10 August, 2012

What's New in Windows Server 2012 Active Directory


You can divide the "what's new" categories in Windows Server 2012 Active Directory into two roughly equal parts: brand new and merely improved. Either way, you're going to like what you see.

New Features:

Let's take a look at the new high-level features, starting with the brand-new functions:

GUI for Recycle Bin Microsoft introduced the Active Directory Recycle Bin in Windows Server 2008 R2, but it was limited by its Windows PowerShell-only exposure. This time it gets a GUI.

UI for Fine-Grained Password Policies Also gaining a GUI are fine-grained password policies.

Dynamic Access Control (DAC) Windows Server 2008 R2 brought the File Classification Infrastructure (FCI). This version's DAC adds far greater functionality to the (optional) second layer of FCI resource authorization.

Windows PowerShell History Viewer You see the Windows PowerShell commands that correspond to actions you perform in the Active Directory Administrative Center UI.

Windows PowerShell Cmdlets for Active Directory Replication and Topology More cmdlets

Active Directory-Based Activation (ADBA) The good: ADBA eliminates the need for a Key Management Service server. The bad: Only forthcoming Windows 8 computers can leverage ADBA. Seriously, Microsoft?

Flexible Authentication Secure Tunneling (FAST) The nickname for FAST is "Kerberos armoring," if that tells you anything. It isn't enabled by default and requires clients that support it. Think you'll be using it anytime soon?

Refreshed Features

Now let's move on to the merely improved bits:

Virtual Snapshot and Cloning Support Active Directory and hypervisor snapshots didn't mix before. Now they do, if your hypervisor supports VM Generation ID.

ADPREP Integrated into DC Promotion Can't recall the proper steps to promote a member server to a DC? No worries, it's in there.

Active Directory Federation Services (ADFS) Now In-Box Adding ADFS no longer requires a separate installation. ADFS also gains multiple improvements. Watch this space, because you'll be seeing and using more ADFS in the years to come.

Domain Join via DirectAccess One word: Nifty! Nine words: Computers can now be domain-joined over the Internet. You'll need DirectAccess first. Trust me: You'll want it.

Kerberos Constrained Delegation (KCD) Across Domains Another of those capabilities you've probably never used, but probably will in the future. KCD was first introduced in Windows Server 2003. Now it can span domains.

Group Managed Service Accounts (GMSAs) MSAs in Windows Server 2008 R2 made administering service accounts easier. GMSAs in this version extend their support to clustered and load-balanced services.

While individually these new features might not seem like a lot, as a group they're a good reason to step up your Active Directory to Windows Server 2012 as soon as you can. 

If you know about some more features please do let me know.

No comments:

Post a Comment

Your feedback is always appreciated. I will try to reply to your queries as soon as possible- Amol Ghuge

Note: Only a member of this blog may post a comment.