Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Discover what's new in Windows Server 2012 Active Directory

5,713 views

Published on

TechNet webcast by Paul Loonen. Session recording: http://technet.microsoft.com/en-us/video/active-directory-domain-services-in-windows-server-2012

Published in: Technology, Business
  • Be the first to comment

Discover what's new in Windows Server 2012 Active Directory

  1. 1. paul@wintalks.be©2009 Microsoft Corporation. All Rights Reserved.
  2. 2. Agenda©2009 Microsoft Corporation. All Rights Reserved.
  3. 3. Objectives©2009 Microsoft Corporation. All Rights Reserved.
  4. 4. High-Level Areas of Investment©2009 Microsoft Corporation. All Rights Reserved.
  5. 5. Our Broad Goals Virtualization That Just Works • All Active Directory features work equally well in physical, virtual or mixed environments Simplified Deployment of Active Directory • Complete integration of environment preparation, role installation and DC promotion into a single UI • DCs can be deployed rapidly to ease disaster recovery and workload balancing • DCs can be deployed remotely on multiple machines from a single Windows Server 2012 machine • Consistent command-line experience through Windows PowerShell enables automation of deployment tasks Simplified Management of Active Directory • GUI that simplifies complex tasks such as recovering a deleted object or managing password policies • Active Directory Windows PowerShell viewer shows the commands for actions performed in the GUI • Active Directory Windows PowerShell support for managing replication and topology data • Simplify delegation and management of service accounts©2009 Microsoft Corporation. All Rights Reserved.
  6. 6. New Features and Enhancements Miscellaneous Management Recycle Bin Dynamic Simplified Deployment User Interface Access Control Virtualization-Safe Active Directory PowerShell Active Directory Technology History Viewer User Interface Based Activation Fine-Grained Password Policy Rapid Deployment Kerberos Enhancements User Interface Active Directory Active Directory Replication & Group Managed Service Platform Changes Topology Cmdlets Accounts©2009 Microsoft Corporation. All Rights Reserved.
  7. 7. New Features and Enhancements Miscellaneous Simplified Deployment Virtualization-Safe Technology Rapid Deployment Active Directory Platform Changes©2009 Microsoft Corporation. All Rights Reserved.
  8. 8. Simplified Deployment©2009 Microsoft Corporation. All Rights Reserved.
  9. 9. Simplified Deployment©2009 Microsoft Corporation. All Rights Reserved.
  10. 10. Simplified Deployment: What Changed? … by integrating preparation and promotion Streamline the deployment process processes & automating pre-requisites in-between … by validating environment pre-requisites before Minimize odds of deployment failures deployment … by providing remote capabilities for both Minimize number of touch-points preparation and promotion processes … by aligning the configuration wizard to the most Optimize for common deployment paths common deployment scenarios Bring consistency with other Windows … by integrating the full deployment experience with Server roles deployment experiences Server Manager Gain UI-consistency by leveraging an … by providing a deployment & configuration wizard enhanced command-line experience that is built on top of Windows PowerShell©2009 Microsoft Corporation. All Rights Reserved.
  11. 11. Simplified Deployment©2009 Microsoft Corporation. All Rights Reserved.
  12. 12. Simplified Deployment ++ DC Promotion Retry Logic©2009 Microsoft Corporation. All Rights Reserved.
  13. 13. Simplified Deployment ++ Enhanced Install-from-media (IFM) options©2009 Microsoft Corporation. All Rights Reserved.
  14. 14. Simplified Deployment ++ AD FS V2.1 is in-the-box http://microsoft.com©2009 Microsoft Corporation. All Rights Reserved.
  15. 15. New Features and Enhancements Miscellaneous Simplified Deployment Virtualization-Safe Technology Rapid Deployment Active Directory Platform Changes©2009 Microsoft Corporation. All Rights Reserved.
  16. 16. Virtualization-Safe Technology©2009 Microsoft Corporation. All Rights Reserved.
  17. 17. Virtualization-Safe Technology©2009 Microsoft Corporation. All Rights Reserved.
  18. 18. How Domain Controllers are Impacted USN rollback NOT detected: only 50 users converge across the two DCs All others are either on one or the other DC 100 security principals (users in this example) with RIDs 500-599 have conflicting SIDs©2009 Microsoft Corporation. All Rights Reserved.
  19. 19. Virtualization-Safe Technology©2009 Microsoft Corporation. All Rights Reserved.
  20. 20. New Features and Enhancements Miscellaneous Simplified Deployment Virtualization-Safe Technology Rapid Deployment Active Directory Platform Changes©2009 Microsoft Corporation. All Rights Reserved.
