5/21/2014 Active Directory features in Windows 2008 R2

http://aceraspire4520.blogspot.in/2011/06/active-directory-features-in-windows.html 1/5
Active Directory Domain Services (AD DS), formerly known as Active
Directory Directory Services, is the central location for configuration information,
authentication requests, and information about all of the objects that are stored
within your forest. Using Active Directory, you can efficiently manage users,
computers, groups, printers, applications, and other directory-enabled objects
from one secure, centralized location.
Auditing. Changes made to Active Directory objects can be recorded so
that you know what was changed on the object, as well as the previous and
current values for the changed attributes.
Fine-Grained Passwords. Password policies can be configured for distinct
groups within the domain. No longer does every account have to use the
same password policy within the domain.
Read-Only Domain Controller. A domain controller with a read-only
version of the Active Directory database can be deployed in environments
where the security of the domain controller cannot be guaranteed, such as
branch offices where the physical security of the domain controller is in
question, or domain controllers that host additional roles, requiring other
users to log on and maintain the server. The use of Read-Only Domain
Controllers (RODCs) prevents changes made at branch locations from
potentially polluting or corrupting your AD forest via replication. RODCs also
eliminate the need to use a staging site for branch office domain controllers,
or to send installation media and a domain administrator to the branch
location.
Restartable Active Directory Domain Services. Active Directory Domain
Services can be stopped and maintained. Rebooting the domain controller
and restarting it in Directory Services Restore Mode is not required for most
maintenance functions. Other services on the domain controller can
continue functioning while the directory service is offline.
Database Mounting Tool. A snapshot of the Active Directory database
can be mounted using this tool. This allows a domain administrator to view
the objects within the snapshot to determine the restore requirements when
necessary.
Your organizations intellectual property needs to be safe and highly secure.
Active Directory Rights Management Services, a component of Windows Server
2008, is available to help make sure that only those individuals who need to view
a file can do so. AD RMS can protect a file by identifying the rights that a user
has to the file. Rights can be configured to allow a user to open, modify, print,
forward, or take other actions with the rights-managed information. With AD
RMS, you can now safeguard data when it is distributed outside of your network.
Learn More
[http://www.microsoft.com/windowsserver2008/en/us/ad-main.aspx#]
Application Support. Support for AD RMS is already included within
Windows Vista. Internet Explorer 7 and the 2007 Microsoft Office system
already have support for AD RMS. The AD RMS client can also be installed
on other Windows operating systems.
Active Directory features in Windows 2008 R2
Active Directory Rights Management Services
5/21/2014 Active Directory features in Windows 2008 R2
http://aceraspire4520.blogspot.in/2011/06/active-directory-features-in-windows.html 2/5
Upgrade from windows
Office365 Administratio
How to Configur 2
Move Inetpub of IIS to a
Windows 8 Hyper v3 ver
Free Windows OS Patc
REFS Resilient File Sys
EG Innovations and SC
AVIcode Installation Gui
AVICode 5.7 Overvew, S
StockTrader 5.0 not det
BizTalk management p
Profile types and scope
Operations Manager 20
Jobs configured to run
Mapping a shared folde
Active Directory features
Persistent Protection. Your content can be protected on the go. You
specify who can open, modify, print, or manage the content, and the rights
stay with the contenteven after it has been transferred outside of your
organization.
Usage Policy Templates. If you have a common set of rights that you use
to control access to information, a Usage Policy Template can be created
and applied to content. This alleviates the need to recreate the usage rights
settings for every file you want to protect.
AD RMS Software Development Kit. The AD RMS Software Development
Kit (SDK) can be used by independent software vendors (ISVs) to rights-
enable their applications, meaning the application investments youve
already made may be (or will become) compatible with AD RMS.
Active Directory Federation Services is a highly secure, highly extensible, and
Internet-scalable identity access solution that allows organizations to
authenticate users from partner organizations. Using AD FS in Windows Server
2008, you can simply and very securely grant external users access to your
organizations domain resources. AD FS can also simplify integration between
untrusted resources and domain resources within your own organization.
Learn More
[http://www.microsoft.com/windowsserver2008/en/us/ad-main.aspx#]
Availability As an Integrated Server Role. AD FS is a server role within
Windows Server 2008 that can be easily deployed and managed using
Server Manager, instead of handled as an added feature, as in Windows
Server 2003 R2.
Integration with Microsoft Office SharePoint Server 2007. AD FS can
be used to facilitate a single sign-on solution for Office SharePoint Server
2007.
Integration with Active Directory Rights ManagementServices (AD
RMS). AD FS can integrate with AD RMS to support the sharing of rights-
protected content between organizations without requiring AD RMS to be
deployed in both organizations.
Improved Administration. Importing and exporting trust information has
been enhanced so that each organization can quickly export or import XML
files to facilitate the configuration of trust information.
Most organizations use certificates to prove the identity of users or computers,
as well as to encrypt data during transmission across unsecured network
connections. Active Directory Certificate Services (AD CS) enhances security by
binding the identity of a person, device, or service to their own private key.
Storing the certificate and private key within Active Directory helps securely
protect the identity, and Active Directory becomes the centralized location for
retrieving the appropriate information when an application places a request.
Learn More
[http://www.microsoft.com/windowsserver2008/en/us/ad-main.aspx#]
Enrollment Agent Templates. Delegated enrollment agents can be
