Virtualization
Virtualization and cloud computing is the emerging technology in an IT infrastructure over the past few year, I personally never thought of having virtual Active directory environment, if you are restoring AD database from snapshot image it won't reset the Invocation ID it will lead to database version mismatch with other Domain controllers and stop replication
Support virtual snapshot, Active Directory 2012 Virtualization feature correctly resets the Invocation ID if snapshot is applied or a VM copied using the VM generation ID
Support virtual clone, we can clone existing virtual domain controllers without any issue and this will reduces the number of steps and time involved by eliminating repetitive deployment tasks
Simplifies Active Directory Upgrades and Deployments
Dcpromo not available in Active Directory 2012! Yes Active Directory Domain Services Installation Wizard is relocated in Server Manager is replaced the Dcpromo command
Forest preparation and domain preparation happens automatically (Forestprep and ADprep) while doing Server 2012 DC installation, still if you wish you can do manually using commands Adprep, /forestprep, /domainprep and /rodcprep
Seems to be a simple and easy procedure, of course you will require a good planning and in-depth understanding about the procedure while doing domain upgrade
Dynamic Access Control
Native access control require a user or a group needs to be add to file/folder NTFS permission to get an access, in windows 2012 claims-based authorization is it's not replaced the existing model however if added new features to an existing system
If the user department is accounts in Active directory, user able to access the accounts related data's from file servers using Dynamic Access Control feature
Customised audit policies
You can fine-tune the audit policies as per your requirement, not only monitor the file access success or failure but also what actions were carried out or attempted on the file, like read, write, delete, change file permissions and so on. You can narrow down the scope of the file auditing to specific users or groups of users, using configure the "Global Object Access Auditing" policy within a GPO
Event logs
If you enable auditing for multiple items and configuring the customised audit policies, then security logs will grow faster, by default the log will overwrite old events when it runs out of space, most organisations uses the third party application to backup the event logs and store it to centralized repository, in windows 2012 you can select the option "Archive the log when full, do not overwrite events" so you can examine the old logs and of course you require a enough disk space to store the logs
Offline Domain Join
Offline Domain Join is improved in Windows Server 2012 AD DS, over the internet we can join the computer to domain if the domain is DirectAccess enabled
Active Directory Federation Services (AD FS)
Adding ADFS no longer requires a separate installation. ADFS also gains multiple improvements.
Windows PowerShell
Windows PowerShell History Viewer: You will have a ready made command for what action you did in Active Directory Administrative Centre, like if you create a user or add user to group you have command to do the same, this can minimize the learning investment and you can automate the activity very easily
Windows PowerShell Cmdlets for Active Directory Replication and Topology: Am expecting this for a long time, yes we have a PowerShell commands for repadmin, ntdsutil and Active Directory Sites and Services, troubleshoot replication and Create and manage sites, site-links, site-link bridges, subnets and connections using new available Cmdlets
Active Directory Recycle Bin
We can recover deleted object with in graphical user interface through Active Directory Administrative Centr (ADAC), this will reduce the recovery time and simplified the complex procedure
Kerberos Constrained Delegation across Domains (KCD)
KCD was first introduced in Windows Server 2003 to permits a service's account (front-end) to act on behalf of users in the applications to access back-end services, like web server (front-end) access the database server (back-end) by the user, this only works for back-end services in the same domain as the front-end service-accounts.
The KCD in Windows Server 2012 Supports across-domain, across-forest scenarios, it's very demanding feature and reduce the pass through authentication load (if you have multi domain and multi forest this will be your future)
Flexible Authentication Secure Tunneling (FAST)
More secure Kerberos in Windows Server 2012 through Flexible Authentication Secure tunneling, it provides a protected channel between a domain-joined client and DC
Active Directory-Based Activation (ADBA)
This will eliminates the need for Key Management Service (KMS) servers, No additional machines required and No RPC requirement Active Directory-based activation uses LDAP exclusively
AD FS (v2.1) ships in-the-box as a server role in Windows Server 2012 and is able to populate SAML tokens with user- and device-claims taken directly from the Kerberos ticket
No comments:
Post a Comment