Windows Server 2025 New Active Directory – OrcaCore
The upcoming Windows Server release is generating considerable buzz. This article, brought to you by Orcacore, delves into Windows Server 2025 New Active Directory, exploring its anticipated release date and the new features that promise significant improvements. We’ll be basing our analysis on the latest preview release of what is expected to be Windows Server 2025.
Introduce Windows Server 2025 New Active Directory and New Features
Windows Server 2022 is the current stable release, supported until October 14, 2031. However, the next iteration, Windows Server 2025 New Active Directory, is already on the horizon and poised to become the next supported version.
Windows Server 2025 Release Date
Historically, Windows Server versions have been released every two to three years. Following this pattern, Windows Server 2025 was anticipated in 2024. Officially Windows Server 2025 was released on 1st November 2024.
Here’s a look at recent Windows Server release dates:
| Windows Server Version | Release Date |
|---|---|
| Windows Server 2016 | 2016-10-15 |
| Windows Server 2019 | 2018-11-13 |
| Windows Server 2022 | 2021-08-18 |
| Windows Server 2025 | 2024-11-01 |
As evident from the table, Microsoft has consistently delivered new server versions every two to three years since Windows Server 2016.
Now, let’s examine the key features and improvements expected in this new version.
New Active Directory in Windows Server 2025
Microsoft has already unveiled some of the new Active Directory features in the Windows Server Insider Preview. Let’s delve into some of the key improvements in the Windows Server 2025 New Active Directory, starting with functional levels within Active Directory.
The new forest functional level is supported, and it is suitable for Active Directory Lightweight Domain Services (AD LDS). These levels provide general support, including support for the 32K database.
There are no functional levels planned for Windows Server 2019 and 2022. Windows Server 2016 has DomainLevel 7 and ForestLevel 7. Windows Server 2025 is expected to have DomainLevel 10 and ForestLevel 10.
These functional levels require a minimum functional level of Windows Server 2016.
In the new Active Directory schema, two additional LDF files, sch89.ldf and sch90.ldf, extend the schema. The MS-ADAM-Upgrade3.ldf file applies equivalent updates for AD LDS.
One of the significant improvements is upgrading the database page size from 8k to 32k. This overcomes a previous limitation. New domain controllers will employ a 32k page database and utilize 64-bit Long Value IDs after installation, while maintaining compatibility through an “8k page mode.”
Performance controllers are used for different functions, including monitoring and troubleshooting for client and server-specific counters.
New active directory also includes security advanced features introduced in LDAP support, cryptographic upgrades in Kerberos, and other security-related enhancements.
These features have been introduced in the preview build, but official information about Windows Server 2025 New Active Directory is still limited. Microsoft aims to provide a new, improved server with cloud solutions, advanced command-line utilities, and enhanced storage solutions.
Will there be Windows Server 2025?
Based on the preview release, a new server version was expected soon. It was assumed that Windows Server 2025 New Active Directory would arrive in 2024, which it did on 1st November 2024.
What is the last version of Windows Server?
Currently, Windows Server 2022 is the latest generally available version of Microsoft’s server operating system. You can find guides and articles about Windows Server 2022 by visiting the Windows Server Tutorials section on Orcacore.
How often is Windows Server released?
New versions of Windows Server are typically released every two to three years. Hence, the expectation of Windows Server 2025 New Active Directory in 2024.
How To Download Windows Server 2025?
Officially Windows Server 2025 ISO (64-bit) is Available for download With ARM64 architecture From the Official Website.
Conclusion
This article explored the upcoming Windows Server, which is considered to be Windows Server 2025 New Active Directory, and highlighted its anticipated features. Final details await the official release. Stay tuned for updates.
You might also be interested in learning about the potential new Windows Client, rumored to be Windows 12. Check out the guide on Windows 12 Introduction – Release Date and Features for more information.
Also, you may like to read Configuring a Static IP on Windows Server 2025.
