https://redmondmag.com/articles/2012/07/01/whats-new-in-windows-server-2012-acti
ID: 3763402 • Letter: H
Question
https://redmondmag.com/articles/2012/07/01/whats-new-in-windows-server-2012-active-directory.aspx
from the article:
recommend two (2) new features of Windows Server 2012 Active Directory that you believe to be most beneficial to users from a network security standpoint. Provide one (1) example for each feature that demonstrates a security problem that could occur if a user does not implement that feature.
compare and contrast two (2) improved features of Windows Server 2012 Active Directory to the previous version of each feature. Examine your chosen features with a focus on the ability of each improved version to increase network efficiency and / or cost effectiveness compared to their previous versions. Provide support for your response.
Explanation / Answer
upgrades in Windows Server 2012 include:
Virtualization that just works
Windows Server 2012 gives more noteworthy backing to the abilities of open and private mists through virtualization-safe advances and the fast arrangement of virtual area controllers through cloning.
Improved arrangement and redesign readiness:
The update and arrangement forms dcpromo and adprep have been supplanted with another streamlined space controller advancement wizard that is incorporated with Server Manager and based on Windows PowerShell. It approves essentials, computerizes woodland and area arrangement, requires just a solitary arrangement of logon accreditations, and it can remotely introduce AD DS on an objective server.
Streamlined administration:
Illustrations of streamlined administration incorporate the reconciliation of cases based approval into AD DS and the Windows stage, two basic parts of a more extensive component known as Dynamic Access Control (DAC). DAC includes focal access strategies, index properties, the Windows document arrangement motor, and compound-characters that consolidate client and machine personality into one. Furthermore, the Active Directory Administrative Center (ADAC) now permits you to perform graphical assignments that naturally produce the equal Windows PowerShell orders. The summons can be effectively duplicated and stuck into a script streamlining the robotization of tedious authoritative activities.
Stage Changes:
The AD DS stage contains center usefulness, including the "under-the-spreads" practices that oversee the parts whereupon whatever is left of the index administration is assembled. Upgrades to the AD DS stage incorporate enhanced designation and size of RIDs (relative identifiers), conceded file creation, different Kerberos improvements and backing for Kerberos cases (see Dynamic Access Control) in AD FS.
Dynamic Directory and AD DS has been at the focal point of IT base for more than 10 years, and its components, reception, and business-worth have developed discharge over discharge. Today, the dominant part of that Active Directory base stays on the premises, yet there is a developing pattern toward distributed computing. The selection of distributed computing, be that as it may, won't happen overnight, and relocating suitable on-premises workloads or applications is an incremental and long haul exercise. New half breed frameworks will develop, and it is crucial that AD DS bolster the needs of these new and novel arrangement models that incorporate administrations facilitated altogether in the cloud, benefits that include cloud and on-premises parts, and administrations that remain only on the premises. These crossover models will expand the significance, perceivability, and accentuation around security and consistence, and they will aggravate the officially complex and tedious activity of guaranteeing that entrance to corporate information and administrations is fittingly reviewed and precisely communicates the business goal.
Fast arrangement with cloning
Notice DS in Windows Server 2012 permits you to send imitation virtual space controllers by "cloning" existing virtual area controllers. You can advance a solitary virtual space controller by utilizing the area controller advancement interface in Server Manager, and afterward quickly convey extra virtual area controllers inside of the same area, through cloning.
The procedure of cloning includes making a duplicate of a current virtual area controller, approving the source space controller to be cloned in AD DS, and running Windows PowerShell cmdlets to make a setup .
More secure virtualization of area controllers
Notice DS has been virtualized for quite a while, however elements present in many hypervisors can negate solid suppositions made by the Active Directory replication calculations. Essentially, the consistent timekeepers that are utilized by area controllers to decide relative levels of joining just go ahead in time. In Windows Server 2012, a virtual area controller uses an exceptional identifier that is uncovered by the hypervisor. This is known as the virtual machine GenerationID. The virtual machine GenerationID changes at whatever point the virtual machine encounters an occasion that influences its position in time. The virtual machine GenerationID is presented to the virtual machine's location space inside of its BIOS, and it is made accessible to the working framework and applications through a driver in Windows Server 2012.
Rearranged organization and update arrangement
Advertisement DS organization in Windows Server 2012 coordinates all the obliged strides to send new area controllers into a solitary graphical interface. It requires stand out big business level accreditation, and it can set up the backwoods or area by remotely focusing on the proper operations expert parts. The new sending procedure conducts broad essential acceptance tests that minimize the open door for mistakes that may have generally blocked or hindered the establishment.
2)Active Directory Federation Services (AD FS)
Commercial FS v2.0 delivered out-of-band of the Windows Server discharge. In Windows Server 2012, AD FS (v2.1) ships in-the-case as a server part. This gives:
Streamlined trust-setup and programmed trust administration
SAML-convention support
Extensible quality store
Permits cases to be sourced from anyplace in the endeavor
Dynamic Directory Lightweight Directory Service (AD LDS) and SQL quality store suppliers supplied out-of-the-crate
IMOLIMENTATION AREAS ARE:
Element Access Control
DirectAccess Offline Domain Join
Dynamic Directory Federation Services (AD FS)
Windows PowerShell History Viewer
Dynamic Directory Recycle Bin User Interface
Fine-Grained Password Policy User Interface
Dynamic Directory Replication and Topology Windows PowerShell cmdlets
Dynamic Directory Based Activation (AD BA)
Gathering Managed Service Accounts (gMSA)
ITS A POWER FULL SHELL HISTORY:
Windows PowerShell is a key innovation in making a reliable ordeal between the charge line and the graphical client interface. Windows PowerShell expands efficiency, additionally requires interest in figuring out how to utilize it.
To minimize the learning venture, Windows Server 2012 incorporates the new Windows PowerShell History Viewer. The advantages include:
Permit managers to see the Windows PowerShell charges executed when utilizing the Active Directory Administrative Center. For instance:
The executive adds a client to a gathering
The UI shows the equal Windows PowerShell for Active Directory charge
The executive duplicates the subsequent sentence structure and incorporates it into a script
Diminishes Windows PowerShell expectation to absorb information
Builds trust in scripting
Further upgrades Windows PowerShell discoverability
Related Questions
Navigate
Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.