To start the Windows Media Services
snap-in for MMC on the client computer, click Start, click Run, and then typewmsadmin.

Overview of UDDI Services

Applies To: Windows Server 2008
UDDI Services provides Universal Description, Discovery, and Integration (UDDI) capabilities for sharing information about Web
services within an organization's intranet, between business partners on an extranet, or on the Internet. UDDI Services can help
improve the productivity of developers and information technology (IT) professionals with more reliable and manageable
applications. With UDDI Services you can prevent duplication of effort by promoting reuse of existing development work.
Microsoft® UDDI Services provides developers and IT administrators with the following benefits:
A scalable solution for organizing, discovering, reusing, and managing Web services and other programmable resources

A standards-based infrastructure that is compliant with Version 3 of the UDDI application programming interface (API)
specifications

Categorization schemes for describing providers and their Web services that you can customize to meet the needs of your
organization

Integration with various development tools

User-friendly administration with the UDDI Services snap-in

Installation options
You can deploy UDDI Services with a stand-alone installation, or you can choose from a variety of configuration options with a
distributed installation in an enterprise environment.
Stand-alone installation
Use a stand-alone installation for developer prototyping or other low-volume scenarios that involve a limited number of
simultaneous users.
Distributed installation
We recommend a distributed installation for enterprise-wide implementations or other high-volume scenarios in which access
times, availability, and reliability are of greater importance.
In a distributed installation of UDDI Services, the UDDI Services Web Application, the UDDI Services Notification Service, and the
UDDI Services Database are installed on different servers. This type of installation can provide a fault-tolerant and responsive
configuration because it places each of the UDDI Services components on a separate server, a server cluster, or a Web farm. The
way in which you deploy the components is based on how you want to load-balance your installation.
UDDI Services site
An installation of UDDI Services consists of the following role services:
UDDI Services Database

UDDI Services Web Application

UDDI Services Notification Service

A set of UDDI Services Database, Web Application, and Notification Service servers that have the same configuration is referred to
as a UDDI Services “site.” The Web server component may be hosted on the same server as the database component, or it may
be hosted across multiple servers. Multiple Web servers at different locations that are connected to the same database component
are part of the same site because they share the same database. The Notification Service component may be hosted on the same
server as the database component, on one of the Web servers, or on a separate server. A site can have only one instance of the
Notification Service.
Components that are part of the same site also share a set of configuration settings that control how the site behaves as a whole.
These settings include user group mappings to security groups, the types of authentication that the site supports, and additional
cryptography and encryption settings.
In a stand-alone installation, the Web server component, Notification Service component, and the database are installed on a
single server.
UDDI Services Database
The UDDI Services Database provides data storage services for a site. You can install it into a database instance on an existing
installation of Microsoft SQL Server®.
In addition to storing site data, the UDDI Services Database also stores all site-wide configuration settings, such as the name of a
site, its user group mappings, and all security settings for the site.
UDDI Services Web Application
The UDDI Services Web Application uses Internet Information Services (IIS) 7.0. The Web user interface (UI) provides search
publishing, and coordination capabilities.
This component provides support for the UDDI APIs and for Windows® Integrated Authentication, UDDI publisher authentication,
or a combination of the two on both the Web UI and API interfaces.
UDDI Services Notification Service
The UDDI Services Notification Service provides subscription-based notifications on user-defined collections of service metadata.
Interacting with UDDI Services
Developers can publish, discover, and share Web services by using the following interfaces:
UDDI Services Web User Interface: Provides search, publishing, subscription, and coordination features that are compatible
with Microsoft Internet Explorer® and or other web browser.

Visual Studio .NET Add Web Reference Interface: Provides Web service discovery and integration in Microsoft Visual Studio®
through UDDI Services.

UDDI API Interface: Supports the UDDI version 3.0 API and enables developers to publish, subscribe, discover, share, and
interact with Web services directly through their development tools and business applications.

For more information about APIs for developers, see the Microsoft UDDI SDK ([Link]
Administrators can manage UDDI Services by using a set of administration tools, including a Microsoft Management Console (MMC)
snap-in, that provide local and remote administration capabilities. UDDI management interfaces include the following:
UDDI Services snap-in: This Microsoft Management Console (MMC) snap-in is installed when you install the Administration Tools.
You can perform many configuration and management tasks with the UDDI Services snap-in.

