إضغط لتفاصيل الإعلانات



Results 1 to 2 of 2
Share
  1. #1
    Join Date
    Nov 2007
    Location
    Arab world!
    Posts
    6,169
    Blog Entries
    4
    Rep Power
    10

    Cool What's New in Active Directory

    What's New in Active Directory

    Published: July 24, 2002 | Updated: November 16, 2005
    The Active Directory directory service provides single-logon capability and a central repository for information for your entire infrastructure, vastly simplifying user and computer management and providing superior access to networked resources. This article provides an overview of benefits, new features, and improvements for Active Directory in Windows Server 2003.







    Related Links

    Technical Overview of Active DirectoryIntroducing the Windows Server 2003 FamilyEnterprise Management with the Group Policy Management ConsoleIntroducing the ".NET" in the Windows Server 2003 FamilyWindows 2000 Directory Services

    On This Page

    BenefitsNew Features in Windows Server 2003 R2New Features and Improvements
    Benefits

    Improvements in Active Directory deliver key strategic benefits for medium and large enterprises, enabling greater administrator and user productivity. Expanding on the foundation established in Windows 2000, Windows Server 2003 improves the versatility, manageability, and dependability of Active Directory. Organizations can benefit from further reductions in cost while increasing the efficiency in which they share and manage the various elements of the enterprise.
    BenefitDescriptionGreater Flexibility
    Active Directory introduces important new features ensuring that it is one of the most flexible directory structures in the marketplace today. As directory-enabled applications become more prevalent, organizations can utilize the capabilities of Active Directory to manage the most complicated enterprise network environments. Internet data centers, extranet application deployments, large distributed branch office enterprises – the improvements provided by Windows Server 2003 simplify administration and increase performance and efficiency, making it a very versatile solution.
    Reduced Total Cost of Ownership
    Active Directory has been enhanced to reduce total cost of ownership (TCO) and operation within the enterprise. New features and enhancements have been provided at all levels of the product to extend versatility, simplify management, and increase dependability.


    Top of page
    New Features in Windows Server 2003 R2

    With Windows Server 2003 R2, Active Directory enables additional flexible deployment options, facilitating interoperability with Unix environments, extranet application deployments, cross-domain identity federation, and decentralized application directory deployments
    BenefitDescriptionActive Directory Federation Services (ADFS)
    ADFS provides Web-based extranet authentication/authorization, single sign-on (SSO), and federated identity services for Windows Server environments, increasing the value of existing Active Directory deployments in scenarios involving B2C extranets, intracompany (multiforest) federation, and B2B internet federation.
    Active Directory Application Mode (ADAM)
    Previously available as a Web download, Active Directory Application Mode (ADAM) is now included on the Windows Server media. An independent mode of Active Directory without infrastructure features, ADAM provides directory services for applications. Operating as a stand-alone data store or interacting with an Active Directory domain controller, the flexibility of ADAM enables administrators to tailor their directory services infrastructure to varying degrees of local control/autonomy or shared services.
    UNIX Identity Management
    UNIX integration helps to establish uninterrupted user access and efficient management of network resources across operating systems, by enabling AD domain controllers to act as master NIS servers, and synchronizing user passwords in Unix and Windows environments.


    Top of page
    New Features and Improvements

    Windows Server 2003 brings many improvements to Active Directory, making it even more versatile, dependable, and economical to use. Specifically, Active Directory in Windows Server 2003 provides:
    •Easier deployment and management.
    •Greater security.
    •Improved performance and dependability.

