Quick Guide: What's New in Windows Server 2012 Active Directory
- By Greg Shields
You can divide the "what's new" categories in Windows Server 2012 Active Directory into two roughly equal parts: brand new and merely improved. Either way, you're going to like what you see.
Pundits, bloggers and journalists alike will be diving into these details for months to come. Let's take a look at the new high-level features, starting with the brand-new functions:
GUI for Recycle Bin Microsoft introduced the Active Directory Recycle Bin in Windows Server 2008 R2, but it was limited by its Windows PowerShell-only exposure. This time it gets a GUI.
UI for Fine-Grained Password Policies Also gaining a GUI are fine-grained password policies.
Dynamic Access Control (DAC) Windows Server 2008 R2 brought the File Classification Infrastructure (FCI). This version's DAC adds far greater functionality to the (optional) second layer of FCI resource authorization.
Windows PowerShell History Viewer You see the Windows PowerShell commands that correspond to actions you perform in the Active Directory Administrative Center UI.
Windows PowerShell Cmdlets for Active Directory Replication and Topology More cmdlets -- enough said.
Active Directory-Based Activation (ADBA) The good: ADBA eliminates the need for a Key Management Service server. The bad: Only forthcoming Windows 8 computers can leverage ADBA. Seriously, Microsoft?
Flexible Authentication Secure Tunneling (FAST) The nickname for FAST is "Kerberos armoring," if that tells you anything. It isn't enabled by default and requires clients that support it. Think you'll be using it anytime soon?
Now let's move on to the merely improved bits:
Virtual Snapshot and Cloning Support Active Directory and hypervisor snapshots didn't mix before. Now they do, if your hypervisor supports VM Generation ID.
ADPREP Integrated into DC Promotion Can't recall the proper steps to promote a member server to a DC? No worries, it's in there.
Active Directory Federation Services (ADFS) Now In-Box Adding ADFS no longer requires a separate installation. ADFS also gains multiple improvements. Watch this space, because you'll be seeing and using more ADFS in the years to come.
Domain Join via DirectAccess One word: Nifty! Nine words: Computers can now be domain-joined over the Internet. You'll need DirectAccess first. Trust me: You'll want it.
Kerberos Constrained Delegation (KCD) Across Domains Another of those capabilities you've probably never used, but probably will in the future. KCD was first introduced in Windows Server 2003. Now it can span domains.
Group Managed Service Accounts (GMSAs) MSAs in Windows Server 2008 R2 made administering service accounts easier. GMSAs in this version extend their support to clustered and load-balanced services.
While individually these new features might not seem like a lot, as a group they're a good reason to step up your Active Directory to Windows Server 2012 as soon as you can.
Greg Shields is a senior partner and principal technologist with Concentrated Technology. He also serves as a contributing editor and columnist for TechNet Magazine and Redmond magazine, and is a highly sought-after and top-ranked speaker for live and recorded events. Greg can be found at numerous IT conferences such as TechEd, MMS and VMworld, among others, and has served as conference chair for 1105 Media’s TechMentor Conference since 2005. Greg has been a multiple recipient of both the Microsoft Most Valuable Professional and VMware vExpert award.