Thumbs-up, thumbs-down: Windows Server 2008 R2 Active Directory

Four new promised features got my special attention. Did they live up to my hopes?

I recently completed a book on Windows Server 2008 where I highlight at the end of each chapter the features coming in Release 2. I was especially curious about four Active Directory features, so after installing the latest release candidate of Windows Server 2008 R2, I focused immediately on the promised Active Directory enhancements. It's one thing to read about a new feature but quite another to see it for yourself and judge the results.

The four R2 features that got me excited were Active Directory Recycle Bin, Best Practices Analyzer, Administrative Center, and Module for PowerShell for Windows. After spending some time with each, here are my thumbs-up/thumbs-down assessments of each.

[ Read J. Peter Bruzzese's blog entry "Why all your PCs should have PowerShell v2 remoting" | Learn more about Windows Server 2008 R2 in his "Win Server 2008 R2 polishes up an already sleek server OS" ]

Active Directory Recycle Bin
Have you ever accidentally deleted an object (like a user or entire OU) and had to restore it? Now you can retrieve those items from a Recycle Bin, back to its state just before deletion, rather than restoring an object from the last system state backup.

My judgment: First off, what a nightmare! You have to enable the feature first in the LDP tool or in PowerShell (the Active Directory module must be imported). Once that is done, you would think that now you would see something in the GUI (such as in Users and Computers, the new Administrative Center) but you don't. So I did a test deletion of a user to figure out how to get stuff out of the Recycle Bin. I had to use the following command to get the user back:

Get-ADObject-Filter {String} -IncludeDeletedObjects | Restore-ADObject

Did it work? Yes. Is that awesome? Yes! Is it simple, graphical, and fun? No! If you have just deleted an organizational unit (OU) filled with very important objects, you are probably going ballistic. You don't want to have to go nuts trying to figure out all the commands.

The verdict: Thumbs sideways. Thumbs-up for the feature, but thumbs-down for its implementation. I'm not against command-line interfaces, but this feature deseves a GUI front end.

Active Directory Best Practices Analyzer
This feature goes through your Active Directory Directory Services, determines if you are meeting best practice standards, and reports back the good, the bad, and the ugly. It also provides instruction on what you need to do to meet best practices for Active Directory. You can locate this feature by looking under the Roles in Server Manager and looking at the Role Status summary for a link to start a scan.

My judgment: I've worked with this tool for Exchange and loved it. Having an Active Directory Best Practices Analyzer is excellent. And although it took a few extra clicks to find what I was looking for, the speedy results were incredibly helpful.

The verdict: Thumbs-p all around. I especially liked the details of an error that was located by showing me the issue, the impact, and the resolution.

Active Directory Administrative Center
The admin center is a new GUI interface that allows you to access the same features as in the Active Directory Users and Computers tool, plus adds a few new features such as a list view and breadcrumb bar navigation. It's really a task-oriented interface based on the new PowerShell cmdlets that will provide another method of administration.

My judgment: I'm torn on this one. I was excited to hear we had a new interface, but not so happy with its clunky look and feel. I don't know why, but I thought installing the Desktop Experience would spruce up the look. It didn't. It feels like I'm working from a Web page instead of an installed application. However, I did like that, when creating a new user, I could include a ton of information immediately, rather than have to use the slow approach of Active Directory Users and Computers in which you first create the user and then go back and alter the properties. But I don't like the Administrative Center's interface when it comes to going back and altering the properties of a user. Again, it feels clunky.

The verdict: I'm going to have to go with a thumbs-down on this one. I wanted more of an Action Center approach here, a combination of all Active Directory tools in one place with a sleek Star Trek TNG-style console.

A new Active Directory Module for Windows PowerShell
This new module (named ActiveDirectory) replaces the large variety of command-line tools that we used to work with Active Directory in times past. Now you have a centralized method of administering AD from the command line. There are about 85 Active Directory-oriented PowerShell cmdlets, making your ability to script Active Directory tasks through PowerShell much easier.

My judgment: I enjoyed the new cmdlets instantaneously. I even found myself spending hours testing all sorts of account management commands, topology commands, and more. I found that the Microsoft PowerShell team has created a blog for Active Directory PowerShell and provided an awesome Getting Started chart of cmdlets.

The verdict: Simply put, thumbs-up!

So have you had a chance to work with any of these features yet? Let me know what you like or don't like about Windows Server 2008 R2!

Copyright © 2009 IDG Communications, Inc.

How to choose a low-code development platform