    Easier Deployment and Management

    Windows Server 2003 enhances the administrator's ability to efficiently configure and manage Active Directory even in very large enterprises with multiple forests, domains, and sites. Improved migration and management tools, along with the ability to rename Active Directory domains, make deploying Active Directory significantly easier than when the directory service was first introduced in Windows 2000 Server. Better tools bring drag-and-drop capabilities, multi-object selection, and the ability to save and reuse queries. Plus, improvements in Group Policy make it easier and more efficient to manage groups of users and computers in an Active Directory environment.
    BenefitDescriptionADMT version 2.0
    It is now easier to migrate to Active Directory through a number of improvements that have been made to the Active Directory Migration Tool (ADMT). ADMT 2.0 now allows migrating passwords from Microsoft Windows NT® 4.0 to Windows 2000 and Windows Server 2003 or from Windows 2000 to Windows Server 2003 domains.
    Domain Rename
    This supports changing the Domain Name System (DNS) and/or NetBIOS names of existing domains in a forest, keeping the resulting forest still "well formed." Administrators have greater flexibility in changing the Active Directory structure after it is deployed. Design decisions are now reversible, which benefits organizations that may be in involved in a merger or significant restructuring.
    Schema Redefine
    The flexibility of Active Directory has been enhanced to allow the deactivation of attributes and class definitions in the Active Directory schema. Attributes and classes can be redefined if an error was made in the original definition.
    Group Policy Improvements
    In conjunction with Windows Server 2003, Microsoft is releasing a new Group Policy management solution that unifies management of Group Policy. The Microsoft Group Policy Management Console (GPMC) provides a single solution for managing all Group Policy–related tasks. GPMC lets administrators manage Group Policy for multiple domains and sites within a given forest, all in a simplified user interface (UI) with drag-and-drop support. Highlights include new functionality such as backup, restore, import, copy, and reporting of Group Policy objects (GPOs). These operations are fully scriptable, which lets administrators customize and automate management. Together these advantages make Group Policy much easier to use and help you manage your enterprise more cost-effectively.
    Enhanced UI
    As the principal means to manage enterprise identities, objects, and relationships, improved interfaces increase administration efficiency and integration capabilities. Microsoft Management Console (MMC) plug-ins now include drag-and-drop capabilities, multi-object selection, and the ability to save and reuse queries. Administrators may now edit multiple user objects simultaneously, reset access control list (ACL) permissions to the default, show effective permissions on a security principal, and indicate the parent of an inherited permission.


    Greater Security

    Additional security features make it easier to manage the multiple forests and cross-domain trusts. Cross forest trust provides a new type of Windows trust for managing the security relationship between two forests—greatly simplifying cross-forest security administration and authentication. Users can securely access resources in other forests without sacrificing the single sign-on and administrative benefits of having only one user ID and password maintained in the user's home forest. This provides the flexibility to account for the need for some divisions or areas to have their own forest, yet maintain benefits of Active Directory. In addition, a new credential manager provides a secure store of user credentials and X.509 certificates. Software restriction policies let administrators prevent unwanted programs from being installed on computers throughout the network.
    BenefitDescriptionCross-Forest Authentication
    Cross-forest authentication enables secure access to resources when the user account is in one forest and the computer account is in another forest. This feature allows users to securely access resources in other forests, using either Kerberos or NTLM, without sacrificing the single sign-on and administrative benefits of having only one user ID and password maintained in the user's home forest.
    Cross-Forest Authorization
    Cross-forest authorization makes it easy for administrators to select users and groups from trusted forests for inclusion in local groups or ACLs. This feature maintains the integrity of the forest security boundary while allowing trust between forests. It enables the trusting forest to enforce constraints on what security identifiers (SIDs) it will accept when users from trusted forests attempt to access protected resources.
    Cross-Certification Enhancements
    The Windows Server 2003 client cross-certification feature is enhanced by enabling the capability for department-level and global-level cross certifications. For example, WinLogon will now be able to query for cross certificates and download these into the "enterprise trust/enterprise store." As a chain is built, all cross certificates will be downloaded.
    IAS and Cross-Forest Authentication
    If Active Directory forests are in cross-forest mode with two-way trusts, then Internet Authentication Service/Remote Authentication Dial-In User Service (IAS/RADIUS) can authenticate the user account in the other forest with this feature. This gives administrators the capability to easily integrate new forests with already existing IAS/RADIUS services in their forest.
    Credential Manager
    The Credential Manager provides a secure store of user credentials, including passwords and X.509 certificates. This will provide a consistent single-sign on experience for users, including roaming users. For example, when a user accesses a line-of-business application within their company's network, the first attempt to access this application requires authentication and the user is prompted to supply a credential. After the user provides this credential, it will be associated with the requesting application. In future access to this application, the saved credential will be re-used without prompting the user.
    Software Restriction Policies
    Software restriction policies address the need to regulate unknown or untrusted software. With software restriction policies, you can protect your computing environment from untrusted software by identifying and specifying which software is allowed to run. You can define a default security level of unrestricted or disallowed for a GPO so that software is either allowed or not allowed to run by default. You can make exceptions to this default security level by creating rules for specific software.


