{"id":36,"date":"2014-04-29T19:00:51","date_gmt":"2014-04-30T00:00:51","guid":{"rendered":"http:\/\/blog.metcorp.org\/?p=36"},"modified":"2014-04-29T20:27:56","modified_gmt":"2014-04-30T01:27:56","slug":"ad-reading-windows-server-2012-active-directory-features","status":"publish","type":"post","link":"https:\/\/adsecurity.org\/?p=36","title":{"rendered":"AD Reading: Windows Server 2012 Active Directory Features"},"content":{"rendered":"<p>The following are extremely useful resources for Windows Server 2012 Active Directory Features.<\/p>\n<p>&nbsp;<\/p>\n<p><strong>Windows 2012 Features<\/strong><\/p>\n<ul>\n<li><a href=\"http:\/\/channel9.msdn.com\/Events\/TechEd\/NorthAmerica\/2012\/SIA312\">TechED: What&#8217;s New in Active Directory in Windows Server 2012<\/a> (Dean Wells\u2019 presentation at TechEd)<\/li>\n<li><a href=\"http:\/\/blogs.technet.com\/b\/askpfeplat\/archive\/2012\/09\/10\/how-many-windows-server-2012-domain-controllers-do-i-need-initially-and-where-should-i-put-them.aspx?Redirected=true\">How many Windows Server 2012 domain controllers do I need initially and where should I put them?<\/a><\/li>\n<li>PowerShell version 3 commandlets including Active Directory Replication and Topology:<a href=\"http:\/\/technet.microsoft.com\/en-us\/library\/hh831757.aspx\">Introduction <\/a>&amp; <a href=\"http:\/\/technet.microsoft.com\/en-us\/library\/jj574083.aspx\">Advanced <\/a>Topics<\/li>\n<\/ul>\n<p><strong>Group Managed Service Accounts (gMSA)<\/strong><\/p>\n<ul>\n<li><a href=\"http:\/\/technet.microsoft.com\/en-us\/library\/jj128431.aspx\">Getting Started with Group Managed Service Accounts<\/a><\/li>\n<li><a href=\"http:\/\/technet.microsoft.com\/en-us\/library\/hh831782.aspx\">Group Managed Service Accounts Overview<\/a><\/li>\n<li><a href=\"https:\/\/blogs.technet.com\/b\/askpfeplat\/archive\/2012\/12\/17\/windows-server-2012-group-managed-service-accounts.asp\">Windows Server 2012: Group Managed Service Accounts<\/a><\/li>\n<li><\/li>\n<\/ul>\n<p><strong>RID Protection<\/strong><\/p>\n<ul>\n<li><a href=\"http:\/\/technet.microsoft.com\/en-us\/library\/jj574229.aspx\">TechNet Article: Managing RID Issuance<\/a><\/li>\n<li><a href=\"https:\/\/blogs.technet.com\/b\/askds\/archive\/2012\/08\/10\/managing-rid-issuance-in-windows-server-2012.aspx?Redirected=true\">ASKDS Blog Article: Managing RID Issuance in Windows Server 2012<\/a><\/li>\n<\/ul>\n<p><strong>DC Cloning &amp; SafeGuarding<\/strong><\/p>\n<ul>\n<li><a href=\"https:\/\/blogs.technet.com\/b\/askpfeplat\/archive\/2012\/10\/01\/virtual-domain-controller-cloning-in-windows-server-2012.aspx?Redirected=true\">Virtual Domain Controller Cloning in Windows Server 2012<\/a><\/li>\n<li><a href=\"http:\/\/technet.microsoft.com\/en-us\/library\/hh831734.aspx\">Microsoft Article: Introduction to Active Directory Domain Services (AD DS) Virtualization (Level 100)<\/a><\/li>\n<li><a href=\"https:\/\/www.microsoft.com\/en-us\/download\/details.aspx?id=30707\">Microsoft Virtual Machine Generation ID Whitepaper document<\/a><\/li>\n<li><a href=\"http:\/\/blogs.virtualizationadmin.com\/lowe\/2012\/07\/31\/virtualize-your-windows-server-2012-domain-controllers\/\">Virtualize your Windows Server 2012 domain controllers<\/a><\/li>\n<li><a