Active Directory Features in Windows Server 2012

By | March 3, 2013

Active Directory 2012 features on Windows Server 2012 and R2: I am going to discuss about Windows Server 2012 Active Directory feature, as per my understanding newer version has not have many new features however Microsoft has improved the features of Active Directory 2008 in Active Directory 2012 List of improvement compare to the earlier version Active Directory 2008, also check Difference between windows server 2012 and R2

Active Directory 2012 features


Virtualization and cloud computing is the emerging technology in an IT infrastructure over the past few year, I personally never thought of having virtual Active directory environment, if you are restoring AD database from snapshot image it won’t reset the Invocation ID it will lead to database version mismatch with other Domain controllers and stop replicationSupport virtual snapshot, Active Directory 2012 Virtualization feature correctly resets the Invocation ID if snapshot is applied or a VM copied using the VM generation ID

Support virtual clone, we can clone existing virtual domain controllers without any issue and this will reduces the number of steps and time involved by eliminating repetitive deployment tasks

Simplifies Active Directory Upgrades and Deployments

Dcpromo not available in Active Directory 2012! Yes Active Directory Domain Services Installation Wizard is relocated in Server Manager is replaced the Dcpromo command

Forest preparation and domain preparation happens automatically (Forestprep and ADprep) while doing Server 2012 DC installation, still if you wish you can do manually using commands Adprep, /forestprep, /domainprep and /rodcprep

Seems to be a simple and easy procedure, of course you will require a good planning and in-depth understanding about the procedure while doing domain upgrade

Dynamic Access Control

Native access control require a user or a group needs to be add to file/folder NTFS permission to get an access, in windows 2012 claims-based authorization is it’s not replaced the existing model however if added new features to an existing system

If the user department is accounts in Active directory, user able to access the accounts related data’s from file servers using Dynamic Access Control feature

Customised audit policies

You can fine-tune the audit policies as per your requirement, not only monitor the file access success or failure but also what actions were carried out or attempted on the file, like read, write, delete, change file permissions and so on. You can narrow down the scope of the file auditing to specific users or groups of users, using configure the “Global Object Access Auditing” policy within a GPO

Event logs

If you enable auditing for multiple items and configuring the customised audit policies, then security logs will grow faster, by default the log will overwrite old events when it runs out of space, most organisations uses the third party application to backup the event logs and store it to centralized repository, in windows 2012 you can select the option “Archive the log when full, do not overwrite events” so you can examine the old logs and of course you require a enough disk space to store the logs

Offline Domain Join

Offline Domain Join is improved in Windows Server 2012 AD DS, over the internet we can join the computer to domain if the domain is DirectAccess enabled

Active Directory Federation Services (AD FS)

Adding ADFS no longer requires a separate installation. ADFS also gains multiple improvements.

Windows PowerShell

Windows PowerShell History Viewer: You will have a ready made command for what action you did in Active Directory Administrative Centre, like if you create a user or add user to group you have command to do the same, this can minimize the learning investment and you can automate the activity very easily

Windows PowerShell Cmdlets for Active Directory Replication and Topology: Am expecting this for a long time, yes we have a PowerShell commands for repadmin, ntdsutil and Active Directory Sites and Services, troubleshoot replication and Create and manage sites, site-links, site-link bridges, subnets and connections using new available Cmdlets

Active Directory Recycle Bin

We can recover deleted object with in graphical user interface through Active Directory Administrative Centr (ADAC), this will reduce the recovery time and simplified the complex procedure

Kerberos Constrained Delegation across Domains (KCD)

KCD was first introduced in Windows Server 2003 to permits a service’s account (front-end) to act on behalf of users in the applications to access back-end services, like web server (front-end) access the database server (back-end) by the user, this only works for back-end services in the same domain as the front-end service-accounts.

The KCD in Windows Server 2012 Supports across-domain, across-forest scenarios, it’s very demanding feature and reduce the pass through authentication load (if you have multi domain and multi forest this will be your future)

Flexible Authentication Secure Tunneling (FAST) 

More secure Kerberos in Windows Server 2012 through Flexible Authentication Secure tunneling, it provides a protected channel between a domain-joined client and DC

Active Directory-Based Activation (ADBA) 

This will eliminates the need for Key Management Service (KMS) servers, No additional machines required and No RPC requirement Active Directory-based activation uses LDAP exclusively

AD FS (v2.1) ships in-the-box as a server role in Windows Server 2012 and is able to populate SAML tokens with user- and device-claims taken directly from the Kerberos ticket

And RID improvements, index creation improvements and many more…..

More on Active Directory 2012 features, see Micrsoft page page

Share On Facebook
Share On Twitter
Share On Google Plus
Share On Linkedin

2 thoughts on “Active Directory Features in Windows Server 2012

Leave a Reply

Your email address will not be published. Required fields are marked *