Active Directory-muutokset Windows Server 2008:ssa

Olennaiset uudet ominaisuudet:

AD DS: Restartable Active Directory Domain Services

Windows Server 2008 introduces new capabilities to start or stop directory services running on a domain controller without having to shut it down, allowing administrators to perform maintenance (offline defragmentation, security updates, etc.) or recovery on the AD database without having to reboot into Directory Services Restore Mode.

http://technet2.microsoft.com/windowsserver2008/en/library/caa05f49-210f-4f4c-b33f-c8ad50a687101033.mspx

AD DS: Fine-Grained Password Policies

One very significant change with Windows Server 2008 AD DS is the ability to implement granular password polices in a single domain.  Fine-grained password polices always take precedence over domain password policy and they can be applied to groups or users.  For fine-grained password polices to be implemented, all DCs must be running Windows Server 2008 and the domain must be in Windows Server 2008 functional level.

http://technet2.microsoft.com/windowsserver2008/en/library/2199dcf7-68fd-4315-87cc-ade35f8978ea1033.mspx

AD DS: Auditing

In Windows 2000 Server and Windows Server 2003, Active Directory audit logs can show you who made changes to what object attributes, but the events do not display the old and new values.  In Windows Server 2008 you can now set up AD DS auditing with a new audit subcategory (Directory Service Changes) to log old and new values when changes are made to objects and their attributes.

http://technet2.microsoft.com/windowsserver2008/en/library/a9c25483-89e2-4202-881c-ea8e02b4b2a51033.mspx

AD DS: Read-Only Domain Controllers (RODC)

Windows Server 2008 includes the ability to deploy domain controllers that host read-only partitions of the Active Directory Domain Services (AD DS) database.  To deploy an RODC, at least one writable domain controller in the domain must be running Windows Server 2008.  In addition, the functional level for the domain and forest must be Windows Server 2003 or higher.

http://technet2.microsoft.com/windowsserver2008/en/library/ea8d253e-0646-490c-93d3-b78c5e1d9db71033.mspx

AD DS: Database Mounting Tool (Dsamain.exe)

The Active Directory Database Mounting Tool (Dsamain.exe) is a command line tool that allows administrators to view snapshots of data within an AD DS database (it can also be used with AD Lightweight Directory Services databases).  The tool can improve recovery processes for your organization, by providing means to compare data as it exists in snapshots or backups that are taken at different times, so that you can better decide which data to restore after data loss.  This eliminates the need to restore multiple backups to compare the Active Directory data that they contain.

http://technet2.microsoft.com/windowsserver2008/en/library/4503d762-0adf-494f-a08b-cf502ecb76021033.mspx

Lähde: http://blogs.technet.com/kimcarey/archive/2008/06/20/active-directory-domain-services-in-windows-server-2008.aspx

Advertisements
Explore posts in the same categories: Windows Server 2008

Vastaa

Täytä tietosi alle tai klikkaa kuvaketta kirjautuaksesi sisään:

WordPress.com-logo

Olet kommentoimassa WordPress.com -tilin nimissä. Log Out / Muuta )

Twitter-kuva

Olet kommentoimassa Twitter -tilin nimissä. Log Out / Muuta )

Facebook-kuva

Olet kommentoimassa Facebook -tilin nimissä. Log Out / Muuta )

Google+ photo

Olet kommentoimassa Google+ -tilin nimissä. Log Out / Muuta )

Muodostetaan yhteyttä palveluun %s


%d bloggers like this: