You can divide the “what’s new” categories in Windows Server 2012 Active Directory into two roughly equal parts: brand new and merely improved. Either way, you’re going to like what you see.
New Features
Pundits, bloggers and journalists alike will be diving into these details for months to come. Let’s take a look at the new high-level features, starting with the brand-new functions:
GUI for Recycle Bin
Microsoft introduced the Active Directory Recycle Bin in Windows Server 2008 R2, but it was limited by its Windows PowerShell-only exposure. This time it gets a GUI.
GUI for Fine-Grained Password Policies
Also gaining a GUI are fine-grained password policies.
Dynamic Access Control (DAC)
Windows Server 2008 R2 brought the File Classification Infrastructure (FCI). This version’s DAC adds far greater functionality to the (optional) second layer of FCI resource authorization.
Windows PowerShell History Viewer
You see the Windows PowerShell commands that correspond to actions you perform in the Active Directory Administrative Center UI.
Windows PowerShell Cmdlets for Active Directory Replication and Topology
More cmdlets — enough said.
Active Directory-Based Activation (ADBA)
The good: ADBA eliminates the need for a Key Management Service server. The bad: Only forthcoming Windows 8 computers can leverage ADBA. Seriously, Microsoft?
Flexible Authentication Secure Tunneling (FAST)
The nickname for FAST is “Kerberos armoring,” if that tells you anything. It isn’t enabled by default and requires clients that support it. Think you’ll be using it anytime soon?
Refreshed Features
Now let’s move on to the merely improved bits:
Virtual Snapshot and Cloning Support
Active Directory and hypervisor snapshots didn’t mix before. Now they do, if your hypervisor supports VM Generation ID.
ADPREP Integrated into DC Promotion
Can’t recall the proper steps to promote a member server to a DC? No worries, it’s in there.
Active Directory Federation Services (ADFS)
Now In-Box Adding ADFS no longer requires a separate installation. ADFS also gains multiple improvements. Watch this space, because you’ll be seeing and using more ADFS in the years to come.
Domain Join via DirectAccess
One word: Nifty! Nine words: Computers can now be domain-joined over the Internet. You’ll need DirectAccess first. Trust me: You’ll want it.
Kerberos Constrained Delegation (KCD)
Across Domains Another of those capabilities you’ve probably never used, but probably will in the future. KCD was first introduced in Windows Server 2003. Now it can span domains.
Group Managed Service Accounts (GMSAs)
MSAs in Windows Server 2008 R2 made administering service accounts easier. GMSAs in this version extend their support to clustered and load-balanced services.
While individually these new features might not seem like a lot, as a group they’re a good reason to step up your Active Directory to Windows Server 2012 as soon as you can.
