RSS FEED

Features of Active Directory

Related Solutions

Related Products

A Variety of Features for Network Manageability

 
Active Directory helps you manage the identities and relationships that make up your organization's network through unique features specific to individual roles.
Key Features
  • Active Directory Domain Services

    Changes made to Active Directory objects can be recorded so that you know what was…

    Changes made to Active Directory objects can be recorded so that you know what was changed, as well as the previous and current values for the changed attributes.
     

    • Fine-Grained Passwords

      Password policies can be configured for distinct groups within the domain. No longer does every account have to use the same password policy within the domain.
     

    • Read-Only Domain Controller

      A domain controller with a read-only version of the Active Directory database can be deployed in environments where the security of the domain controller cannot be guaranteed, such as branch offices where the physical security of the domain controller is in question, or domain controllers that host additional roles, requiring other users to log on and maintain the server. The use of Read-Only Domain Controllers (RODCs) prevents changes made at branch locations from potentially polluting or corrupting your AD forest via replication. RODCs also eliminate the need to use a staging site for branch office domain controllers, or to send installation media and a domain administrator to the branch location.
     

    • Restartable

      Active Directory Domain Services. Active Directory Domain Services can be stopped and maintained. Rebooting the domain controller and restarting it in Directory Services Restore Mode is not required for most maintenance functions. Other services on the domain controller can continue functioning while the directory service is offline.
     

    • Database Mounting Tool

      A snapshot of the Active Directory database can be mounted using this tool. This allows a domain administrator to view the objects within the snapshot to determine the restore requirements when necessary.

  • Active Directory Rights Management Services

    Support for AD RMS is already included within Windows 7...

    Support for AD RMS is already included within Windows 7, Internet Explorer, and Microsoft Office 2010; and can be installed on other Windows operating systems.
     

    • Persistent Protection

      Your content can be protected on the go. You specify who can open, modify, print, or manage the content, and the rights stay with the content—even after it has been transferred outside of your organization.
     

    • Usage Policy Templates

      If you have a common set of rights that you use to control access to information, a Usage Policy Template can be created and applied to content. This alleviates the need to recreate the usage rights settings for every file you want to protect.
     

    • AD RMS Software Development Kit

      The AD RMS Software Development Kit (SDK) can be used by independent software vendors (ISVs) to rights-enable their applications, meaning the application investments you’ve already made may be (or will become) compatible with AD RMS.

  • Active Directory Federation Services

    AD FS is a server role within Windows Server 2008 that can be easily deployed and managed using...

    AD FS is a server role within Windows Server 2008 that can be easily deployed and managed using Server Manager, instead of handled as an added feature, as in Windows Server 2003 R2.
     

    • Integration with Microsoft Office SharePoint Server 2007

      AD FS can be used to facilitate a single sign-on solution for Office SharePoint Server 2007.
     

    • Integration with Active Directory Rights Management Services (AD RMS)

      AD FS can integrate with AD RMS to support the sharing of rights-protected content between organizations without requiring AD RMS to be deployed in both organizations.
     

    • Improved Administration

      Importing and exporting trust information has been enhanced so that each organization can quickly export or import XML files to facilitate the configuration of trust information.

  • Active Directory Federation Services

    AD FS is a server role within Windows Server 2008 that can be easily deployed and managed using...

    AD FS is a server role within Windows Server 2008 that can be easily deployed and managed using Server Manager, instead of handled as an added feature, as in Windows Server 2003 R2.
     

    • Integration with Microsoft Office SharePoint Server 2007

      AD FS can be used to facilitate a single sign-on solution for Office SharePoint Server 2007.
     

    • Integration with Active Directory Rights Management Services (AD RMS)

      AD FS can integrate with AD RMS to support the sharing of rights-protected content between organizations without requiring AD RMS to be deployed in both organizations.
     

    • Improved Administration

      Importing and exporting trust information has been enhanced so that each organization can quickly export or import XML files to facilitate the configuration of trust information.

  • Active Directory Lightweight Directory Services

    Active Directory Sites and Services Support, gives you the ability to use Active Directory Sites and Services to manage the replication of the AD LDS data changes…

    Active Directory Sites and Services Support, gives you the ability to use Active Directory Sites and Services to manage the replication of the AD LDS data changes…
     

    • Install from Media Generation

      The ability to create installation media for AD LDS by using Ntdsutil.exe or Dsdbutil.exe.
     

    • Auditing

      Auditing of changed values within the directory service
     

    • Database Mounting Tool

      Gives you the ability to view data within snapshots of the database files.
     

    • Dynamic List of LDIF files

      With this feature, you can associate custom LDIF files with the existing default LDIF files used for setup of AD LDS on a server.
     

    • Recursive Linked - Attribute Queries

      LDAP queries can follow nested attribute links to determine additional attribute properties, such as group memberships.

  • Additional Active Directory Improvements

    The Active Directory Installation Wizard includes several improvements over earlier versions...

    The Active Directory Installation Wizard includes several improvements over earlier versions. These improvements make it easier for an administrator to control the installation of domain controllers within the domain. Enhancements include:
     

    • New Forest Functional Level

      Windows Server 2008 R2 includes a new Active Directory forest functional level. Many of the new features in the Active Directory server roles require the Active Directory forest to be configured with this new functional level.
     

    • Enhanced Command Line and Automated Management

      Windows PowerShell cmdlets provide the ability to fully manage Active Directory server roles.
     

    • Improved Automated Monitoring and Notification

      An updated System Center Manager 2007 Management Pack helps improve the monitoring and management of Active Directory server roles.
     

    • Better Management with Server Manager

      Server Manager, the Windows Server 2008 R2 server management tool, allows an administrator to pre-stage domain controllers. When the domain controller role is added from the Server Manager console, the files that are needed to perform the installation of the directory service are copied to the server. When an administrator starts the Installation Wizard, dcpromo.exe, the files are already cached and available.
     

    • Improved Compliance with Established Standards and Best Practices

      Windows Server 2008 R2 includes an integrated Best Practices Analyzer for each of the server roles. The Best Practices Analyzer creates a checklist within Server Manager for the role, which you can use to help perform all the configuration tasks.
     

    • Answer File Creation

      If several domain controllers use the same settings when they are installed, the Summary page allows you to export the settings from the current installation into an answer file. The password used for your Directory Services Restore Mode administrator account is not exported with the answer file, and you can specify that the user who is installing the domain controller is always prompted for the administrator password. This way, passwords are not accessible to users who have access to the location where the answer files are stored.
     

    • Read-Only Domain Controller Installation

      The Read-Only Domain Controller role can be installed using the Installation Wizard. When installing, you can define who is allowed to install and manage the domain controller. In the first phase of the installation, a domain administrator can define the account that can install the Read-Only Domain Controller. Once defined, the user that is associated with the Read-Only Domain Controller will have the rights to install the directory service.

Virtual Labs

Get the Active Directory Rights Management Services Virtual Lab.

Resources

Find technical resources for Windows Server 2008 R2 Active Directory.

Product Benefits

Learn about the benefits of Windows Server 2008 R2 Active Directory.

Try Now
Find Resources
Find Support

Next Steps

Success Stories

Dow Corning

Dow Corning Uses Enterprise Rights Management to Help Protect Intellectual Property

More»

More Case Studies