March 27, 2012

Part 1 - Active Directory

One of the most stable and well designed pieces of software to come out of Microsoft – ever – is Active Directory.  While its development was riddled with twists and turns (and the occasional run in with Novell), the identity platform for millions of businesses is a stalwart of stability.  Few outside IT Administrators ever know of its existence – and that is the point.  The basic ability to authenticate and gain access to corporate resources, be that a computer, a server or a file would not work without the consistent resiliency of this gorgeous database.

The biggest advantages of Active Directory over other products is its ubiquity.  Microsoft has spent untold sums making it accessible and secure to a variety of applications – the entire MSFT stack included.  It also is the underpinning of major infrastructural components of many software packages including Exchange, Lync, SharePoint and thousands of LoB applications.  In recent versions, it has gained prominence in the realm of federation, enabling businesses to seamlessly federate their authentication and authorization stores using technologies like ADFS and Claims Authentication.  The changes in WS8 around Active Directory continue to provide support for the major system components from previous versions (great backward compatibility) as well as the new features throughout Windows Server (describe later in this series) and support administrators by addressing common pain points.  Here’s what’s new!

Simplified Deployment – similar to Windows 8 Client where everything is touch first, in WS8, everything is PowerShell first!  Deploying Active Directory is so much easier now that it can be accurately scripted.  All but the smallest companies have needs to deploy multitudes of AD servers.  In WS8, you can deploy AD on multiple servers at once, export your GUI based configuration to a series of PowerShell scripts and can clone brand new Domain Controllers (think sysprep on steroids) for rapid AD forest topology builds.

Safer Virtualization Support – this exact issue has bitten me!  What’s the cardinal sin with virtual machines and Active Directory?  DON’T P2V a DC (without following very complex prescriptive processes).  The dreaded rollback USN will bite you.  AD in WS8, however, recognizes that virtual domain controllers are what enterprises need, so they’ve built in additional replication logic to keep time synchronized with hosts and algorithms that keep things in check when they are virtualized.

These three updates with AD, along with refined management experiences, new/simpler PowerShell commands will make administering your forest much easier.  I’ll update this post as more information is learned about any of the underpinnings of AD – I’m particularly interested to see if the schema has changed any!