assigned on a per-template basis.
Integrated Simple Certificate Enrollment Protocol (SCEP). Certificates
can be issued to network devices, such as routers.
Active Directory Federation Services
Active Directory Certificate Services
Classic Flipcard Magazine Mosaic Sidebar Snapshot Timeslide
My Technical Tid Bits
search
5/21/2014 Active Directory features in Windows 2008 R2
http://aceraspire4520.blogspot.in/2011/06/active-directory-features-in-windows.html 3/5
Citrix India Support - Te
Free Antivirus Do 1
Implementing an 1
Interview Questions for
Running Windows 7 in
SharePoint Foundation,
Working with ZFS Snap
Windows 7
Microsoft Security Intelli
Acer 4730Z Laptop
Download Antivir 1
Review of this product
Install Windows 1
From Where to Buy
The Specification
Online Responder. Certificate Revocation List (CRL) entries can be
returned to the requestor as a single certificate response instead of the
entire CRL. This reduces the total amount of network traffic consumed when
clients validate certificates.
Enterprise PKI (PKI View). A new management tool for AD CS, this tool
allows a Certificate Services administrator to manage Certification Authority
(CA) hierarchies to determine the overall health of the CAs and to easily
troubleshoot errors.
Active Directory Lightweight Directory Service (AD LDS), formerly known as
Active Directory Application Mode, can be used to provide directory services for
directory-enabled applications. Instead of using your organizations AD DS
database to store the directory-enabled application data, AD LDS can be used
to store the data. AD LDS can be used in conjunction with AD DS so that you
can have a central location for security accounts (AD DS) and another location
to support the application configuration and directory data (AD LDS). Using AD
LDS, you can reduce the overhead associated with Active Directory replication,
you do not have to extend the Active Directory schema to support the
application, and you can partition the directory structure so that the AD LDS
service is only deployed to the servers that need to support the directory-
enabled application.
Learn More
[http://www.microsoft.com/windowsserver2008/en/us/ad-main.aspx#]
Install from Media Generation. The ability to create installation media for
AD LDS by using Ntdsutil.exe or Dsdbutil.exe.
Auditing. Auditing of changed values within the directory service.
Database Mounting Tool. Gives you the ability to view data within
snapshots of the database files.
Active Directory Sites and Services Support. Gives you the ability to
use Active Directory Sites and Services to manage the replication of the AD
LDS data changes.
Dynamic List of LDIF files. With this feature, you can associate custom
LDIF files with the existing default LDIF files used for setup of AD LDS on a
server.
Recursive Linked-Attribute Queries. LDAP queries can follow nested
attribute links to determine additional attribute properties, such as group
memberships.
The Active Directory Installation Wizard includes several improvements over
earlier versions. These improvements make it easier for an administrator to
control the installation of domain controllers within the domain. Enhancements
include:
New Forest Functional Level. Windows Server 2008 R2 includes a new
Active Directory forest functional level. Many of the new features in the
Active Directory server roles require the Active Directory forest to be
configured with this new functional level.
Enhanced Command Line and Automated Management. Windows
PowerShell cmdlets provide the ability to fully manage Active Directory
server roles.
Active Directory Lightweight Directory Services
Additional Active Directory Improvements
5/21/2014 Active Directory features in Windows 2008 R2
http://aceraspire4520.blogspot.in/2011/06/active-directory-features-in-windows.html 4/5
Improved Automated Monitoring and Notification. An updated System
Center Manager 2007 Management Pack helps improve the monitoring and
management of Active Directory server roles.
Better Management with Server Manager. Server Manager, the
Windows Server 2008 R2 server management tool, allows an administrator
to pre-stage domain controllers. When the domain controller role is added
from the Server Manager console, the files that are needed to perform the
installation of the directory service are copied to the server. When an
administrator starts the Installation Wizard, dcpromo.exe, the files are
already cached and available.
Improved Compliance with Established Standards and Best
Practices. Windows Server 2008 R2 includes an integrated Best Practices
Analyzer for each of the server roles. The Best Practices Analyzer creates a
checklist within Server Manager for the role, which you can use to help
perform all the configuration tasks.
Answer File Creation. If several domain controllers use the same settings
when they are installed, the Summary page allows you to export the settings
from the current installation into an answer file. The password used for your
Directory Services Restore Mode administrator account is not exported with
the answer file, and you can specify that the user who is installing the
domain controller is always prompted for the administrator password. This
way, passwords are not accessible to users who have access to the location
where the answer files are stored.
Read-Only Domain Controller Installation The Read-Only Domain
Controller role can be installed using the Installation Wizard. When installing
a Read-Only Domain Controller, you can define who is allowed to install and
manage the domain controller. In the first phase of the installation, a domain
administrator can define the account that can install the Read-Only Domain
Controller. Once defined, the user that is associated with the Read-Only
Domain Controller will have the rights to install the directory service.
The video is available Here [https://skydrive.live.com/?
wa=wsignin1.0&cid=3fe361d5d156add9#%21/?
cid=3fe361d5d156add9&sc=documents&uc=1&id=3FE361D5D156AD
D9%21242%21cid=3FE361D5D156ADD9&id=3FE361D5D156ADD9
%21242]
Posted 23rd June 2011 by Chandan Patralekh
Labels: ADDS in Windows 2008 R2, Windows 2008 R2 features

Enter your comment...
Comment as:
Google Account
Publish

Preview
0
Add a comment
5/21/2014 Active Directory features in Windows 2008 R2
http://aceraspire4520.blogspot.in/2011/06/active-directory-features-in-windows.html 5/5
Cognizant Hiring June'14
timesjobs.com/Cognizant-Jobs-Urgent
562+ New Jobs For Exp: 5-15 Years Apply Now & get Multiple Interviews