Windows Server 2012 R2
Protected Users Security Group
Authentication Policy and Authentication Policy Silos
Windows Server 2012
Virtualization safeguards and Virtualized domain controller cloning
Improved upgrade preparation and installation
Dynamic Access Control
DirectAccess Offline Domain Join
AD FS built in as a server role
Windows PowerShell History Viewer
Fine-grained password Policy UI
Active Directory Recycle Bin UI
Active Directory Replication and Topology Windows PowerShell cmdlets
Active Directory-based Activation
Group Managed Service Accounts
RID Improvements
Deferred Index Creation
Kerberos enhancements
Windows Server 2008 R2
Active Directory Recycle Bin (requires Windows Server 2008 R2 forest functional level)
Active Directory module for Windows PowerShell and Windows PowerShell cmdlets
Active Directory Best Practices Analyzer
Active Directory Web Services
Active Directory Administrative Center
Authentication mechanism assurance
Offline domain join
Managed Service Accounts
New logic for bridgehead server selection
Windows Server 2008
Auditing Improvements
Fine-grained password policies (requires Windows Server 2008 domain functional level)
Read-only domain controllers (requires Windows Server 2003 functional level)
Restartable Active Directory
AD database mounting tool
UI improvements
Owner rights
DFSR replication of SYSVOL (requires Windows Server 2008 domain functional level)
DSRM password sync
Active Directory Application Mode (ADAM) rebranded as Active Directory Lightweight Directory Service (AD LDS) and included in Windows Server 2008 as a server role.
Windows Server 2003
Multiple selection of user objects
Drag and drop functionality
Efficient search capabilities
Saved queries
New Active Directory command-line tools, such as adprep.exe
InetOrgPerson class
Application directory partitions
Ability to add additional domain controllers by using backup media
Universal group membership caching
Secure Lightweight Directory Access Protocol (LDAP) traffic
Partial synchronization of the global catalog
Active Directory quotas
Security-Having only one domain means better security through a single security policy and a single set of administrators. If you have multiple domains and forests, each has its own administrator. One weak but trusted domain exposes all the other forests and domains. With only a single domain, it's also far easier to enforce an organization-wide security policy Single platform - a single directory service or Global Catalog (GC) means a single platform for all other directory-ware services, including monitoring and messaging.
Faster deployment-starts in an organization with just a single domain and shared account database solutions need only be deployed once, which means company-wide deployments are much faster than if the organization has multiple and separate domains. Single management infrastructure-Having a single management infrastructure means there is just one infrastructure for all other directory services tasks, such as software deployment, inventory, and object managment sharing and delegation (such as for user accounts). Single Group Policy container (GPC)-With a single GPC, management polices need to be defined only once, and can be used throughout the entire enterprise without the need to manually export and import Group Policy Objects (GPOs). . Backup and recovery-Having only a single domain means better resiliency because every location has a full domain backup. Less hardware-In an organization with multiple domains, every location needs two domain controllers (DCs). With a single domain, each location needs only a single DC because if the local DC fails, the locations can use hub DCs. Reduced hardware also means fewer licenses, less management software, and less overhead for server management. There's also no need to back up remote DCs because the remote DCs just hold the same information as the central DCs-assuming the DCs only perform directory services
Windows 2000 Domains work using a multiple master designwith restricted master operations on a master domain controller. This was done to distribute the load on domain controllers but there are some operations that can only be done on a single or "master" controller.
There are a set of Flexible Single Master Operations (FSMO) which can only be done on a single controller. An administrator determines which operations must be done on the master controller. These operations are all set up on the master controller by default and can be transferred later. FSMO operations types include:
The Active Directory administrative tools can only be used from a computer with access to a domain. The following Active Directory administrative tools are available on the Administrative Tools menu: Active Directory Users and Computers (dsa.msc) Active Directory Domains and Trusts (domain.msc) Active Directory Sites and Services (dssite.msc)
netlogon dns rpc active directory services(it is in form of service in win2008 only) these are the major ones
Repair or recover Active Directory.
Active Directory service is used to store information about the network resources across a domain and also centralize the network.
hey active directory is always best. find more with Zosap - the best deep link submission company
enaku theriyathu
Active Directory Sites and Services
Active Directory Federation Services
Active Directory Federation Services was developed by Microsoft. It is a software component that can be installed on Windows. It is designed to maintain application security and implement federal identity.
Active Directory Services is included with most Windows systems as it is a product of Microsoft. It is often used with Windows domain networks, authorizing computers within the network.
Active Directory Recycle Bin is a feature that helps minimize directory service downtime by enhancing your ability to preserve and restore accidentally deleted Active Directory objects without restoring Active Directory data from backups, restarting Active Directory Domain Services (AD DS), or rebooting domain controllers. When you enable Active Directory Recycle Bin feature, all link-valued and non-link-valued attributes of the deleted Active Directory objects are preserved and the objects are restored in their entirety to the same consistent logical state that they were in immediately before deletion. For example, restored user accounts automatically regain all group memberships and corresponding access rights that they had immediately before deletion, within and across domains. Active Directory Recycle Bin is functional for both AD DS and Active Directory Lightweight Directory Services (AD LDS) environments. Mohannad Hamid
Active Directory, DNS and DHCP