Cupfighter.net

Remote Management.
Well finally, PowerShell v2 is included and holds an AD Module, so the Quest ActiveRoles Management Shell for Active Directory is now ‘sort of’ native.  A comprehensive set of AD cmdlets for AD DS and AD LDS administration, configuration and diagnostic tasks.

PowerShell drives for AD will simplify navigation in AD Directory Services. And most of all: certain tasks can only be achieved through PowerShell hurrah for the shell.

AD Web services (ADWS) will create a web service ‘gateway’ for managing windows 2008 R2 servers through PowerShell. Be sure you have port 9289 opened on the firewalls and your home free.

For backward compatibility Active Directory Management Gateway Service (ADMGS) is available for Windows Server 2003 and 2008, however this does not support instances of AD Mounting Tool (get-PSdrive)

AD Administrative Center
The users and computers interface is enriched by progressive disclosure of data, which means, the interface builds up navigation history and anticipates on tasks you’re about to do and fill the interface accordingly. Big plus is that you can connect to multiple domains at the same time.

Managed Service Accounts
Currently using built in accounts for services does not provide service isolation. And in case we run the services using standard user accounts with some extensive privileges. But then again, changing services account passwords on a regular basis did cause some unexpected service failures.

So managed service accounts are presented, though the accounts must be created and managed through Windows PowerShell. J. It’s delivered in three steps. The sweet thing is that a reset of the password is done on a regular basis (default by 30 days) by the system itself.

However:
1: Service / application requiring managed account must be running on Windows 7 or Server 2008 R2
2: Managed accounts cannot be shared across multiple servers

The latter is a major setback since the whole security of the password changes are embedded, so why don’t enable it cross hosts, so keep it simple and transparent does not apply here.

Djoin.exe
Now, Windows 7 or Windows 2008 R2 machines can be joined to a domain while offline, it’s not PowerShell driven though. During deployment the machine has already domain joined the domain at startup, so no reboot required. This will definitely speed up deployment of VMs and scripted installs. The sysprep process will create a new section in unattended.xml to supports offline domain joins which will actually simplifies domain joins to RODCs.

Recycle Bin for AD
Here it is: a fast and decent failsafe of accidently deletion of AD objects; the recycle bin for AD.
You need to promote to 2008 R2 Forest functionality and, of course, it’s PowerShell driven.
Bear in mind, once enabled it cannot be disabled, but then again, it restores all attributes including linked attributes.  Of course it will impact storage, but no more than 5 -10% increase of the AD database. Here is how it will work: