Information Technology Reference
In-Depth Information
Global Catalog Replication Enhancements
When an administrator adds a new attribute
to the global catalog, only those changes are replicated to other global catalogs in the for-
est. This can significantly reduce the amount of network traffic generated by replication.
Defunct Schema Classes and Attributes
You can never permanently remove classes and
attributes from the Active Directory schema. However, you can mark them as defunct so
that they cannot be used. With Windows Server 2003, Windows Server 2008, Windows
Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2 forest functional-
ity, you can redefine the defunct schema attribute so that it occupies a new role in the
schema.
Forest Trusts
Previously, system administrators had no easy way of granting permission
on resources in different forests. Windows Server 2003, Windows Server 2008, Windows
Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2 resolve some of
these difficulties by allowing trust relationships between separate Active Directory forests.
Forest trusts act much like domain trusts, except that they extend to every domain in two
forests. Note that all forest trusts are intransitive.
Linked Value Replication
Windows Server 2003, Windows Server 2008, Windows Server
2008 R2, Windows Server 2012, and Windows Server 2012 R2 use a concept called
linked
value replication
. With linked value replication, only the user record that has been changed
is replicated (not the entire group). This can significantly reduce network traffic associated
with replication.
Renaming Domains
Although the Active Directory domain structure was originally
designed to be flexible, there were several limitations. Because of mergers, acquisitions, cor-
porate reorganizations, and other business changes, you may need to rename domains. In
Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Server
2012, and Windows Server 2012 R2 you can change the DNS and NetBIOS names for any
domain. Note that this operation is not as simple as just issuing a
rename
command. Instead,
there's a specific process that you must follow to make sure the operation is successful. For-
tunately, when you properly follow the procedure, Microsoft supports domain renaming
even though not all applications support it.
Other Features
Windows Server 2008, Windows Server 2008 R2, Windows Server 2012,
and Windows Server 2012 R2 also support the following features:
Improved replication algorithms and dynamic auxiliary classes are designed to
increase performance, scalability, and reliability.
■
Active Directory Federation Services (AD FS)
, also known as
Trustbridge
, handles
federated identity management.
Federated identity management
is a standards-
based information technology process that enables distributed identification,
authentication, and authorization across organizational and platform boundaries.
The ADFS solution in Windows Server 2003 R2, Windows Server 2008,
Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2
helps administrators address these challenges by enabling organizations to share a
user's identity information securely.
■
Search WWH ::
Custom Search