The last part in this Windows Server 2012 series covers all the new Active Directory-related features: dcpromo no more, Active Directory Virtualization (Virtualization-safe), PowerShell History Viewer in ADAC, Active Directory-Based Activation (ADBA), Fine-Grained Password Policy, Active Directory Recycle Bin GUI, Active Directory Rights Management Services (AD RMS), Active Directory Federation Services (AD FS), and Active Directory Certificate Services (AD CS).
Avatar
Latest posts by Michael Pietroforte (see all)

Active Directory has mostly replaced other directory services in Windows shops because it is deeply integrated in Windows. Every new Windows version enhances Active Directory; however, it appears to me that, in Windows Server 2012, Microsoft added more new features than usual.

Good bye, dcpromo

Did you ever wonder why there is a special command line tool to install Active Directory? Someone at Microsoft wondered too and integrated this functionality into Server Manager (already available in Windows Server 2003), where it belongs. dcpromo has finally been deprecated in Windows Server 2012.

Windows Server 2012 - Install Active Directory without dcpromo

Windows Server 2012 - Install Active Directory without dcpromo

Active Directory Virtualization (Virtualization-safe)

Running Active Directory in a virtual machine is dangerous because, if a clueless admin reverts the VM to a snapshot, your Active Directory is in the so-called USN rollback condition, which is not really nice. The new Virtualization-safe feature in Windows Server 2012 is able to detect when snapshots are applied through an identifier called VM-Generation ID and protects Active Directory from unwanted changes. The hypervisor has to support this feature, however, which means that in the beginning only Hyper-V VMs will be able to use this new functionality until third-party virtualization vendors add this feature. This feature will also simplify the cloning of domain controllers.

PowerShell History Viewer in ADAC

Needless to mention, you can now manage every aspect of Active Directory with PowerShell. Automation admins will enjoy the PowerShell History Viewer in Active Directory Administrative Center (ADAC). Whenever you manually change something in Active Directory, the PowerShell History Viewer will tell how you could have automated your actions with PowerShell.

Windows Server 2012 - PowerShell History Viewer in ADAC

Windows Server 2012 - PowerShell History Viewer in ADAC

Volume Activation Services / Active Directory-Based Activation (ADBA)

The most popular Vista feature among admins was the introduction of the activation requirement of any Windows installation. Multiple Activation Key (MAK) and Key Management Services (KMS) were welcome new technologies that we could learn to master.Volume Activation Services can replace your KMS provided that all your machines run either Windows 8 or Windows Server 2012.

Windows Server 2012 - Volume Activation Services

Windows Server 2012 - Volume Activation Services

Active Directory Recycle Bin GUI

One Friday in September, 2009, I was searching for a Recycle Bin icon in Active Directory User and Computer Interface (ADUC). My search was unsuccessful. On a Thursday in June, 2012, Kyle Beckman told me that I searched in the wrong tool in the wrong Windows version, and I was three years too early. AD Recycle Bin can now be found in Active Directory Administrative Center (ADAC). I suppose it will take at least another three years until I can activate AD Recycle Bin in a GUI tool (Server Manager, perhaps?). For now, you can prove that you are a real automation geek and show off with a fancy PowerShell command to enable AD Recycle Bin.

Windows Server 2012 - Active Directory Recycle Bin

Windows Server 2012 - Active Directory Recycle Bin

Fine-Grained Password Policy

In Windows Server 2008, you need the somewhat clumsy ADSI Edit tool to configure Fine-Grained Password Policies. You can now use Active Directory Administrative Center (ADAC) after adding a navigation node with dsac.exe.

Windows Server 2012 -Fine-Grained Password Policy

Windows Server 2012 -Fine-Grained Password Policy

Active Directory Rights Management Services (AD RMS)

There are few changes regarding AD RMS deployment. Most interesting is the ability to deploy AD RMS to remote computers with Server Manager.

Active Directory Federation Services (AD FS)

Active Directory Federation Services (AD FS) is a Single Sign-On solution for services located across organizational boundaries. It is no longer required to download AD FS; you can install it with Server Manager. AD FS also supports the new Dynamic Access Control feature.

Active Directory Certificate Services (AD CS)

Active Directory Certificate Services (AD CS) are required for issuing and managing public key infrastructure (PKI) certificates. In previous Windows versions, you needed Windows Enterprise or Datacenter for some features. In Windows Server 2012, you can install AD CS on any edition, including Server Core. AD CS now supports automatic renewal of certificates for non-domain joined computers, enforcement of certificate renewal with the same key, and international domain names.

6 Comments
  1. Avatar
    Chris Wright (Cjwdev) 11 years ago

    Nice article, learnt about a few new things there 🙂 but I’m pretty sure you’ve been able to use the “Add Roles” GUI wizard to install AD instead of dcpromo for quite a long time, since Server 2003 if I remember rightly. Ironically in my Server 2012 RC VM I had to resort to using dcpromo to remove AD as I couldn’t find any other way to uninstall it using the GUI…

  2. Avatar

    Chris, you are right, the part about dcpromo was a bit misleading. I changed the article now. I guess in Server 2012 RTM there is a ways to uninstall AD with the GUI. If not, then maybe you have to use PowerShell, Microsoft’s favorite GUI depreciation method.

  3. Avatar
    Dharmesh 11 years ago

    Nice Comments

    I have learnt about some new things in AD 2012.

  4. Avatar

    Dharmesh, thanks!

  5. Avatar
    Sridhar 11 years ago

    Good Article for Windows 2012..

  6. Avatar
    manjunatha 9 years ago

    thanks for the artical on AD win 2012

Leave a reply

Please enclose code in pre tags: <pre></pre>

Your email address will not be published. Required fields are marked *

*

© 4sysops 2006 - 2023

CONTACT US

Please ask IT administration questions in the forums. Any other messages are welcome.

Sending

Log in with your credentials

or    

Forgot your details?

Create Account