Additionally, other services running on the server remain available to satisfy client requests while AD DS is stopped.ĪD DS Database Mounting Tool-AD DS in Windows Server 2008 comes with a AD DS database mounting tool, which provides a means to compare data as it exists in snapshots or backups taken at different times. The restartable AD DS service reduces the time required to perform certain maintenance and restore operations. Restartable Active Directory Domain Services-AD DS in Windows Server 2008 can now be stopped and restarted through MMC snap-ins and the command line.
RODCs are covered in more detail in Chapter 6, “Manage Sites and Replication.” RODCs contain a read-only copy of the AD DS database. Read-Only Domain Controllers-AD DS in Windows Server 2008 introduces a new type of domain controller called a read-only domain controller (RODC). PSOs can be applied to both users and groups. A PSO has attributes for all the settings that can be defined in the Default Domain Policy, except Kerberos settings.
User and group password and account lockout policies are defined and applied via a Password Setting Object (PSO). Additionally, auditing now provides the capability to log old and new values of an attribute when a successful change is made to that attribute.įine-Grained Password Policies-AD DS in Windows Server 2008 now provides the capability to create different password and account lockout policies for different sets of users in a domain. The enhancements provide more granular auditing capabilities through four new auditing categories: Directory Services Access, Directory Services Changes, Directory Services Replication, and Detailed Directory Services Replication. What’s New in Windows Server 2008 Active Directory Domain ServicesĪctive Directory Domain Services in Windows Server 2008 provides a number of enhancements over previous versions, including these:Īuditing-AD DS auditing has been enhanced significantly in Windows Server 2008. Additionally, a number of enterprise products, including Exchange Server and Windows SharePoint Services, require AD DS. It provides the basis for authentication and authorization for virtually all other server roles in Windows Server 2008 and is the foundation for Microsoft’s Identity and Access Solutions. AD DS in Windows Server 2008 provides a powerful directory service to centrally store and manage security principals, such as users, groups, and computers, and it offers centralized and secure access to network resources.ĪD DS is one of the most important server roles in Windows Server 2008. Active Directory Domain Services (AD DS) is Microsoft’s implementation of a directory service that provides centralized authentication and authorization services.