Simplified Active Directory administration
Active Directory is foundational to the IT infrastructure of most
organizations today, and Windows Server 2012 includes new capabilities
and enhancements that help you deploy and manage your Active Directory
environment. Whether you have a traditional datacenter or are migrating
to the cloud, the new features and functionality of Active Directory in
Windows Server 2012 will make your job easier.
Deploying domain controllers
The process for deploying domain controllers is faster and more flexible in Windows Server 2012. The Dcpromo.exe wizard of previous versions of Windows Server has been replaced with a new Active Directory Domain Services Configuration Wizard that is built upon PowerShell (see Figure 1). This redesign provides a number of benefits. For example, you can now install the AD DS server role binaries
remotely using Server Manager or with the new AD DS PowerShell cmdlets.
You can also install the binaries on multiple servers at the same time.
Adprep.exe has now
been integrated into the Active Directory installation process to make
it easier to prepare your existing Active Directory environment for
upgrading to Windows Server 2012. And the Active Directory Domain
Services Configuration Wizard performs validation to ensure that the necessary prerequisites have been met before promoting a server to a domain controller.
Of course, everything you can do using the Configuration Wizard can also be done directly using PowerShell. Figure 2
lists the PowerShell cmdlets available in the ADDSDeployment module.
These cmdlets can be scripted to automate the deployment and
configuration of domain controllers within your datacenter or across your private cloud.
Virtualizing domain controllers
In previous versions of Windows Server, virtualizing a domain controller by running it in a VM was risky. Because of how Active Directory replication works, reverting a virtualized domain controller to an earlier state by applying a snapshot
could cause Active Directory replication to fail. Because snapshots are
commonly used in Hyper-V environments for performing quick and dirty
backups of VMs, accidentally applying a snapshot to a virtualized
domain controller could easily wreck your Active Directory environment.
Windows Server 2012 prevents such situations from happening by
including a mechanism that safeguards your Active Directory environment
if a virtualized domain controller is rolled back in time by using a
snapshot. Note that although this now means that snapshots can be taken
and used with virtualized domain controllers, Microsoft still
recommends that snapshots not be used for this purpose.
Cloning domain controllers
When your business grows, you may need to deploy additional domain
controllers to meet the expanding needs of your organization. Being
able to rapidly provision new domain controllers is important,
particularly in cloud environments where elasticity is essential. In
Windows Server 2012, you can now safely deploy cloned virtual domain
controllers instead of having to go through the time-consuming process
of deploying a sysprepped server image, adding the AD DS role, and
promoting and configuring the server as a domain controller. All you
need to do is export the VM of an existing virtual domain controller or
make a copy of its VHD/VHDX file, authorize the exported VM or copied
virtual disk for cloning in Active Directory, and create an XML
configuration file named DCCloneConfig.xml. Then, once the destination
VM is deployed and has started, the cloned domain controller provisions itself as a new domain controller.
Cloning virtualized domain controllers like this can make it much easier for you to scale out your Active
Directory environment. For example, if you have a branch office that is
rapidly growing and has an existing virtualized domain controller on
site, you can simply clone that domain controller to support the
growing needs of your branch office infrastructure.
Another scenario where cloning virtualized domain
controllers can be useful is helping ensure business continuity. For
example, if a disaster happens and you lose some domain controllers in
your organization, you can restore the level of capacity needed quickly
by cloning more domain controllers.
The Active
Directory Administrative Center (ADAC) was first introduced in Windows
Server 2008 R2 as a central management console for Active Directory
administrators. ADAC
is built on PowerShell and has been enhanced in Windows Server 2012 to
provide a rich graphical user interface for managing all aspects of
your Active Directory environment (see Figure 3).
A number of improvements have been made to ADAC in Windows Server 2012 to make it easier to manage your Active Directory infrastructure. For example:
-
The Active
Directory Recycle Bin, first introduced in Windows Server 2008 R2, has
been enhanced in Windows Server 2012 with a new GUI to make it easier
for you to find and restore deleted objects.
-
Fine-grained password
policies, also first introduced in Windows Server 2008 R2, have been
enhanced in Windows Server 2012 with a new GUI as well, making it
possible to view, sort, and manage all password policies in a given
domain.
-
Windows PowerShell History Viewer helps you quickly create PowerShell scripts to automate Active
Directory administration tasks by viewing and utilizing the PowerShell
commands underlying any actions performed using the user interface of
ADAC. For example, Figure 4
shows the PowerShell commands that were run when ADAC was used to
create a new organizational unit for the marketing department of
Contoso.