  21. 21. Rapid Deployment©2009 Microsoft Corporation. All Rights Reserved.
  22. 22. Rapid Deployment: DC Cloning©2009 Microsoft Corporation. All Rights Reserved.
  23. 23. Rapid Deployment: Cloning Flow Clone VM Windows Server 2012 PDC©2009 Microsoft Corporation. All Rights Reserved.
  24. 24. Rapid Deployment: DC Cloning©2009 Microsoft Corporation. All Rights Reserved.
  25. 25. New Features and Enhancements Miscellaneous Simplified Deployment Virtualization-Safe Technology Rapid Deployment Active Directory Platform Changes©2009 Microsoft Corporation. All Rights Reserved.
  26. 26. Brief Terminology Level-Set©2009 Microsoft Corporation. All Rights Reserved.
  27. 27. RID Improvements©2009 Microsoft Corporation. All Rights Reserved.
  28. 28. RID Improvements©2009 Microsoft Corporation. All Rights Reserved.
  29. 29. RID Improvements http://support.microsoft.com/kb/2618669©2009 Microsoft Corporation. All Rights Reserved.
  30. 30. RID Improvements©2009 Microsoft Corporation. All Rights Reserved.
  31. 31. RID Improvements©2009 Microsoft Corporation. All Rights Reserved.
  32. 32. RID Improvements©2009 Microsoft Corporation. All Rights Reserved.
  33. 33. Deferred Index Creation©2009 Microsoft Corporation. All Rights Reserved.
  34. 34. Expose DNTs on rootDSE©2009 Microsoft Corporation. All Rights Reserved.
  35. 35. Off-Premises Domain Join©2009 Microsoft Corporation. All Rights Reserved.
  36. 36. Enhanced LDAP logging©2009 Microsoft Corporation. All Rights Reserved.
  37. 37. New LDAP Controls/Behaviors©2009 Microsoft Corporation. All Rights Reserved.
  38. 38. New Features and Enhancements Miscellaneous Management Recycle Bin Dynamic Simplified Deployment User Interface Access Control Virtualization-Safe Active Directory PowerShell Active Directory Technology History Viewer User Interface Based Activation Fine-Grained Password Policy Rapid Deployment Kerberos Enhancements User Interface Active Directory Active Directory Replication & Group Managed Service Platform Changes Topology Cmdlets Accounts©2009 Microsoft Corporation. All Rights Reserved.
  39. 39. New Features and Enhancements Management Recycle Bin Dynamic User Interface Access Control Active Directory PowerShell Active Directory History Viewer User Interface Based Activation Fine-Grained Password Policy Kerberos Enhancements User Interface Active Directory Replication & Group Managed Service Topology Cmdlets Accounts©2009 Microsoft Corporation. All Rights Reserved.
  40. 40. Recycle Bin User Interface©2009 Microsoft Corporation. All Rights Reserved.
  41. 41. Recycle Bin User Interface©2009 Microsoft Corporation. All Rights Reserved.
  42. 42. Recycle Bin User Interface©2009 Microsoft Corporation. All Rights Reserved.
  43. 43. New Features and Enhancements Management Recycle Bin Dynamic User Interface Access Control Active Directory PowerShell Active Directory History Viewer User Interface Based Activation Fine-Grained Password Policy Kerberos Enhancements User Interface Active Directory Replication & Group Managed Service Topology Cmdlets Accounts©2009 Microsoft Corporation. All Rights Reserved.
  44. 44. Dynamic Access Control (DAC)©2009 Microsoft Corporation. All Rights Reserved.
  45. 45. Dynamic Access Control (DAC)©2009 Microsoft Corporation. All Rights Reserved.
  46. 46. Dynamic Access Control (DAC)©2009 Microsoft Corporation. All Rights Reserved.
  47. 47. Kerberos Claims (DAC) in AD FS©2009 Microsoft Corporation. All Rights Reserved.
  48. 48. Kerberos Claims (DAC) in AD FS©2009 Microsoft Corporation. All Rights Reserved.
  49. 49. New Features and Enhancements Management Recycle Bin Dynamic User Interface Access Control Active Directory PowerShell Active Directory History Viewer User Interface Based Activation Fine-Grained Password Policy Kerberos Enhancements User Interface Active Directory Replication & Group Managed Service Topology Cmdlets Accounts©2009 Microsoft Corporation. All Rights Reserved.
  50. 50. Active Directory-based Activation (AD BA)©2009 Microsoft Corporation. All Rights Reserved.
  51. 51. Active Directory-based Activation (AD BA)©2009 Microsoft Corporation. All Rights Reserved.
  52. 52. Active Directory-based Activation (AD BA)©2009 Microsoft Corporation. All Rights Reserved.
  53. 53. New Features and Enhancements Management Recycle Bin Dynamic User Interface Access Control Active Directory Windows Active Directory PowerShell History Viewer Based Activation Fine-Grained Password Policy Kerberos Enhancements User Interface Active Directory Replication & Group Managed Service Topology Cmdlets Accounts©2009 Microsoft Corporation. All Rights Reserved.
