Windows Server 2012 AD CS New Features

Windows Server 2012 CS allows customer to manage PKI infrastructure that's low cost while it's compatible with Windows clients. Functions that's included in AD CS are CA—Certificate Authority, Web Enrollment, Device Enrollment Service Certificate Enrollment Web Service and Certificate Enrollment Policy Web Service. Below are the list of new features:

    Powershell support for Active Directory Certificate Services.
    Server core support for Active Directory Certificate Services.
    Cert auto renewal support for non domain systems.
    Global domain name support
    Active Directory Certificate Service location based on Clients AD Site.

As we all know Microsoft is including Powershell support in all of their new products. In AD CS Server 2012, below commands are included for management of AD CS.

Install-AdcsCertificationAuthority           
Performs the configuration of the Certification Authority role service.

Install-AdcsEnrollmentPolicyWebService              
Performs the configuration of Certificate Enrollment Policy Web role service.

Install-AdcsEnrollmentWebService          
Performs the configuration of the Certificate Enrollment Web role service.

Install-AdcsNetworkDeviceEnrollmentService     
Performs the configuration of the Network Device Enrollment Service.

Install-AdcsOnlineResponder     
Performs the configuration of the Online Responder role service.

Install-AdcsWebEnrollment        
Performs the configuration of Certification Authority Web Enrollment role service.

Uninstall-AdcsCertificationAuthority      
Removes the configuration information for the Certification Authority (CA) role service.

Uninstall-AdcsEnrollmentPolicyWebService         
Removes the configuration information for Certificate Enrollment Policy Web role service.

Uninstall-AdcsEnrollmentWebService    
Removes the configuration information for Certificate Enrollment Web role service or individual instances of it.

Uninstall-AdcsNetworkDeviceEnrollmentService               
Removes the configuration information for the Network Device Enrollment role service.

Uninstall-AdcsOnlineResponder               
Removes the configuration information for the Online Responder role service.

Uninstall-AdcsWebEnrollment  
Removes the configuration information for the Certification Authority (CA) Web Enrollment role service.

Enrollment web service is not a new feature that was introduced in Server 2008 R2. For systems that are not part of the domain, they can easily request certificates by using enrollment web services. This feature is improved further in Windows server 2012 by allowing for full automation of this process by auto certificate renewal. This means windows admins do not need to manually newview certs for non domain systems.

In Windows Server 2012 and Windows 8 environments, AD CS can be configured to allow Windows 8 clients to discover closest AD CS server for client certificate requests. This means Windows 8 clients will discover a Windows Server 2012 CA that's in the same AD site.