As an Active Directory administrator very curies about the windows 2008 features compare to the earlier version like windows 2003, Windows 2008 comes with the whole bunch of features, and am going to discuss specific about the features of Active Directory server roles in Windows 2008
First I will list the features of windows 2008 Active directory and will discuss in detail of each in my upcoming article
Auditing
Now you can know the previous and present values for the changed attributes of the active directory object using the new auditing feature in windows 2008, as per the windows 2003 auditing you will only know the present values of the changed attribute
This is very useful features in windows 2008 since you can revert back the changes using the previous value of the attribute
Fine-Grained Passwords
By default in windows 2003 all the user account in the domain should use the same password policy configured in domain level, thats why we called domain is a security boundary, if you require a different password policy then you have to create new domain
In windows 2008 password policy can be configured for specific group of peoples with in the domain
Read-Only Domain Controller
Every one know about the BDC (backup domain controller) and it’s a same as the BDC but it only take the advantages from the BDC and it’s specifically designed for the today’s requirements like branch office setup and to managing the branch office
We all know how difficult to design and manage the domain controller from the branch office, some time it lead to the lingering object, but using the Read-Only Domain Controller
In the branch office where the physical security of the domain controller is in question, or domain controllers that host additional roles, requiring other users to log on and maintain the server
In any Active Directory environment if one Domain Controller not replicated with the partner Domain Controller more then one month, then it’s a very critical issue you have to rectify the replication problem as soon as possible or the Domain Controller needs to be decommissioned with in the tombstone lifetime, since its read-only domain controller no worries about the tombstone time.
Restartable Active Directory Domain Services
Hey good new, now no need to restart the domain controller for every time for the active directory maintenance.
In windows 2008 active directory is a services, you can stop or restart the services for maintenance without restarting the domain controller and restarting it in Directory Services Restore Mode is not required for most maintenance functions, however still some maintenance function require Directory Services Restore Mode
Database Mounting Tool
Active Directory Database mounting tool in Windows Server 2008 to create and view snapshots of data that is stored in Active Directory Domain Services, and no need to restart the domain controller. A snapshot is a shadow copy created by the Volume Shadow Copy Service, at different times so that you can better choose which data to restore after object deletion. This reduces the administrator time and no need to restore multiple backups to compare the Active Directory data.
Active Directory Database mounting tool can be called Snapshot Viewer, Snapshot Browser, and Active Directory data mining tool.
Active Directory Recycle Bin
You can restore the accidentally deleted Active Directory object, without Active Directory authoritative restore, this can be used for single object restore like a accidental deletion of user or OU and you can reduce the domain controller downtime
Active Directory module for Windows PowerShell
PowerShell available on windows 2003 itself, however it’s not fully supported for Active Directory, you can’t manage the Active Directive using the PowerShell in windows 2003
In windows 2008 Windows PowerShell provides command-line scripting for administrative, configuration, and diagnostic tasks
You can manage the Active Directory with Exchange Server, Group Policy, and other services and it’s very easy to use like a windows commands, you can easily pipe cmdlets to build complex operations
Active Directory Administrative Center
It’s new tool in windows 2008 R2 to manage active directory, we already have active directory users and computer to manage the active directory, using this new tool you can manage active directory in a new way
As an administrator you perform most of the task commonly that is daily, some how it’s hard to open an active directory user and computer and find the object and do the task, in this new tool Active Directory Administrative Center it’s very easy to do a common task like password reset and search the Active Directory object and others
Active Directory Best Practices Analyzer
This can be helped to identify and implement the best practices in the configuration of your active directory environment, this will scan your network and find the best practice violations,
Then you can correct that, to get the best out of Active Directory services in windows 2008.
Active Directory Web Services
Active Directory Web Services is give you the Web service interface to Active Directory domains and AD LDS instances (Active Directory Lightweight Directory Services)
Active Directory Database Mounting Tool uses the Active Directory Web Services as a front end, like that Windows PowerShell and Active Directory Administrative Center is used the Active Directory Web Services to access the directory service instances.
Offline domain join
Offline domain join makes to join a member server to the domain even the domain controller not reachable from the member server
And this can be very useful for bulk deployment, when the system starts, it will automatically joined to the domain, this will reduce the administrative effort
Managed Service Accounts
Normally applications and services uses the Local Service and Network Service and Local System accounts, it’s easy to configure and shared among multiple applications and services and cannot be managed on a domain level
You can use the domain account for the application (services), this can isolate the privileges for the application, but it’s very hard to manage these domain accounts like password management
We have two new types of accounts, Managed service accounts and virtual accounts in windows 2008, now you can easily manage the service principal names (SPNs), it will provide Automatic password management
Active Directory Management Pack
You can monitor the Active Directory service on windows 2008 using the Active Directory Management Pack (MOM, SCOM)
Designed specifically to monitor the performance and availability of Active Directory Domain Services (AD DS), also monitors the overall health of AD DS and alerts you to critical performance issues.