UDDI Services Web UI: Administrators can use the Web UI to perform management and coordination tasks.

Additional administration tools: You can perform various management tasks by using administration tools. You can use these
tools to create categorization schemes, export and import data entities, back up and restore a database, and back up and restore
configuration settings.

These tools are installed when you install Administration Tools. They are located under the bin/ folder in the UDDI Services
installation folder:

[Link]: A command-line tool that applies configuration settings from an XML document to UDDI Services components or
retrieves configuration settings from UDDI Services components and stores them in an XML document.

[Link]: A wizard that you can use to select providers or models that are hosted in a UDDI site and export their
details to an XML file.

[Link]: A user interface editor for creating and modifying categorization schemes that comply with UDDI
Services.

[Link]: A command-line tool that backs up or restores the UDDI Services Database hosted on a local instance of SQL Server.

[Link]: A command-line tool that loads XML data such as exported UDDI data entities and categorization schemes into
the UDDI Services Database.

[Link]: A command-line tool that enables data migration from a UDDI Services 2.0 site to a UDDI Services 3.0 site.
Configuring UDDI Services
Applies To: Windows Server 2008
After installing UDDI Services, you must use the UDDI Services Configuration Wizard to enable and configure the Database, Web
Application, and Notification Service components.
The UDDI Services Configuration Wizard has two modes: Basic configuration and Custom configuration. Use Basic configuration
mode to configure UDDI Services with default settings. Use Custom configuration mode to configure advanced settings for
Database, Web Application, and Notification Service components.
When you first install UDDI Services, you can run the UDDI Services Configuration Wizard in either mode by selecting the Launch
Configuration Wizard check box on the Installation Completed page of the Installation Wizard. You can also run the
Configuration Wizard at any time after installing UDDI Services by clicking Start, pointing to All Programs, pointing toMicrosoft
UDDI Services, and then clicking UDDI Services Configuration.

Web Server
The Web Server (IIS) role lets you share information with users on the Internet, an intranet, or an extranet. Windows Server 2008
and Windows Server 2008 R2 deliver IIS 7, which is a unified Web platform that integrates IIS, [Link], Windows Communication
Foundation, and Windows SharePoint Services.

Windows Deployment Services

Windows Deployment Services, the updated and redesigned version of Remote Installation Services (RIS), enables you to remotely
deploy Windows operating systems, particularly Windows Vista. You can use Windows Deployment Services to reimage computers
using customized images.

Windows Server Update Services

Windows Server Update Services (WSUS) enables information technology administrators to deploy the latest Microsoft product
updates to computers that are running the Windows operating system. By using WSUS, administrators can fully manage the
distribution of updates that are released through Microsoft Update to computers in their network.

Migrating Roles and Features

in Windows Server
This page contains links to information and tools that help guide you through the process of migrating roles and features to
Windows Server 2012 R2, Windows Server 2012, and Windows Server 2008 R2. Many roles and features can be migrated by using
Windows Server Migration Tools, a set of five Windows PowerShell cmdlets that was introduced in Windows Server 2008 R2 for
easily migrating role and feature elements and data.
The migration guides support migrations of specified roles and features from one server to another (not in-place upgrades). Unless
otherwise noted in the guides, migrations are supported between physical and virtual computers, and between full installation
options of Windows Server and servers that are running the Server Core installation option.
The Cluster in a Box Validation Kit for Windows Server
Previously, the stand-alone Cluster in a Box Validation Kit for Windows Server helped to confirm that continuous availability (CA)
storage controller and drivers met all applicable requirements for the Windows CA Hardware Platform Validation Program. Now,
the Validation Kit has been replaced by new tests included in the Windows 8.1 Windows Hardware Certification Kit. These tests
conduct various end-to-end test scenarios by running IO workloads and data integrity tests against the cluster during a planned or
unplanned failover.
Overview
A Windows continuously available file server provides critical storage availability without failover disruption. This solution includes
at least two Windows Server 2012 R2 or Windows Server 2012 nodes enjoined by Microsoft Failover Clustering Service and CA
storage controllers managing the shared storage. A continuously available file server is able to shield client computers from
failover activities and helps ensure that failover is transparent from the perspective of client computers or applications storing
data on the file server.