href=\"http:\/\/support.microsoft.com\/kb\/888794\">Things to consider when you host Active Directory domain controllers in virtual hosting environments<\/a><\/li>\n<li><a href=\"http:\/\/technet.microsoft.com\/en-us\/library\/jj574223.aspx\">Virtualized Domain Controller Deployment and Configuration<\/a><\/li>\n<li><a href=\"http:\/\/technet.microsoft.com\/en-us\/subscriptions\/hh446580%28v=vs.85%29.aspx\">ms-DS-Generation-Id Attribute<\/a><\/li>\n<li><a href=\"https:\/\/blogs.technet.com\/b\/askpfeplat\/archive\/2012\/10\/01\/virtual-domain-controller-cloning-in-windows-server-2012.aspx?Redirected=true\">Virtual Domain Controller Cloning in Windows Server 2012<\/a><\/li>\n<li><a href=\"https:\/\/blogs.technet.com\/b\/keithmayer\/archive\/2012\/08\/06\/safely-cloning-an-active-directory-domain-controller-with-windows-server-2012-step-by-step-ws2012-hyperv-itpro-vmware.aspx?Redirected=true\">Safely Cloning an Active Directory Domain Controller with Windows Server 2012 \u2013 Step-by-Step<\/a><\/li>\n<li><a href=\"http:\/\/technet.microsoft.com\/en-us\/library\/jj574223.aspx\">Virtualized Domain Controller Deployment and Configuration<\/a><\/li>\n<li><a href=\"http:\/\/technet.microsoft.com\/en-us\/library\/jj158947.aspx\">New-ADDCCloneConfigFile<\/a><\/li>\n<\/ul>\n<p><strong><br \/>\nDynamic Access Control (DAC)<\/strong><\/p>\n<ul>\n<li><a href=\"https:\/\/blogs.technet.com\/b\/windowsserver\/archive\/2012\/05\/22\/introduction-to-windows-server-2012-dynamic-access-control.aspx?Redirected=true\">Introduction to Windows Server 2012 Dynamic Access Control<\/a><\/li>\n<li><a href=\"https:\/\/www.microsoft.com\/en-us\/download\/confirmation.aspx?id=36830\">Understand and Troubleshoot Dynamic Access Control in Windows Server 2012<\/a> (Word doc download)<\/li>\n<li><a href=\"https:\/\/blogs.technet.com\/b\/filecab\/archive\/2012\/05\/29\/getting-started-with-central-access-policies-reducing-security-group-complexity-and-achieving-data-access-compliance-using-dynamic-access-control.aspx?Redirected=true\">Getting started with Central Access Policies &#8211; Reducing security group complexity and achieving data access compliance using Dynamic Access Control<\/a><\/li>\n<li><a href=\"http:\/\/msdn.microsoft.com\/en-us\/library\/windows\/desktop\/jj552966%28v=vs.85%29.aspx\">MSDN Article on Dynamic Access Control (DAC)<\/a><\/li>\n<li><a href=\"http:\/\/technet.microsoft.com\/en-us\/library\/hh846167.aspx\">DAC Scenario<\/a><\/li>\n<\/ul>\n<p><strong>Kerberos FAST<\/strong><\/p>\n<ul>\n<li><a href=\"https:\/\/tools.ietf.org\/html\/rfc6113\">RFC6113\u00a0\u00a0 A Generalized Framework for Kerberos Pre-Authentication<\/a><\/li>\n<li><a href=\"http:\/\/technet.microsoft.com\/en-us\/library\/hh831747.aspx\">What&#8217;s New in Kerberos Authentication<\/a><\/li>\n<li><a href=\"http:\/\/technet.microsoft.com\/en-us\/library\/jj134043.aspx\">Access Control and Authorization Overview<\/a>\u2013 covers domain requirements for Kerberos armoring and group policy settings.