Olennaiset uudet ominaisuudet:
AD DS: Restartable Active Directory Domain Services
Windows Server 2008 introduces new capabilities to start or stop directory services running on a domain controller without having to shut it down, allowing administrators to perform maintenance (offline defragmentation, security updates, etc.) or recovery on the AD database without having to reboot into Directory Services Restore Mode.
http://technet2.microsoft.com/windowsserver2008/en/library/caa05f49-210f-4f4c-b33f-c8ad50a687101033.mspx
AD DS: Fine-Grained Password Policies
One very significant change with Windows Server 2008 AD DS is the ability to implement granular password polices in a single domain. Fine-grained password polices always take precedence over domain password policy and they can be applied to groups or users. For fine-grained password polices to be implemented, all DCs must be running Windows Server 2008 and the domain must be in Windows Server 2008 functional level.
http://technet2.microsoft.com/windowsserver2008/en/library/2199dcf7-68fd-4315-87cc-ade35f8978ea1033.mspx
AD DS: Auditing
In Windows 2000 Server and Windows Server 2003, Active Directory audit logs can show you who made changes to what object attributes, but the events do not display the old and new values. In Windows Server 2008 you can now set up AD DS auditing with a new audit subcategory (Directory Service Changes) to log old and new values when changes are made to objects and their attributes.
http://technet2.microsoft.com/windowsserver2008/en/library/a9c25483-89e2-4202-881c-ea8e02b4b2a51033.mspx
AD DS: Read-Only Domain Controllers (RODC)
Windows Server 2008 includes the ability to deploy domain controllers that host read-only partitions of the Active Directory Domain Services (AD DS) database. To deploy an RODC, at least one writable domain controller in the domain must be running Windows Server 2008. In addition, the functional level for the domain and forest must be Windows Server 2003 or higher.
http://technet2.microsoft.com/windowsserver2008/en/library/ea8d253e-0646-490c-93d3-b78c5e1d9db71033.mspx
AD DS: Database Mounting Tool (Dsamain.exe)
The Active Directory Database Mounting Tool (Dsamain.exe) is a command line tool that allows administrators to view snapshots of data within an AD DS database (it can also be used with AD Lightweight Directory Services databases). The tool can improve recovery processes for your organization, by providing means to compare data as it exists in snapshots or backups that are taken at different times, so that you can better decide which data to restore after data loss. This eliminates the need to restore multiple backups to compare the Active Directory data that they contain.
http://technet2.microsoft.com/windowsserver2008/en/library/4503d762-0adf-494f-a08b-cf502ecb76021033.mspx
Lähde: http://blogs.technet.com/kimcarey/archive/2008/06/20/active-directory-domain-services-in-windows-server-2008.aspx
Uusimmat kommentit