Active Directory – Meet the Marketing Group
I wanted to share some details on Active Directory now that Server 2008 is about to launch. Microsoft has decided to put an emphasis on Active Directory by potentially confusing its customers. In the past if someone mentioned Active Directory someone would define by saying it provides authentication services a central repository for objects and group policies. Now Microsoft will be releasing FIVE features/products under the Active Directory name. For those that know Active Directory this really isn't such a big deal since most of the features have been around for some time and plugged into Active Directory. But for those that are not as familiar may become confused. This purpose of this blog is to help ease some of the initial shock some may have.
Active Directory Domain Services (AD DS)
This is the Active Directory we have all grown to love, although now it includes several more features just for Server 2008's version of Active Directory. AD DS provides us with a central authentication service, configuration, and storage of all objects. To find out more about AD DS visit TechNet. I want to hit what I think are the 3 most important features of Windows Server 2008's Active Directory.
- Fine-Grained Passwords
- Read-Only Domain Controllers
- Restartable Active Directory Domain Services
Active Directory Lightweight Directory Services (AD LDS)
AD LDS used to be called Active Directory Application Mode (ADAM) and is used to provide directory enabled applications a directory. Think of it as Active Directory without the domain or domain controllers. It is a directory that applications can use and have that application data stored in a central directory. To find out more about AD LDS visit TechNet. There are several enhancements to Server 2008's AD LDS but below is the one that I find most intriguing.
- Active Directory Sites and Services Support
Active Directory Certificate Services (AD CS)
Certificate Services has been around for quite some time and ever since Active Directory was released with Windows 2000 there has been some form of integration between the two services. It seems with each major release of the Windows Server OS Certificate Services becomes more and more prevalent. I've always been a big fan of Certificate Services especially when integrated with Active Directory. To find out more about AD CS visit TechNet. Here is a look at some of the new enhancements to AD CS in Server 2008.
- Network Device Enrollment Service
- Enterprise PKI
Active Directory Federation Services (AD FS)
Active Directory Federation Services may sound new to some folks but it has in fact been out in the wild since Server 2003 R2. AD FS provides a solution for business-to-business transactions between trusted organizations that are using web applications accessed via a browser. You know longer need secondary accounts as each organization is responsible for managing their own accounts. To find out more about AD FS visit TechNet. Here are a few new enhancements to AD FS.
- Integration with SharePoint 2007
- Integration with AD RMS
Active Directory Federation Services (AD RMS)
Finally something new! Rights management is in my opinion one of the top 3 technologies for the next 5 years. This realm not only covers the enterprise but also home environments as well. AD RMS applies specifically to the enterprise and gives you the ability to determine what that person can do with the resources. Some might get this initially confused with permissions but it is more than that. AD RMS gives us the ability to lock down resources so that someone can't even forward it in an email or restrict printing of a document. Already being a control freak with Group Policy, AD RMS really gets me thinking of what else I'll be able to lock down. Take the time and visit the TechNet site on this one.
- AD RMS Step-by-Step Guide
- AD RMS Step-by-Step Guide with MOSS 2007