With the release of new Microsoft Server operating systems, new features and functionality are often included. In the case of Active Directory Domain Services, there are a bunch of new features that should make directory management easier and more efficient. If you don’t have access to a licensed copy of Windows 2008 R2, you get a trial version of Windows Server 2008 R2 directly from Microsoft. Just visit their website to register and download the media. Keep in mind that you will need to raise the functional levels of your forest and domain(s) to take full advantage of the new features in Windows 2008 R2. This will require that you upgrade the DCs in your domain and/or forest to Windows 2008 R2 to “unlock” these features for the domain and/or forest respectively.
The following changes are available in Windows Server 2008 R2:
Active Directory Recycle Bin
Information technology professionals can use the Active Directory Recycle Bin to undo an accidental deletion of an Active Directory object. Accidental object deletion impacts the business and causes downtime. Deleted users cannot log on the network and access resources. Most accidental deletions in Active Directory affect user accounts.
Active Directory module for Windows PowerShell and Windows PowerShell cmdlets
The Active Directory module for Windows PowerShell provides command-line scripting for administrative, configuration, and diagnostic tasks, with a consistent syntax. It provides predictable discovery and flexible output formatting. You can easily pipe cmdlets to build complex operations. The Active Directory module enables end-to-end manageability.
Active Directory Administrative Center
The Active Directory Administrative Center has a task-oriented administration model, with support for larger datasets. The Active Directory Administrative Center can help increase productivity by providing a scalable, task-oriented user experience for managing AD DS. In the past, the lack of a task-oriented user interface (UI) could make certain activities, such as resetting user passwords, more difficult than they had to be. The Active Directory Administrative Center enumerates and organizes the activities that you perform when you manage a system. These activities may be maintenance tasks, such as backup; event-driven tasks, such as adding a user; or diagnostic tasks that you perform to correct system failures.
Active Directory Best Practices Analyzer
The Active Directory Best Practices Analyzer (BPA) identifies deviations from best practices to administrators better manage their Active Directory deployments. BPA uses Windows PowerShell cmdlets to gather run-time data. It analyzes Active Directory settings that can cause unexpected behavior. It then makes Active Directory configuration recommendations in the context of your deployment. The Active Directory BPA is available in Server Manager.
Active Directory Web Services
Active Directory Web Services (ADWS) provides a Web service interface to Active Directory domains and AD LDS instances, including snapshots, that are running on the same Windows Server 2008 R2 server as ADWS.
Authentication mechanism assurance
Authentication mechanism assurance makes it possible for applications to control resource access based on authentication strength and method. Administrators can map various properties, including authentication type and authentication strength, to an identity. Based on information that is obtained during authentication, these identities are added to Kerberos tickets for use by applications. This feature is enabled at the Windows Server 2008 R2 domain functional level.
Offline domain join
Offline domain join makes provisioning of computers easier in a datacenter. It provides the ability to pre-provision computer accounts in the domain to prepare operating system images for mass deployment. Computers are joined to the domain when they first start.
Managed Service Accounts
Managed Service Accounts provide simple management of service accounts. At the Windows Server 2008 R2 domain functional level, this feature provides better management of service principal names (SPNs). Managed Service Accounts help lower total cost of ownership (TCO) by reducing service outages (for manual password resets and related issues). You can run one Managed Service Account for each service that is running on a server, without any human intervention for password management.
Active Directory Management Pack
The Active Directory Management Pack enables proactive monitoring of availability and performance of AD DS. It discovers and detects computer and software states. The Active Directory Management Pack works with Windows Server 2008 and Windows Server 2008 R2 and Microsoft Systems Center Operations Manager 2007.
As you can see, there are many new features that can help administrators administer the Active Directory infrastructure for small, medium, and large organizations.
Recommended Books & Training Resources