Professional Documents
Culture Documents
Share and collaborate on documents, send and receive email, manage your calendar and have
video chats without data leaks
As fully on-premises solution, this drive provides the benefits of online collaboration without
the compliance and security risks.
First completely integrated on-premises content collaboration platform on the market, ready for
a new generation of users who expect seamless online collaboration capabilities out of the box.
Customizable Front Page :
Active Directory uses DNS as its domain controller location mechanism. When any of the
principal Active Directory operations, such as authentication, updating, or searching, is
performed, domain joined computers use DNS to locate Active Directory domain controllers,
and these domain controllers use DNS to locate each other. For example, when a network user
with an Active Directory user account logs on to an Active Directory domain, the user’s
computer uses DNS to locate a domain controller for the Active Directory domain to which
the user wants to log on.
Your AD server looks like this,
Introducing AD LDS
For organizations that require flexible support for directory-enabled applications, Microsoft
has developed Active Directory Lightweight Directory Services (AD LDS). AD LDS is a
Lightweight Directory Access Protocol (LDAP) directory service.
AD LDS provides data storage and retrieval for directory-enabled applications, without the
dependencies that are required for Active Directory Domain Services (AD DS). AD LDS
provides much of the same functionality as AD DS, but it does not require the deployment of
domains or domain controllers. You can run multiple instances of AD LDS concurrently on a
single computer, with an independently managed schema for each AD LDS instance.
Active Directory Lightweight Directory Services
A directory-enabled application uses a directory, rather than (or in addition to) a database, flat file,
or other data storage structure, to hold its data. Many off-the-shelf applications, as well as many
custom applications, use a directory-enabled design. Examples of the types of applications that
often use a directory-enabled design include customer relationship management (CRM)
applications, human resource (HR) applications, and global address book applications.
Directory services (such as AD LDS) and relational databases both provide data storage and
retrieval, but they differ in their optimization. Directory services are optimized for read processing,
while relational databases are optimized for transaction processing. In general, consider
implementing a directory service if your application reads data more frequently than it writes data.
Consider implementing a relational database if your application writes or modifies data more
frequently than it reads data.
Privileged access management
Privileged access management (PAM) helps mitigate security risk for AD environments that
are caused by credential theft techniques such as pass-the-hash, spear phishing, and similar
types of other attacks.
In simple word its a new way of administrative access method which is configured using
Microsoft Identity Manager (MIM), Microsoft Identity Manager creates a new AD forest
which is isolated for the use of privileged accounts only, this will provide workflows to grant
additional administrative privileges with an approval, and shadow security principals
(groups) that are provisioned in the bastion forest by MIM in response to administrative
privilege requests on Live Domain
Group membership expiration
Active Directory 2016 is supported group membership expiration, you can add a user to
a group for a certain period of time. Currently, 3rd party tools have been used to achieve
this on pre-windows server 2016, which is a handy solution for many applications, so
that you can provide administrator privileges only for a time to do any high privilege
task
Active Directory Administrative Center Fine-Grained Password
Policy
The Fine-Grained Password policy, which allows administrators to configure multiple password
and account lockout policies per domain. This allows domains a flexible solution to enforce
more or less restrictive password rules, based on users and groups. It had no managerial
interface and required administrators to configure it using Ldp.exe or Adsiedit.msc. Windows
Server 2008 R2 introduced the Active Directory module for Windows PowerShell, which
granted administrators a command-line interface to FGPP.