- Active Directory Administrative Center: Built on PowerShell, this is a new administrative console that you can use rather than the typical Active Directory Users, Computers, and so forth. While it will not install on computers running Windows Server 2003 or 2008 R1, it can be installed on Windows 7 and/or Windows Server 2008 R2. But the caveat is that you must have at least one Windows Server 2008 R2 domain controller in your domain.
- Active Directory Module for PowerShell: This provides command-line scripting for a host of administrative, configuration, and diagnostic tasks. Initially, this worked only if you had an R2 domain controller, but now you can install the free Active Directory Management Gateway Service (ADMGS) from Microsoft. There are versions for Windows Server 2003 and Windows Server 2008, although you still need Windows Server 2008 R2 (or Windows 7) to access the service.
- Active Directory Best Practices Analyzer: This new management tool collects information about your existing domain and provides areas where best practices can be implemented to improve your Active Directory environment. The caveat again is the requirement to have at least one R2 domain controller for this to work.
- Active Directory Recycle Bin: This provides the ability to undelete an object that has accidentally been deleted. This tool has to be turned on to function, is not GUI-friendly, and requires all domain controllers be running Windows Server 2008 R2 with the forest functional level raised to R2. All that extra work and money for one little tool -- and oddly, you can use a free tool called Active DirectoryRecycleBin provided by Overall Solutions that works on R2 and earlier domains, so you don't need R2 domain controllers at all to have this restore functionality.
There are other features you may want to consider with Active Directory in R2, and they may or may not require R2 domain controllers. From what Microsoft says regarding features of domain or forest level in Windows Server 2008 R2, it looks like the following are the requirements:
- Domain level: Includes all the features of the legacy levels (2000/2003/2008 features) with authentication mechanism assurance and automatic SPN management for services included.
- Forest level: Includes all the features of the legacy levels (2000/2003/2008 features) with the Active Directory Recycle Bin feature.
So what did Jim decide? Will he still go forward with the complete upgrade of all servers (both domain controllers and Member Windows Servers)? Or will he put in place only the servers he needs to add new features? Obviously in tough times such as these, especially as a nonprofit, good financial decisions and spending funds wisely take precedence over simply having the latest and greatest. Jim knows that all too well.
The question is, What would you do?
This story, "Don't upgrade to Windows Server 2008 R2 until you read this," was originally published at InfoWorld.com. Follow the latest developments in Windows and Windows Server at InfoWorld.com.