Remote Desktop Client

You can use the Microsoft Remote Desktop Client to connect to a remote PC and your work resources from almost anywhere. You
can connect to your work PC and have access to all of your apps, files, and network resources as if you were sitting right in front of
your work computer. You can leave apps open at work and then see those same apps using the Remote Desktop Client.
Here are the platforms that are supported by Remote Desktop Client along with resources to get you started, including information
to help you get started using Remote Desktop on your mobile device.

Windows Server Installation, Upgrade

and Migration
This page contains links to information and tools that help you deploy servers that are running Windows Server 2012 R2, Windows
Server 2012, or Windows Server 2008 R2.
Learn about installing Windows Server, upgrading to Windows Server, and migrating roles and features to Windows Server.
 There are multiple ways to install Windows Server: you can purchase
installation media from Microsoft, you can download copies of
Windows Server, or you can purchase product keys or volume licenses
that let you run additional copies of Windows Server in your
enterprise.
Learn about the Windows Server operating systems to which you
can upgrade your current releases and editions of Windows Server.
You can also learn more about special considerations for upgrading
Windows Server when you are running specific roles and features in
your enterprise.

Windows Server migration documentation helps you migrate one role

or feature at a time from a source computer that is running Windows
Server to another, destination computer that is running Windows
Server. For these purposes, migration is defined as moving one role or
feature and its data to a different computer, not upgrading the feature
on the same computer. To get started, check the server role upgrade
and migration matrix.

Windows Server 2008 R2 and Windows Server 2008

Updated: July 23, 2014
Applies To: Windows Server 2008, Windows Server 2008 R2
Welcome to the Windows Server 2008 R2 and Windows Server 2008 TechNet Library.
You have discovered the most comprehensive and up-to-date library for technical information about Windows Server 2008 R2 and
Windows Server 2008. The content in this library is authored by a writing team who works directly with Windows Server software
designers, developers, and testers in an effort to bring you the most technically accurate content about Windows Server that is
available anywhere.
Important
Mainstream support for Windows Server 2008 R2 and Windows Server 2008 ends on January 13,
2015, and extended support ends on January 14, 2020. For the most recent version of Windows
 Server, see the Windows Server TechNet Library.
For Windows client information for IT professionals, see the Windows TechNet Library.
For Windows information for those using PCs at home, see the Windows How-To site.
For product evaluations, see Previous Versions on the TechNet Evaluation Center.
In this library
To find content for both Windows Server 2008 R2 and Windows Server 2008, browse using the sections provided below.

What's New in Windows Server Browse Windows Server Technologies

Discover new features, tools, and technologies
Learn from the full set of documentation
in Windows Server 2008 R2 . for technologies in Windows Server,
including Security, Networking, and Active
Directory services technologies.
Windows Server Content by Category Windows Server Commands, References,
Browse Windows Server content categories,and Tools
such as Evaluation, Deployment, Getting Find detailed information about Windows
Started, Management and Operations,
by using command references and the
Migration, and Technical Reference. Windows glossary, and use tools such as
Windows Search, Backup and Recovery,
and Performance to work with your server.
Install and Deploy Windows Server Troubleshoot Windows Server
Learn about management and installation Usetools
events, error messages, and other
and server roles. Includes pre-installation
tools to troubleshoot and support Windows
information, including system requirements;
Server.
what you need to do before you start Setup;
and supported upgrade paths.
Secure Windows Server Computer Hardware and Windows Server
Browse information on Windows Server security
Find out about using Windows Server with
technologies. computer hardware and peripherals.
Service Pack Information for Windows Server
Windows Server 2008 R2 Solutions
Learn more about Windows Server service Learn how to deploy solutions by
packs with release notes, installation
combining multiple Windows-based
instructions, and other information. technologies or Microsoft products.
 Migrate Server Roles to Windows ServerWindows
2008 Server Update Services (WSUS)
R2 Use Windows Server Update Services
Find migration documentation and tools (WSUS)
for to manage downloading software
migrating server roles, features, operating
updates from Microsoft Update and
system settings, and data from an existing
distributing them to computers in your
server that is running Windows Server 2003
network.
or
Windows Server 2008 to a computer that is
running Windows Server 2008 R2.
Features deprecated in Windows Server 2008 R2
The following documentation identifies features and functionalities that were available in previous versions of the Windows and
Windows Server operating systems that are no longer available in Windows 7 and Windows Server 2008 R2.