    Improved Performance and Dependability

    Windows Server 2003 more efficiently manages the replication and synchronization of Active Directory information. Administrators can better control the types of information that are replicated and synchronized between domain controllers both within a domain as well as across domains. In addition, Active Directory provides more features to intelligently select only changed information for replication—no longer requiring updating entire portions of the directory.
    BenefitDescriptionEasier Logon for Remote Offices
    Branch offices with domain controllers can provide user logon through cached credentials without first contacting the global catalog, improving system performance and robustness over unreliable wide area networks (WANs). The loss of connectivity between a branch office and a global catalog no longer impacts the ability of branch users to log on. Branch offices can be supported more effectively and bandwidth consumption over WAN links is reduced.
    Group Membership Replication Enhancements
    Some directory information does not need to be made globally available. This feature provides the capability to host data in Active Directory without significantly impacting network performance by providing control over the scope of replication and placement of replicas.
    Application Directory Partitions
    Some directory information does not need to be made globally available. This feature provides the capability to host data in Active Directory without significantly impacting network performance by providing control over the scope of replication and placement of replicas.
    Install Replica from Media
    Instead of replicating a complete copy of the Active Directory database over the network, this feature allows an administrator to source initial replication from files created when backing up an existing domain controller or global catalog server.
    Dependability Improvements
    Active Directory includes several new features that increase dependability such as Health Monitoring, which allows administrators to verify replications between domain controllers, improved global catalog replication, and an updated Inter-Site Topology Generator (ISTG) that scales better by supporting forests with a greater number of sites than Windows 2000.


  2. Facebook Comments - تعليقـك على الفيس بوك يسعدنا ويطور مجهوداتنـا


  3. Forum Ads:

  4. Forum Ads:

    اضفط هنا لمعرفة تفاصيل الإعلانات بالموقع


  5. Forum Ads:

    -->

  6. #2
    Join Date
    Dec 2007
    Location
    Cairo, Al Qahirah, Egypt, 115351105145884, Cairo, Egypt
    Posts
    2,229
    Blog Entries
    1
    Rep Power
    15

Similar Threads

  1. Active Directory Partitions
    By Mohamed Fouad in forum Microsoft
    Replies: 0
    Last Post: 08-11-2010, 03:42 PM
  2. Active Directory SRV Records
    By Mohamed Fouad in forum Microsoft
    Replies: 0
    Last Post: 27-05-2010, 02:11 PM
  3. some ways to Export Active Directory data
    By Mohamed Fouad in forum Microsoft
    Replies: 2
    Last Post: 05-05-2010, 04:36 PM
  4. Active Directory For Dummies
    By Mohamed Fouad in forum Microsoft
    Replies: 0
    Last Post: 02-09-2008, 03:10 PM
  5. Hyena a tool integrated with active directory
    By Mohamed Fouad in forum Microsoft
    Replies: 1
    Last Post: 31-12-2007, 05:10 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

أقسام المنتدى

الروابط النصية

تابع جروبنا على الفيس بوك

صفحة Egypt Engineers على الفيس بوك

تابعنا على linkedin

جروبنا على الياهو جروب