As you’ve likely heard already, Windows Server 2008 R2 was released to manufacturing
in July. A trial
version is now available for download. Windows Server 2008 R2 introduces a number of
new features. In this article, we will provide an overview of the new Active Directory
Domain Services features in Windows Server 2008 R2.
1. Active Directory Administrative Center
Windows Server 2008 R2 includes an enhanced Active Directory data management
experience through the new Active Directory Administrative Center. The Active Directory
Administrative Center, which is built on Windows PowerShell, uses a task-based
administration model for managing users, groups, computers, organizational units and
The key new features that the Active Directory Administrative Center provides are:
- A customizable overview page that includes tiles featuring frequently performed
- The ability to manage Active Directory objects across multiple domains
- A more flexible navigation pane, which can be browsed using the tree view or the
new list view
- A breadcrumb bar you can use to navigate directly to the container you want to
- A redesigned object property page, which can be customized to your liking
- The ability to perform query-building searches
2. Active Directory Module for Windows PowerShell
The Active Directory Module for Windows PowerShell, included in Windows Server 2008
R2, facilitates Active Directory administrative through Windows PowerShell. The Active
Directory Module for Windows PowerShell is a collection of more than 75 Windows
PowerShell cmdlets you can use to manage Active Directory Domain Services domains, Active
Directory Lightweight Directory Services instances, and Active Directory Database
Mounting Tool instances.
3. Active Directory Recycle Bin
Windows Server 2008 R2 provides the ability to undo accidental deletions of Active
Directory objects through the new Active Directory Recycle Bin. The Active Directory
Recycle Bin, which requires a forest functional level of Windows Server 2008 R2, must be
The Active Directory object life cycle is changed after the Active Directory Recycle
Bin feature is enabled. One of the major differences is what happens when an object is
deleted. In short, all of the object’s link-valued and non-link-valued attributes are
preserved, and the object is placed into a “logically deleted” state for a period of
time. While an object is in this logically deleted state, it can be recovered using the
Active Directory Recycle Bin feature.
4. Active Directory Best Practices Analyzer
Windows Server 2008 R2 includes a new Active Directory Best Practices Analyzer, which
can be run using Server Manager and Windows PowerShell. The Active Directory Best
Practices Analyzer can be used to scan one or more servers against a set of predefined
best practices. Active Directory Best Practices Analyzer will report back whether each
server is compliant or noncompliant with each best practice.
The Active Directory Best Practices Analyzer is installed automatically when the
Active Directory Domain Services server role is installed. The Active Directory Best
Practices Analyzer can be used to collect Active Directory Domain Services configuration
information from Windows 2000, Windows Server 2003, Windows Server 2008, and Windows
Server 2008 R2 domain controllers.
5. Active Directory Web Services
Windows Server 2008 R2 includes a new Windows service called Active Directory Web
Services. Active Directory Web Services provides a web services interface to Active
Directory Domain Services domains, Active Directory Lightweight Directory Services
instances, and Active Directory Mounting Tool instances running on the same Windows
Server 2008 R2 server as Active Directory Web Services.
Active Directory Web Services is automatically installed when the Active Directory
Domain Services or Active Directory Lightweight Directory services are installed on a
Windows Server 2008 R2 server. Active Directory Web Services is a prerequisite for a
number of new client applications, such as the Active Directory Administrative Center and
the Active Directory module for Windows PowerShell. If the Active Directory Web Services
Windows service is stopped or disabled, these client applications will not be able to
communicate with Active Directory.
6. Managed Service Accounts
Managed service accounts in Windows Server 2008 R2 facilitate the management of Active
Directory Domain Services accounts. To leverage managed service accounts, you must
prepare your current Active Directory schema for Windows Server 2008 R2. In addition, the
functionality for managed service accounts varies depending on the operating system on
your domain controllers.
If your domain controllers are running Windows Server 2008 R2, then you can use
managed service accounts for both automatic password management and SPN management. If
your domain controllers are running Windows Server 2008 or Windows Server 2003, then
managed service accounts can be used for automatic password management but not for SPN
7. Offline Domain Join
Windows Server 2008 R2 includes a new process, called offline domain join, which
allows you to join Windows 7 and Windows Server 2008 R2 computers to an Active Directory
Domain Services domain without network connectivity.
With the new offline domain join feature, computers can be joined to the domain
without contacting a domain controller over the network. Offline domain join reduces the
time and effort required to complete a large-scale computer deployments.
John Policelli (Microsoft MVP for Directory Services, MCTS, MCSA, ITSM, iNet+,
Network+, and A+) is a solutions-focused IT consultant with over a decade of combined
success in architecture, security, strategic planning, and disaster recovery planning.
John has designed and implemented dozens of complex directory service, e-Messaging, web,
networking, and security enterprise solutions. John is the author of Active Directory
Domain Services 2008 How-To (Sams Publishing) and maintains a blog at http://policelli.com/blog.
Article courtesy of Enterprise IT Planet