The last part in this Windows Server 2012 series covers all the new Active Directory-related features: dcpromo no more, Active Directory Virtualization (Virtualization-safe), PowerShell History Viewer in ADAC, Active Directory-Based Activation (ADBA), Fine-Grained Password Policy, Active Directory Recycle Bin GUI, Active Directory Rights Management Services (AD RMS), Active Directory Federation Services (AD FS), and Active Directory Certificate Services (AD CS).
Active Directory has mostly replaced other directory services in Windows shops because it is deeply integrated in Windows. Every new Windows version enhances Active Directory; however, it appears to me that, in Windows Server 2012, Microsoft added more new features than usual.
Good bye, dcpromo
Did you ever wonder why there is a special command line tool to install Active Directory? Someone at Microsoft wondered too and integrated this functionality into Server Manager (already available in Windows Server 2003), where it belongs. dcpromo has finally been deprecated in Windows Server 2012.
Windows Server 2012 – Install Active Directory without dcpromo
Active Directory Virtualization (Virtualization-safe)
Running Active Directory in a virtual machine is dangerous because, if a clueless admin reverts the VM to a snapshot, your Active Directory is in the so-called USN rollback condition, which is not really nice. The new Virtualization-safe feature in Windows Server 2012 is able to detect when snapshots are applied through an identifier called VM-Generation ID and protects Active Directory from unwanted changes. The hypervisor has to support this feature, however, which means that in the beginning only Hyper-V VMs will be able to use this new functionality until third-party virtualization vendors add this feature. This feature will also simplify the cloning of domain controllers.
PowerShell History Viewer in ADAC
Needless to mention, you can now manage every aspect of Active Directory with PowerShell. Automation admins will enjoy the PowerShell History Viewer in Active Directory Administrative Center (ADAC). Whenever you manually change something in Active Directory, the PowerShell History Viewer will tell how you could have automated your actions with PowerShell.
Windows Server 2012 – PowerShell History Viewer in ADAC
Volume Activation Services / Active Directory-Based Activation (ADBA)
The most popular Vista feature among admins was the introduction of the activation requirement of any Windows installation. Multiple Activation Key (MAK) and Key Management Services (KMS) were welcome new technologies that we could learn to master.Volume Activation Services can replace your KMS provided that all your machines run either Windows 8 or Windows Server 2012.
Windows Server 2012 – Volume Activation Services
Active Directory Recycle Bin GUI
One Friday in September, 2009, I was searching for a Recycle Bin icon in Active Directory User and Computer Interface (ADUC). My search was unsuccessful. On a Thursday in June, 2012, Kyle Beckman told me that I searched in the wrong tool in the wrong Windows version, and I was three years too early. AD Recycle Bin can now be found in Active Directory Administrative Center (ADAC). I suppose it will take at least another three years until I can activate AD Recycle Bin in a GUI tool (Server Manager, perhaps?). For now, you can prove that you are a real automation geek and show off with a fancy PowerShell command to enable AD Recycle Bin.
Windows Server 2012 – Active Directory Recycle Bin
Fine-Grained Password Policy
In Windows Server 2008, you need the somewhat clumsy ADSI Edit tool to configure Fine-Grained Password Policies. You can now use Active Directory Administrative Center (ADAC) after adding a navigation node with dsac.exe.
- Fine-Grained Password Policy
- Creating fine grained password policies through GUI Windows server 2012 “Server 8 beta”
Windows Server 2012 -Fine-Grained Password Policy
Active Directory Rights Management Services (AD RMS)
There are few changes regarding AD RMS deployment. Most interesting is the ability to deploy AD RMS to remote computers with Server Manager.
Active Directory Federation Services (AD FS)
Active Directory Federation Services (AD FS) is a Single Sign-On solution for services located across organizational boundaries. It is no longer required to download AD FS; you can install it with Server Manager. AD FS also supports the new Dynamic Access Control feature.
Active Directory Certificate Services (AD CS)
Active Directory Certificate Services (AD CS) are required for issuing and managing public key infrastructure (PKI) certificates. In previous Windows versions, you needed Windows Enterprise or Datacenter for some features. In Windows Server 2012, you can install AD CS on any edition, including Server Core. AD CS now supports automatic renewal of certificates for non-domain joined computers, enforcement of certificate renewal with the same key, and international domain names.