  54. 54. Active Directory Windows PowerShell History Viewer©2009 Microsoft Corporation. All Rights Reserved.
  55. 55. Active Directory Windows PowerShell History Viewer©2009 Microsoft Corporation. All Rights Reserved.
  56. 56. Active Directory Windows PowerShell History Viewer©2009 Microsoft Corporation. All Rights Reserved.
  57. 57. New Features and Enhancements Management Recycle Bin Dynamic User Interface Access Control Active Directory Windows Active Directory PowerShell History Viewer Based Activation Fine-Grained Password Policy Kerberos Enhancements User Interface Active Directory Replication & Group Managed Service Topology Cmdlets Accounts©2009 Microsoft Corporation. All Rights Reserved.
  58. 58. Fine-Grained Password Policy©2009 Microsoft Corporation. All Rights Reserved.
  59. 59. Fine-Grained Password Policy©2009 Microsoft Corporation. All Rights Reserved.
  60. 60. Fine-Grained Password Policy©2009 Microsoft Corporation. All Rights Reserved.
  61. 61. New Features and Enhancements Management Recycle Bin Dynamic User Interface Access Control Active Directory Windows Active Directory PowerShell History Viewer Based Activation Fine-Grained Password Policy Kerberos Enhancements User Interface Active Directory Replication & Group Managed Service Topology Cmdlets Accounts©2009 Microsoft Corporation. All Rights Reserved.
  62. 62. Flexible Authentication Secure Tunneling (FAST)©2009 Microsoft Corporation. All Rights Reserved.
  63. 63. Flexible Authentication Secure Tunneling (FAST)©2009 Microsoft Corporation. All Rights Reserved.
  64. 64. Flexible Authentication Secure Tunneling (FAST)©2009 Microsoft Corporation. All Rights Reserved.
  65. 65. Kerberos Constrained Delegation (KCD)©2009 Microsoft Corporation. All Rights Reserved.
  66. 66. Kerberos Constrained Delegation (KCD)©2009 Microsoft Corporation. All Rights Reserved.
  67. 67. Kerberos Constrained Delegation (KCD)©2009 Microsoft Corporation. All Rights Reserved.
  68. 68. New Features and Enhancements Management Recycle Bin Dynamic User Interface Access Control Active Directory Windows Active Directory PowerShell History Viewer Based Activation Fine-Grained Password Policy Kerberos Enhancements User Interface Active Directory Replication & Group Managed Service Topology Cmdlets Accounts©2009 Microsoft Corporation. All Rights Reserved.
  69. 69. Group Managed Service Accounts (gMSA)©2009 Microsoft Corporation. All Rights Reserved.
  70. 70. Group Managed Service Accounts (gMSA)©2009 Microsoft Corporation. All Rights Reserved.
  71. 71. Group Managed Service Accounts (gMSA)©2009 Microsoft Corporation. All Rights Reserved.
  72. 72. New Features and Enhancements Management Recycle Bin Dynamic User Interface Access Control Active Directory Windows Active Directory PowerShell History Viewer Based Activation Fine-Grained Password Policy Kerberos Enhancements User Interface Active Directory Replication & Group Managed Service Topology Cmdlets Accounts©2009 Microsoft Corporation. All Rights Reserved.
  73. 73. Active Directory Replication & Topology Cmdlets©2009 Microsoft Corporation. All Rights Reserved.
  74. 74. Active Directory Replication & Topology Cmdlets©2009 Microsoft Corporation. All Rights Reserved.
  75. 75. Active Directory Replication & Topology Cmdlets©2009 Microsoft Corporation. All Rights Reserved.
  76. 76. In Review Easier to Manage©2009 Microsoft Corporation. All Rights Reserved.
  77. 77. In Review Easier to Deploy©2009 Microsoft Corporation. All Rights Reserved.
  78. 78. Summary of Minimum Requirements With this deployed… ... these features become available • New Active Directory Administrative Center • Windows PowerShell History Viewer • Graphical Recycle Bin and FGPP management + First Windows Server 2012 domain-member • Richer authorization through DAC & FCI (or Windows 8 with RSAT installed) • Active Directory-based Activation • Requires Windows Server 2012 schema extensions • Active Directory Replication & Topology Cmdlets • AD FS (v2.1) • Simplified Deployment and Preparation • Dynamic Access Control policies and claims • Kerberos Claims in AD FS (v2.1) + First Windows Server 2012 DC • Cross-domain Kerberos Constrained Delegation • Group Managed Service Accounts • Virtualization-Safe for the Windows Server 2012 DC • requires Hypervisor support for VM-Gen-ID • Rapid virtual DC deployment through DC-cloning + Windows Server 2012 DC holds PDC FSMO role • requires Hypervisor support for VM-Gen-ID©2009 Microsoft Corporation. All Rights Reserved.
  79. 79. Call to Action http://technet.microsoft.com/en-us/evalcenter/hh670538.aspx https://www.microsoftvirtualacademy.com/ http://blogs.technet.com/b/windowsserver/©2009 Microsoft Corporation. All Rights Reserved.
  80. 80. Q&A©2009 Microsoft Corporation. All Rights Reserved.

×