Seven Win Server '08 ActiveDirectory Features You Need to Know

From better administration to best practices analysis, Windows Server 2008 R2 packs a bevy of features that make life with ActiveDirectory easier to work with.

By John Policelli | Posted Oct 2, 2009
Page of   |  Back to Page 1
Print ArticleEmail Article
  • Share on Facebook
  • Share on Twitter
  • Share on LinkedIn

As you've likely heard already, Windows Server 2008 R2 was released to manufacturing in July. A trial version is now available for download. Windows Server 2008 R2 introduces a number of new features. In this article, we will provide an overview of the new Active Directory Domain Services features in Windows Server 2008 R2.

1. Active Directory Administrative Center

Windows Server 2008 R2 includes an enhanced Active Directory data management experience through the new Active Directory Administrative Center. The Active Directory Administrative Center, which is built on Windows PowerShell, uses a task-based administration model for managing users, groups, computers, organizational units and containers.

The key new features that the Active Directory Administrative Center provides are:

  • A customizable overview page that includes tiles featuring frequently performed administrative tasks
  • The ability to manage Active Directory objects across multiple domains
  • A more flexible navigation pane, which can be browsed using the tree view or the new list view
  • A breadcrumb bar you can use to navigate directly to the container you want to view
  • A redesigned object property page, which can be customized to your liking
  • The ability to perform query-building searches

2. Active Directory Module for Windows PowerShell

The Active Directory Module for Windows PowerShell, included in Windows Server 2008 R2, facilitates Active Directory administrative through Windows PowerShell. The Active Directory Module for Windows PowerShell is a collection of more than 75 Windows PowerShell cmdlets you can use to manage Active Directory Domain Services domains, Active Directory Lightweight Directory Services instances, and Active Directory Database Mounting Tool instances.

3. Active Directory Recycle Bin

Windows Server 2008 R2 provides the ability to undo accidental deletions of Active Directory objects through the new Active Directory Recycle Bin. The Active Directory Recycle Bin, which requires a forest functional level of Windows Server 2008 R2, must be enabled.

The Active Directory object life cycle is changed after the Active Directory Recycle Bin feature is enabled. One of the major differences is what happens when an object is deleted. In short, all of the object's link-valued and non-link-valued attributes are preserved, and the object is placed into a "logically deleted" state for a period of time. While an object is in this logically deleted state, it can be recovered using the Active Directory Recycle Bin feature.

4. Active Directory Best Practices Analyzer

Windows Server 2008 R2 includes a new Active Directory Best Practices Analyzer, which can be run using Server Manager and Windows PowerShell. The Active Directory Best Practices Analyzer can be used to scan one or more servers against a set of predefined best practices. Active Directory Best Practices Analyzer will report back whether each server is compliant or noncompliant with each best practice.

The Active Directory Best Practices Analyzer is installed automatically when the Active Directory Domain Services server role is installed. The Active Directory Best Practices Analyzer can be used to collect Active Directory Domain Services configuration information from Windows 2000, Windows Server 2003, Windows Server 2008, and Windows Server 2008 R2 domain controllers.

5. Active Directory Web Services

Windows Server 2008 R2 includes a new Windows service called Active Directory Web Services. Active Directory Web Services provides a web services interface to Active Directory Domain Services domains, Active Directory Lightweight Directory Services instances, and Active Directory Mounting Tool instances running on the same Windows Server 2008 R2 server as Active Directory Web Services.

Active Directory Web Services is automatically installed when the Active Directory Domain Services or Active Directory Lightweight Directory services are installed on a Windows Server 2008 R2 server. Active Directory Web Services is a prerequisite for a number of new client applications, such as the Active Directory Administrative Center and the Active Directory module for Windows PowerShell. If the Active Directory Web Services Windows service is stopped or disabled, these client applications will not be able to communicate with Active Directory.

6. Managed Service Accounts

Managed service accounts in Windows Server 2008 R2 facilitate the management of Active Directory Domain Services accounts. To leverage managed service accounts, you must prepare your current Active Directory schema for Windows Server 2008 R2. In addition, the functionality for managed service accounts varies depending on the operating system on your domain controllers.

If your domain controllers are running Windows Server 2008 R2, then you can use managed service accounts for both automatic password management and SPN management. If your domain controllers are running Windows Server 2008 or Windows Server 2003, then managed service accounts can be used for automatic password management but not for SPN management.

7. Offline Domain Join

Windows Server 2008 R2 includes a new process, called offline domain join, which allows you to join Windows 7 and Windows Server 2008 R2 computers to an Active Directory Domain Services domain without network connectivity.

With the new offline domain join feature, computers can be joined to the domain without contacting a domain controller over the network. Offline domain join reduces the time and effort required to complete a large-scale computer deployments.

John Policelli (Microsoft MVP for Directory Services, MCTS, MCSA, ITSM, iNet+, Network+, and A+) is a solutions-focused IT consultant with over a decade of combined success in architecture, security, strategic planning, and disaster recovery planning. John has designed and implemented dozens of complex directory service, e-Messaging, web, networking, and security enterprise solutions. John is the author of Active Directory Domain Services 2008 How-To (Sams Publishing) and maintains a blog at http://policelli.com/blog.

Article courtesy of Enterprise IT Planet

Comment and Contribute
(Maximum characters: 1200). You have
characters left.
Get the Latest Scoop with Enterprise Networking Planet Newsletter