New Server Roles and Features

Chapter 1, “Getting Started with Windows Server 2008 Active Directory,” introduced the concept of server roles, which are specific functions that a server can perform on the network, including Active Directory Domain Services (AD DS). Active Directory in Windows Server 2008 includes the following additional server roles, which we introduce here and provide additional details for later in this chapter:

• Active Directory Lightweight Directory Services (AD LDS)— Provides a storage location for directory-enabled application data. AD LDS is an upgrade to the Active Directory Application Mode (ADAM) introduced in Windows Server 2003 and enhanced in the R2 release. Essentially, it is a stripped-down version of AD DS without the overhead of domains and forests.

• Active Directory Rights Management Services (AD RMS)— Uses a certification base to confirm the identity of users or information on the network, thereby protecting the information from unauthorized access. AD RMS also provides a licensing service that confirms the privileges of users accessing information and a logging service for monitoring and troubleshooting purposes.

• Active Directory Federation Services (AD FS)— Provides a single sign-on capability for authenticating users to multiple web-based applications. AD FS security shares credentials across enterprise boundaries. Consequently, users needing access to these applications are not required to have additional user accounts.

• Active Directory Certificate Services (AD CS)— Provides a centralized certification authority (CA) for creating, managing, revoking, and working with digital certificates that verify the identity of individuals and applications within and beyond the domain environment. Active Directory Certificate Services are discussed in Chapter 9, “Active Directory Certificate Services.”