<\/li>\n<\/ul>\n<p><strong>Kerberos Constrained Delegation Enhancements<\/strong><\/p>\n<ul>\n<li><a href=\"http:\/\/technet.microsoft.com\/en-us\/library\/jj553400.aspx\">Kerberos Constrained Delegation Overview<\/a><\/li>\n<li><a href=\"http:\/\/windowsitpro.com\/security\/how-windows-server-2012-eases-pain-kerberos-constrained-delegation-part-1\">How Windows Server 2012 Eases the Pain of Kerberos Constrained Delegation<\/a><\/li>\n<\/ul>\n<p>o\u00a0\u00a0 <a href=\"windowsitpro.com\/security\/how-windows-server-2012-eases-pain-kerberos-constrained-delegation-part-1\">Part 1<\/a><\/p>\n<p>o\u00a0\u00a0 <a href=\"http:\/\/windowsitpro.com\/security\/how-windows-server-2012-eases-pain-kerberos-constrained-delegation-part-2\">Part 2<\/a><\/p>\n<ul>\n<li><a href=\"http:\/\/msdn.microsoft.com\/library\/cc246071%28PROT.13%29.aspx\">[MS-SFU]: Kerberos Protocol Extensions: Service for User and Constrained Delegation Protocol Specification<\/a><\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p><strong>Kerberos Proxy<\/strong><\/p>\n<ul>\n<li><a href=\"http:\/\/technet.microsoft.com\/en-us\/library\/hh831553.aspx\">Kerberos Authentication Overview<\/a><\/li>\n<li><a href=\"https:\/\/blogs.technet.com\/b\/mspfe\/archive\/2012\/09\/20\/enriched-remote-access-experience-in-windows-server-2012.aspx?Redirected=true\">Enriched Remote Access experience in Windows Server 2012<\/a><\/li>\n<li><a href=\"http:\/\/technet.microsoft.com\/en-us\/library\/cc961964.aspx\">Delegation of Authentication<\/a><\/li>\n<li><a href=\"http:\/\/msdn.microsoft.com\/en-us\/library\/hh553774.aspx\">[MS-KKDCP]: Kerberos Key Distribution Center (KDC) Proxy Protocol<\/a><\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>The following are extremely useful resources for Windows Server 2012 Active Directory Features. &nbsp; Windows 2012 Features TechED: What&#8217;s New in Active Directory in Windows Server 2012 (Dean Wells\u2019 presentation at TechEd) How many Windows Server 2012 domain controllers do I need initially and where should I put them? PowerShell version 3 commandlets including Active &hellip; <\/p>\n<p><a class=\"more-link btn\" href=\"https:\/\/adsecurity.org\/?p=36\">Continue reading<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[5,6],"class_list":["post-36","post","type-post","status-publish","format-standard","hentry","category-technical-reading","tag-adreading","tag-mcm","item-wrap"],"_links":{"self":[{"href":"https:\/\/adsecurity.org\/index.php?rest_route=\/wp\/v2\/posts\/36","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/adsecurity.org\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/adsecurity.org\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/adsecurity.org\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/adsecurity.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=36"}],"version-history":[{"count":1,"href":"https:\/\/adsecurity.org\/index.php?rest_route=\/wp\/v2\/posts\/36\/revisions"}],"predecessor-version":[{"id":37,"href":"https:\/\/adsecurity.org\/index.php?rest_route=\/wp\/v2\/posts\/36\/revisions\/37"}],"wp:attachment":[{"href":"https:\/\/adsecurity.org\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=36"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/adsecurity.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=36"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/adsecurity.org\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=36"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}