Windows Server 2008 R2 Active Directory

Although Windows Server 2008 R2 provides a number of new server roles for application services, the release of Windows Server 2008 R2 also brings with it an update to Active Directory. Unlike the shift from Windows NT to Active Directory a decade ago that required a major restructuring of domain functions, Active Directory 2008 R2 is more evolutionary than revolutionary. AD 2008 R2 adds a handful of new features that organizations might or might not choose to upgrade to AD 2008 R2 immediately; however, many organizations have found that the new enhancements in Active Directory 2008 R2 were the primary reason for their migration.

The new features in Active Directory 2008 R2 are as follows:

. Active Directory Recycle Bin—The AD Recycle Bin provides administrators an easy way to undelete objects in Active Directory. In the past, when an administrator inadvertently deleted an Active Directory object like a user, group, organizational unit container, or the like, the object was effectively gone and the administrator would have to create the object from scratch, which would create a whole new series of security principles for the new/unique object. The AD Recycle Bin now enables an administrator to simply run the recovery tool and undelete objects.

. Managed Service Accounts—Applications in a network frequently use service
accounts associated with the security to start a database, conduct data searches and
indexing, or launch background tasks. However, when an organization changes the
password of a service account, all servers with applications using the service account
need to be updated with the new password, which is an administration nightmare.
With Active Directory 2008 R2 mode, service accounts can be identified and then
managed so that a password change to a service account will initiate a process of
updating the service account changes to application servers throughout the organization.

. Authentication Mechanism Assurance—Another Active Directory 2008 R2 feature is the enhancement of claims-based authentication in Active Directory. With authentication mechanism assurance, information in a token can be extracted whenever a user attempts to access a claims-aware application to determine authorization based on the user’s logon method. This extension will be leveraged by future applications to improve claims-based authentication in the enterprise.

. Offline Domain Join—For desktop administrators who create system images, the challenge of creating images is that a system needs to be physically connected to the network before the system can be joined to the domain. With Offline Domain Join, a system can be prejoined with a file created with a unique system credential written to a file. When a Windows 7 client system or Windows Server 2008 R2 server system needs to be joined, rather than physically connecting the system to the network and joining the system to the domain, this exported file can be used offline to join the system to the Active Directory domain.

Source of Information : Sams - Windows Server 2008 R2 Unleashed

No comments:

Cloud storage is for blocks too, not just files

One of the misconceptions about cloud storage is that it is only useful for storing files. This assumption comes from the popularity of file...