|
Active Directory provides the means to manage the identities and relationships that make up your organization’s network. Integrated with Windows Server 2008, the next generation of Active Directory gives you out-of-the-box functionality needed to centrally configure and administer system, user, and application settings. With Active Directory, you can simplify user and computer management, enable single sign-on (SSO) access to your network resources, and help enhance the privacy and security of stored information and communications.
Active Directory Domain Services
Active Directory Domain Services (AD DS), formerly known as Active Directory Directory Services, is the central location for configuration information, authentication requests, and information about all of the objects that are stored within your forest. Using Active Directory, you can efficiently manage users, computers, groups, printers, applications, and other directory-enabled objects from one secure, centralized location.
Active Directory Lightweight Directory Services
Active Directory Lightweight Directory Service (AD LDS), formerly known as Active Directory Application Mode, can be used to provide directory services for directory-enabled applications. Instead of using your organization’s AD DS database to store the directory-enabled application data, AD LDS can be used to store the data. AD LDS can be used in conjunction with AD DS so that you can have a central location for security accounts (AD DS) and another location to support the application configuration and directory data (AD LDS). Using AD LDS, you can reduce the overhead associated with Active Directory replication, you do not have to extend the Active Directory schema to support the application, and you can partition the directory structure so that the AD LDS service is only deployed to the servers that need to support the directory-enabled application
Active Directory Certificate Services
Most organizations use certificates to prove the identity of users or computers, as well as to encrypt data during transmission across unsecured network connections. Active Directory Certificate Services (AD CS) enhances security by binding the identity of a person, device, or service to their own private key. Storing the certificate and private key within Active Directory helps securely protect the identity, and Active Directory becomes the centralized location for retrieving the appropriate information when an application places a request.
Active Directory Federation Services
Active Directory Federation Services is a highly secure, highly extensible, and Internet-scalable identity access solution that allows organizations to authenticate users from partner organizations. Using AD FS in Windows Server 2008, you can simply and very securely grant external users access to your organization’s domain resources. AD FS can also simplify integration between untrusted resources and domain resources within your own organization.
Active Directory Rights Management Services
Your organization’s intellectual property needs to be safe and highly secure. Active Directory Rights Management Services, a component of Windows Server 2008, is available to help make sure that only those individuals who need to view a file can do so. AD RMS can protect a file by identifying the rights that a user has to the file. Rights can be configured to allow a user to open, modify, print, forward, or take other actions with the rights-managed information. With AD RMS, you can now safeguard data when it is distributed outside of your network.
Additional Active Directory Improvements
The Active Directory Installation Wizard includes several improvements over earlier versions. These improvements make it easier for an administrator to control the installation of domain controllers within the domain. Enhancements include:
Better Management with Server Manager. Server Manager, the new Windows Server 2008 server management tool, allows an administrator to pre-stage domain controllers. When the domain controller role is added from the Server Manager console, the files that are needed to perform the installation of the directory service are copied to the server. When an administrator starts the Installation Wizard, dcpromo.exe, the files are already cached and available.
Answer File Creation. If several domain controllers use the same settings when they are installed, the Summary page allows you to export the settings from the current installation into an answer file. The password used for your Directory Services Restore Mode administrator account is not exported with the answer file, and you can specify that the user who is installing the domain controller is always prompted for the administrator password. This way, passwords are not accessible to users who have access to the location where the answer files are stored.
Read-Only Domain ControllerInstallation. The new Read-Only Domain Controller role can be installed using the Installation Wizard. When installing a Read-Only Domain Controller, you can define who is allowed to install and manage the domain controller. In the first phase of the installation, a domain administrator can define the account that can install the Read-Only Domain Controller. Once defined, the user that is associated with the Read-Only Domain Controller will have the rights to install the directory service.
|
