Outlining AD DS Changes in Windows Server 2008 R2

Improvements in the functionality and reliability of AD DS are of key importance to the development team at Microsoft. It is, therefore, no small surprise that Windows Server 2008 R2 introduces improvements in AD DS. From the ability to have multiple password policies in a domain to improvements in domain controller deployment with the RODC role, the changes made to the structure of AD DS warrant a closer look.

Windows Server 2008 itself introduced multiple changes to AD DS functionality above and beyond the Windows Server 2003 and Windows Server 2003 R2 Active Directory versions. Windows Server 2008 R2 then introduced additional features and functionalities above those introduced with the RTM version of Windows Server 2008. The Windows Server 2008 R2 enhancements include the following:

. Active Directory Recycle Bin—Provides for the ability to restore deleted AD DS objects

. Offline Domain Join—Allows for prestaging of the act of joining a workstation to the AD DS domain

. Managed Service Accounts—Provides a mechanism for controlling and managing AD DS service accounts

. Authentication Mechanism Assurance—Allows for administrators to grant access to resources differently based on whether a user logs on with a smart card or multifactor authentication source or whether they log on via traditional techniques

. Enhanced Administrative Tools—Includes newly designed and powerful utilities such as Active Directory Web Services, Active Directory Administrative Center, Active Directory Best Practice Analyzer, a new AD DS Management Pack, and an Active Directory Module for Windows PowerShell

The previous version of AD DS introduced with the release of Windows Server 2008 included the following key features that are still available with Windows Server 2008 R2. If upgrading from any of the Windows Server 2003 versions of Active Directory or Windows 2000 Active Directory, all of these new features will be made available:

. Ability to create multiple fine-grained password policies per domain—Lifts the restrictions of a single password policy per domain

. Ability to restart AD DS on a domain controller—Allows for maintenance of an AD DS database without shutting the machine down

. Enhanced AD DS auditing capabilities—Provides useful and detailed item-level auditing capabilities in AD DS without an overwhelming number of logs generated

Source of Information : Sams - Windows Server 2008 R2 Unleashed

No comments:

Incremental-only backup

The incremental-only approach to backup makes a single full backup copy and thereafter makes incremental backup copies to capture newly writ...