Microsoft has bulked up and improved Windows Server 2012 with an array of new features, including multiple interfaces, group policy improvements, the ReFS file system, and more. This blog post is part of our series of blog posts on Windows Server 2012’s new features and will briefly look at the latest version of Active Directory Services – more robust, more secure, and generally much improved – across its three core components:
- Active Directory Certificate Services and Public-Key Infrastructure
- Active Directory Domain Services
- Active Directory Rights Management Services
Active Directory Certificate Services and PKI (AD CS and PKI)
As a Cloud Services Reseller, your clients rely on your to provide the latest and greatest security measures. Active Directory Certificate Services in Windows Server 2012 provides an enhanced level of security for software systems that employ public-key technologies for issuing and managing public-key infrastructure (PKI) certificates. This is one of the many ways that Microsoft is improving security with their latest cloud technology.
The AD CS server provides a suite of different enhancements and improvements to implement and manage its six different roles, i.e., Certificate Authority, Online Responder, Certificate Enrollment Web Service, Web Enrollment, Network Device Enrollment Service, and Certificate Enrollment Policy Web Service.
The AD CS server roles are integrated within the server manager, which enables adding AD CS roles from a central location. The server manager can be used to configure multiple servers. Administrators can view, edit, and manage role services on each server and can also perform management tasks on them. AD CS Deployment Windows PowerShell cmdlets also enable scripting deployment of the AD CS roles and the Certification Authority (CA) role services. Moreover, AD CS roles can be installed on any version of Windows Server 2012 (including Windows Server 2012 R2 Preview) and can even run on Server Core or minimal server installation instances.
Some other notable changes and new features within the AD CS and PKI include:
- Certificate template compatibility
- Support for certificate renewal with the same key
- Support for key-based renewal
- Group protected PFX format
- Certificate lifecycle notifications
- Support for internationalized domain names
- Inclusion of CA private keys in the system state backup image
- AD DS site awareness for AD CS and PKI clients
- Enhanced security by default on CA role services
Active Directory Domain Services (AD DS)
In addition to improved security with Active Directory Certificate Services (AD CS), Server 2012 also helps you become a more efficient technology provider with Active Directory Domain Services (AD DS). With AD DS, server administrators can now deploy in-house or cloud-based domain controllers much more quickly. It provides graphical and scripted interfaces to perform local and remote enterprise-wide administrative tasks.
One of the most notable changes is the enhanced AD DS support for current, new, and emerging cloud and virtualization delivery models. AD DS provides cloning ability, copying or replicating existing virtual domain controllers for rapidly deploying domain controllers across the domain. This is achieved by copying existing virtual domain controllers and executing PowerShell cmdlets to create the necessary configuration file for a domain controller. Further, the process of installing and deploying AD DS has been streamlined to be much simpler, leaner, more consistent, and less time consuming. It is built on PowerShell and integrates with the server manager to remotely deploy domain controllers on multiple servers.
Besides all this, AD DS has been revamped to provide simplified management of domain controllers including:
- Windows PowerShell History Viewer
- Active Directory Federation Services
- Active Directory Recycle Bin user interface
- Group Managed Service Accounts
- Fine-grained password policy user interface
- Active Directory Replication and Topology Windows PowerShell cmdlets
- Active Directory Based Activation
- Dynamic Access Control
Active Directory Rights Management Service (AD RMS)
Each of your clients have unique technology needs that translate into very specific configurations. Microsoft improved on Windows Server 2012’s flexibility with the Active Directory Rights Management Service (AD RMS).
The AD RMS changes provide more flexibility in deploying and configuring Microsoft SQL Server 2012 and AD RMS by supporting remote deployment. Earlier, the account used for installing AD RMS was required to have local administrator privileges on any computers/machines hosting a SQL Server installation. With the current changes, the AD RMS installer should have sysadmin permissions in the SQL Server installation, the SQL Browser service must be running, and the firewall must have exceptions enabled, allowing communication from SQL ports that will be used by AD RMS setup. The remote deployment process is completed through a two-part process, which includes:
- Installing the AD RMS files and the corresponding role by launching Add Roles and Features Wizard in the Server Manager.
- The AD RMS Configuration wizard should then be launched to select the deployment option and configure the AD RMS cluster.
AD RMS is also now supported within the Server Core installation mode, much like AD CS and AD DS. This enables simplified management, reduced maintenance, minimal disk and processing requirements, and less attack surface.
Among the newer features of AD RMS are simple delegation and strong cryptography.
- Simple Delegation enables providing content rights to assistants by their executives/managers. This is part of the extension/expansion to Active Directory schema, supporting new attributes and flexibly managing the delegation of rights, privileges, and restrictions across the organization.
- Strong Cryptography provides an enhanced level of cryptographic security by supporting an advanced cryptographic mode 2. In this mode the RSA encryption is increased from 1024- to 2048-bit encryption and cryptographic keys are 256 bits instead of 160 bits. There’s also the option of using the SHA-2 hashing algorithm.
With the new enhancements and improvements to Active Directory Services and its suite of components, Windows Server 2012 will be much easier to manage and secure, providing enhanced flexibility in deploying and managing environment.
Learn More About Active Directory Services & Windows Server 2012
Upgrading to Windows Server 2012 is a great way for Windows Server administrators, who are currently using versions of Windows Server 2003 or 2008, to become more efficient technology providers for their clients by offering the benefits of improved Active Directory Services. Most importantly, Awesome Cloud offers each of our channel partners and cloud resellers the opportunity to upgrade to Windows Server 2012 at no additional cost.