Virtualization That Just Works • All Active Directory features work equally well in physical, virtual or mixed environments Simplified Deployment of Active Directory • • • • Complete integration of environment preparation, role installation and DC promotion into a single UI DCs can be deployed rapidly to ease disaster recovery and workload balancing DCs can be deployed remotely on multiple machines from a single Windows 8 machine Consistent command-line experience through Windows PowerShell enables automation of deployment tasks Simplified Management of Active Directory • • • • GUI that simplifies complex tasks such as recovering a deleted object or managing password policies Active Directory Windows PowerShell viewer shows the commands for actions performed in the GUI Active Directory Windows PowerShell support for managing replication and topology data Simplify delegation and management of service accounts Miscellaneous Management Simplified Deployment Recycle Bin User Interface Dynamic Access Control Virtualization-Safe Technology Active Directory PowerShell History Viewer User Interface Active Directory Based Activation Rapid Deployment Fine-Grained Password Policy User Interface Kerberos Enhancements Active Directory Platform Changes Active Directory Replication & Topology Cmdlets Group Managed Service Accounts Miscellaneous Simplified Deployment Virtualization-Safe Technology Rapid Deployment Active Directory Platform Changes Streamline the deployment process … by integrating preparation and promotion processes & automating pre-requisites in-between Minimize odds of deployment failures … by validating environment pre-requisites before deployment Minimize number of touch-points … by providing remote capabilities for both preparation and promotion processes Optimize for common deployment paths … by aligning the configuration wizard to the most common deployment scenarios Bring consistency with other Windows Server roles deployment experiences … by integrating the full deployment experience with Server Manager Gain UI-consistency by leveraging an enhanced command-line experience … by providing a deployment & configuration wizard that is built on top of Windows PowerShell http://microsoft.com Miscellaneous Simplified Deployment Virtualization-Safe Technology Rapid Deployment Active Directory Platform Changes USN rollback NOT detected: only 50 users converge across the two DCs All others are either on one or the other DC 100 security principals (users in this example) with RIDs 500-599 have conflicting SIDs Miscellaneous Simplified Deployment Virtualization-Safe Technology Rapid Deployment Active Directory Platform Changes Miscellaneous Simplified Deployment Virtualization-Safe Technology Rapid Deployment Active Directory Platform Changes Miscellaneous Management Simplified Deployment Recycle Bin User Interface Dynamic Access Control Virtualization-Safe Technology Active Directory PowerShell History Viewer User Interface Active Directory Based Activation Rapid Deployment Fine-Grained Password Policy User Interface Kerberos Enhancements Active Directory Platform Changes Active Directory Replication & Topology Cmdlets Group Managed Service Accounts Management Recycle Bin User Interface Dynamic Access Control Active Directory PowerShell History Viewer User Interface Active Directory Based Activation Fine-Grained Password Policy User Interface Kerberos Enhancements Active Directory Replication & Topology Cmdlets Group Managed Service Accounts Management Recycle Bin User Interface Dynamic Access Control Active Directory PowerShell History Viewer User Interface Active Directory Based Activation Fine-Grained Password Policy User Interface Kerberos Enhancements Active Directory Replication & Topology Cmdlets Group Managed Service Accounts Management Recycle Bin User Interface Dynamic Access Control Active Directory PowerShell History Viewer User Interface Active Directory Based Activation Fine-Grained Password Policy User Interface Kerberos Enhancements Active Directory Replication & Topology Cmdlets Group Managed Service Accounts Management Recycle Bin User Interface Dynamic Access Control Active Directory Windows PowerShell History Viewer Active Directory Based Activation Fine-Grained Password Policy User Interface Kerberos Enhancements Active Directory Replication & Topology Cmdlets Group Managed Service Accounts Management Recycle Bin User Interface Dynamic Access Control Active Directory Windows PowerShell History Viewer Active Directory Based Activation Fine-Grained Password Policy User Interface Kerberos Enhancements Active Directory Replication & Topology Cmdlets Group Managed Service Accounts Management Recycle Bin User Interface Dynamic Access Control Active Directory Windows PowerShell History Viewer Active Directory Based Activation Fine-Grained Password Policy User Interface Kerberos Enhancements Active Directory Replication & Topology Cmdlets Group Managed Service Accounts Management Recycle Bin User Interface Dynamic Access Control Active Directory Windows PowerShell History Viewer Active Directory Based Activation Fine-Grained Password Policy User Interface Kerberos Enhancements Active Directory Replication & Topology Cmdlets Group Managed Service Accounts Management Recycle Bin User Interface Dynamic Access Control Active Directory Windows PowerShell History Viewer Active Directory Based Activation Fine-Grained Password Policy User Interface Kerberos Enhancements Active Directory Replication & Topology Cmdlets Group Managed Service Accounts With this deployed… ... these features become available • + First Windows Server 2012 domain-member (or Windows 8 with RSAT installed) • • • • • • + First Windows Server 2012 DC + Windows Server 2012 DC holds PDC FSMO role • • • • New Active Directory Administrative Center • Windows PowerShell History Viewer • Graphical Recycle Bin and FGPP management Richer authorization through DAC & FCI Active Directory-based Activation • Requires Windows Server 2012 schema extensions Active Directory Replication & Topology Cmdlets AD FS (v2.1) Simplified Deployment and Preparation Dynamic Access Control policies and claims • Kerberos Claims in AD FS (v2.1) Cross-domain Kerberos Constrained Delegation Group Managed Service Accounts Virtualization-Safe for the Windows Server 2012 DC • requires Hypervisor support for VM-Gen-ID Rapid virtual DC deployment through DC-cloning • requires Hypervisor support for VM-Gen-ID #TE(sessioncode) DOWNLOAD Windows Server 2012 Release Candidate Hands-On Labs microsoft.com/windowsserver DOWNLOAD Windows Azure Windowsazure.com/ teched http://northamerica.msteched.com www.microsoft.com/learning http://microsoft.com/technet http://microsoft.com/msdn