What is Active Directory?
This article starts with an overview of the Active Directory and Active Directory Domain Services server role in Windows Server 2008. Thereafter, details on the new Active Directory Domain Services features are covered.
Active Directory is Microsoft’s Directory Server. It provides authentication and authorization mechanisms as well as a framework within which other related services can be deployed (AD Certificate Services, AD Federated Services, etc). It is an LDAP compliant database that contains objects.
The most commonly used objects are users, computers, and groups. These objects can be organized into organizational units (OUs) by any number of logical or business needs. Group Policy Objects (GPOs) can then be linked to OUs to centralize the settings for various users or computers across an organization.
Active Directory has changed significantly in Windows Server 2008. Windows Server 2008 includes a number of new features for the Active Directory Domain Services server role. The minimum and recommended system requirements for Active Directory Domain Services in Windows Server 2008 have also changed.
Active Directory Domain Services (AD DS) is Microsoft’s implementation of a directory service that provides centralized authentication and authorization services. AD DS in Windows Server 2008 provides a powerful directory service to centrally store and manage security principals, such as users, groups, and computers, and it offers centralized and secure access to network resources.
Active Directory Domain Services (AD DS) is one of the most important server roles in Windows Server 2008. It provides the basis for authentication and authorization for virtually all other server roles in Windows Server 2008 and is the foundation for Microsoft’s Identity and Access Solutions. Additionally, a number of enterprise products, including Exchange Server and Windows SharePoint Services, require Active Directory Domain Services (AD DS).
What’s New in Windows Server 2008 Active
Directory Domain Services
Active Directory Domain Services in Windows Server 2008 provides a number of enhancements over previous versions, including these:
- Auditing—AD DS auditing has been enhanced significantly in Windows Server 2008. The enhancements provide more granular auditing capabilities through four new auditing categories: Directory Services Access, Directory Services Changes, Directory Services Replication, and Detailed Directory Services Replication. Additionally, auditing now provides the capability to log old and new values of an attribute when a successful change is made to that attribute.
- Fine-Grained Password Policies—AD DS in Windows Server 2008 now provides the capability to create different password and account lockout policies for different sets of users in a domain. User and group password and account lockout policies are defined and applied via a Password Setting Object (PSO). A PSO has attributes for all the settings that can be defined in the Default Domain Policy, except Kerberos settings. PSOs can be applied to both users and groups.
- Read-Only Domain Controllers—AD DS in Windows Server 2008 introduces a new type of domain controller called a read-only domain controller (RODC). RODCs contain a read-only copy of the AD DS database.
- Restartable Active Directory Domain Services—AD DS in Windows Server 2008 can now be stopped and restarted through MMC snap-ins and the command line. The restartable AD DS service reduces the time required to perform certain maintenance and restore operations. Additionally, other services running on the server remain available to satisfy client requests while AD DS is stopped.
- AD DS Database Mounting Tool—AD DS in Windows Server 2008 comes with a AD DS database mounting tool, which provides a means to compare data as it exists in snapshots or backups taken at different times. The AD DS database mounting eliminates the need to restore multiple backups to compare the AD data that they contain and provides the capability to examine any change made to data stored in AD DS.
Welcome to Praveen's Blog 