Active Directory 2008 features

By | January 30, 2010

Whats new in windows 2008 Active Directory

As an Active Directory administrator very curies about the windows 2008 features compare to the earlier version like windows 2003, Windows 2008 comes with the whole bunch of features, and am going to discuss specific about the features of Active Directory server roles in Windows 2008

For Active Directory 2012 features

First I will list the features of windows 2008 Active directory and will discuss in detail of each in my upcoming article


Now you can know the previous and present values for the changed attributes of the active directory object using the new auditing feature in windows 2008, as per the windows 2003 auditing you will only know the present values of the changed attribute

This is very useful features in windows 2008 since you can revert back the changes using the previous value of the attribute

Fine-Grained Passwords

By default in windows 2003 all the user account in the domain should use the same password policy configured in domain level, thats why we called domain is a security boundary, if you require a different password policy then you have to create new domain

In windows 2008 password policy can be configured for specific group of peoples with in the domain

Read-Only Domain Controller

Every one know about the BDC (backup domain controller) and it’s a same as the BDC but it only take the advantages from the BDC and it’s specifically designed for the today’s requirements like branch office setup and to managing the branch office

We all know how difficult to design and manage the domain controller from the branch office, some time it lead to the lingering object, but using the Read-Only Domain Controller
In the branch office where the physical security of the domain controller is in question, or domain controllers that host additional roles, requiring other users to log on and maintain the server

In any Active Directory environment if one Domain Controller not replicated with the partner Domain Controller more then one month, then it’s a very critical issue you have to rectify the replication problem as soon as possible or the Domain Controller needs to be decommissioned with in the tombstone lifetime, since its read-only domain controller no worries about the tombstone time.

Restartable Active Directory Domain Services

Hey good new, now no need to restart the domain controller for every time for the active directory maintenance.

In windows 2008 active directory is a services, you can stop or restart the services for maintenance without restarting the domain controller and restarting it in Directory Services Restore Mode is not required for most maintenance functions, however still some maintenance function require Directory Services Restore Mode

Database Mounting Tool

Active Directory Database mounting tool in Windows Server 2008 to create and view snapshots of data that is stored in Active Directory Domain Services, and no need to restart the domain controller. A snapshot is a shadow copy created by the Volume Shadow Copy Service, at different times so that you can better choose which data to restore after object deletion. This reduces the administrator time and no need to restore multiple backups to compare the Active Directory data.

Active Directory Database mounting tool can be called Snapshot Viewer, Snapshot Browser, and Active Directory data mining tool.

Active Directory Recycle Bin

You can restore the accidentally deleted Active Directory object, without Active Directory authoritative restore, this can be used for single object restore like a accidental deletion of user or OU and you can reduce the domain controller downtime

Active Directory module for Windows PowerShell

PowerShell available on windows 2003 itself, however it’s not fully supported for Active Directory, you can’t manage the Active Directive using the PowerShell in windows 2003

In windows 2008 Windows PowerShell provides command-line scripting for administrative, configuration, and diagnostic tasks

You can manage the Active Directory with Exchange Server, Group Policy, and other services and it’s very easy to use like a windows commands, you can easily pipe cmdlets to build complex operations

Active Directory Administrative Center

It’s new tool in windows 2008 R2 to manage active directory, we already have active directory users and computer to manage the active directory, using this new tool you can manage active directory in a new way

As an administrator you perform most of the task commonly that is daily, some how it’s hard to open an active directory user and computer and find the object and do the task, in this new tool Active Directory Administrative Center it’s very easy to do a common task like password reset and search the Active Directory object and others

Active Directory Best Practices Analyzer

This can be helped to identify and implement the best practices in the configuration of your active directory environment, this will scan your network and find the best practice violations,
Then you can correct that, to get the best out of Active Directory services in windows 2008.

Active Directory Web Services

Active Directory Web Services is give you the Web service interface to Active Directory domains and AD LDS instances (Active Directory Lightweight Directory Services)

Active Directory Database Mounting Tool uses the Active Directory Web Services as a front end, like that Windows PowerShell and Active Directory Administrative Center is used the Active Directory Web Services to access the directory service instances.

Offline domain join

Offline domain join makes to join a member server to the domain even the domain controller not reachable from the member server

And this can be very useful for bulk deployment, when the system starts, it will automatically joined to the domain, this will reduce the administrative effort

Managed Service Accounts

Normally applications and services uses the Local Service and Network Service and Local System accounts, it’s easy to configure and shared among multiple applications and services and cannot be managed on a domain level

You can use the domain account for the application (services), this can isolate the privileges for the application, but it’s very hard to manage these domain accounts like password management

We have two new types of accounts, Managed service accounts and virtual accounts in windows 2008, now you can easily manage the service principal names (SPNs), it will provide Automatic password management

Active Directory Management Pack

You can monitor the Active Directory service on windows 2008 using the Active Directory Management Pack (MOM, SCOM)

Designed specifically to monitor the performance and availability of Active Directory Domain Services (AD DS), also monitors the overall health of AD DS and alerts you to critical performance issues.

Am sure you also amused about the features of windows 2008 and I would like to explain in details of each of this features in my up-coming article and your feedbacks are welcome

Related Articles

Active Directory 2012 features

Exchange 2010 Features

Difference between Windows Server 2008 and Windows Server 2008 R2

Windows 2008 DNS features

Leave a Reply

Your email address will not be published. Required fields are marked *