First I will list the features of windows 2008 Active directory and will discuss in detail of each in my upcoming article
Auditing
Now you can know the previous and present values for the changed attributes of the active directory object using the new auditing feature in windows 2008, as per the windows 2003 auditing you will only know the present values of the changed attribute
This is very useful features in windows 2008 since you can revert back the changes using the previous value of the attribute
Fine-Grained Passwords
By default in windows 2003 all the user account in the domain should use the same password policy configured in domain level, thats why we called domain is a security boundary, if you require a different password policy then you have to create new domain
In windows 2008 password policy can be configured for specific group of peoples with in the domain
Read-Only Domain Controller
Every one know about the BDC (backup domain controller) and it’s a same as the BDC but it only take the advantages from the BDC and it’s specifically designed for the today’s requirements like branch office setup and to managing the branch office
We all know how difficult to design and manage the domain controller from the branch office, some time it lead to the lingering object, but using the Read-Only Domain Controller
In the branch office where the physical security of the domain controller is in question, or domain controllers that host additional roles, requiring other users to log on and maintain the server
In any Active Directory environment if one Domain Controller not replicated with the partner Domain Controller more then one month, then it’s a very critical issue you have to rectify the replication problem as soon as possible or the Domain Controller needs to be decommissioned with in the tombstone lifetime, since its read-only domain controller no worries about the tombstone time.
Restartable Active Directory Domain Services
Hey good new, now no need to restart the domain controller for every time for the active directory maintenance.
In windows 2008 active directory is a services, you can stop or restart the services for maintenance without restarting the domain controller and restarting it in Directory Services Restore Mode is not required for most maintenance functions, however still some maintenance function require Directory Services Restore Mode
Database Mounting Tool
Active Directory Database mounting tool in Windows Server 2008 to create and view snapshots of data that is stored in Active Directory Domain Services, and no need to restart the domain controller. A snapshot is a shadow copy created by the Volume Shadow Copy Service, at different times so that you can better choose which data to restore after object deletion. This reduces the administrator time and no need to restore multiple backups to compare the Active Directory data.
Active Directory Database mounting tool can be called Snapshot Viewer, Snapshot Browser, and Active Directory data mining tool.
Active Directory Recycle Bin
You can restore the accidentally deleted Active Directory object, without Active Directory authoritative restore, this can be used for single object restore like a accidental deletion of user or OU and you can reduce the domain controller downtime
Active Directory module for Windows PowerShell
PowerShell available on windows 2003 itself, however it’s not fully supported for Active Directory, you can’t manage the Active Directive using the PowerShell in windows 2003
In windows 2008 Windows PowerShell provides command-line scripting for administrative, configuration, and diagnostic tasks
You can manage the Active Directory with Exchange Server, Group Policy, and other services and it’s very easy to use like a windows commands, you can easily pipe cmdlets to build complex operations
Active Directory Administrative Center
It’s new tool in windows 2008 R2 to manage active directory, we already have active directory users and computer to manage the active directory, using this new tool you can manage active directory in a new way
As an administrator you perform most of the task commonly that is daily, some how it’s hard to open an active directory user and computer and find the object and do the task, in this new tool Active Directory Administrative Center it’s very easy to do a common task like password reset and search the Active Directory object and others
Active Directory Best Practices Analyzer
This can be helped to identify and implement the best practices in the configuration of your active directory environment, this will scan your network and find the best practice violations,
Then you can correct that, to get the best out of Active Directory services in windows 2008.
Active Directory Web Services
Active Directory Web Services is give you the Web service interface to Active Directory domains and AD LDS instances (Active Directory Lightweight Directory Services)
Active Directory Database Mounting Tool uses the Active Directory Web Services as a front end, like that Windows PowerShell and Active Directory Administrative Center is used the Active Directory Web Services to access the directory service instances.
Offline domain join
Offline domain join makes to join a member server to the domain even the domain controller not reachable from the member server
And this can be very useful for bulk deployment, when the system starts, it will automatically joined to the domain, this will reduce the administrative effort
Managed Service Accounts
Normally applications and services uses the Local Service and Network Service and Local System accounts, it’s easy to configure and shared among multiple applications and services and cannot be managed on a domain level
You can use the domain account for the application (services), this can isolate the privileges for the application, but it’s very hard to manage these domain accounts like password management
We have two new types of accounts, Managed service accounts and virtual accounts in windows 2008, now you can easily manage the service principal names (SPNs), it will provide Automatic password management
Active Directory Management Pack
You can monitor the Active Directory service on windows 2008 using the Active Directory Management Pack (MOM, SCOM)
Designed specifically to monitor the performance and availability of Active Directory Domain Services (AD DS), also monitors the overall health of AD DS and alerts you to critical performance issues.
No comments:
Post a Comment