Alternative Solutions and Code Examples
The original article primarily focuses on the new features and release details of Windows Server 2025 New Active Directory. While it mentions improvements to Active Directory, it doesn’t present a specific problem to solve with alternative solutions. However, we can extrapolate from the mentioned features and address potential challenges related to Active Directory management that can be solved in different ways. Let’s consider two scenarios:
Scenario 1: Automating Active Directory User Creation and Management
The traditional method of creating and managing Active Directory users involves using the Active Directory Users and Computers (ADUC) GUI or PowerShell cmdlets directly on a domain controller. This can be time-consuming and prone to errors, especially when dealing with large numbers of users.
Original Approach (PowerShell on a Domain Controller):
New-ADUser -Name "John Doe" -SamAccountName "johndoe" -UserPrincipalName "johndoe@example.com" -GivenName "John" -Surname "Doe" -Path "OU=Users,DC=example,DC=com" -AccountPassword (ConvertTo-SecureString "P@sswOrd123" -AsPlainText -Force) -Enabled $trueAlternative Solution 1: Using a Dedicated User Management Tool
Instead of directly manipulating Active Directory objects, consider using a dedicated user management tool. These tools often provide a web-based interface, role-based access control, and workflow automation capabilities. Some popular options include:
- ManageEngine ADManager Plus: A comprehensive AD management solution with features for user provisioning, deprovisioning, and reporting.
- SolarWinds Access Rights Manager: Focuses on security and compliance, offering features for access rights analysis and auditing.
- Okta Lifecycle Management: A cloud-based identity and access management (IAM) solution that integrates with Active Directory.
Benefits:
- Simplified Management: User-friendly interfaces and automated workflows reduce the complexity of AD management.
- Improved Security: Role-based access control and auditing features enhance security and compliance.
- Reduced Errors: Automation minimizes the risk of human error during user creation and modification.
- Delegation of Tasks: Allows you to delegate user management tasks to helpdesk staff or other authorized personnel without granting them full administrative access to Active Directory.
Alternative Solution 2: Infrastructure as Code (IaC) with Terraform or Ansible
Infrastructure as Code (IaC) allows you to define and manage your infrastructure, including Active Directory objects, using code. This approach promotes consistency, repeatability, and version control.
Example (Terraform):
resource "ad_user" "john_doe" {
name = "John Doe"
user_principal_name = "johndoe@example.com"
sAMAccountName = "johndoe"
given_name = "John"
surname = "Doe"
path = "OU=Users,DC=example,DC=com"
password = "P@sswOrd123"
enabled = true
}Explanation:
- This Terraform configuration defines an Active Directory user named "John Doe."
- It specifies the user’s attributes, such as name, user principal name, sAMAccountName, and password.
- The
pathattribute defines the organizational unit (OU) where the user will be created. - When you apply this configuration using
terraform apply, Terraform will create the user in Active Directory.
Benefits:
- Infrastructure as Code: Manage Active Directory objects using code, enabling version control and collaboration.
- Automation: Automate the creation and modification of Active Directory objects.
- Consistency: Ensure consistent configurations across your Active Directory environment.
- Idempotency: Terraform is idempotent, meaning it only makes changes if they are necessary to bring the infrastructure into the desired state.
Scenario 2: Monitoring Active Directory Health and Performance
The original article mentions performance controllers for monitoring and troubleshooting. A common problem is proactively identifying and resolving issues before they impact users.
Original Approach (Using Performance Monitor and Event Logs):
This involves manually configuring performance counters in Performance Monitor (perfmon.exe) and reviewing event logs on domain controllers. This is reactive and requires significant manual effort.
Alternative Solution 1: Using a Dedicated Active Directory Monitoring Tool
Similar to user management, dedicated monitoring tools provide a more comprehensive and proactive approach to monitoring Active Directory.
- SolarWinds Server & Application Monitor (SAM): Offers deep monitoring of Active Directory and other server applications, providing alerts and dashboards for performance and availability issues.
- Datadog: A cloud-based monitoring platform that integrates with Active Directory, providing real-time insights into performance and security.
- Paessler PRTG Network Monitor: A unified monitoring solution that can monitor Active Directory, network devices, and servers.
Benefits:
- Proactive Monitoring: Identifies potential issues before they impact users.
- Centralized Monitoring: Provides a single pane of glass for monitoring the entire Active Directory environment.
- Alerting and Reporting: Notifies administrators of critical issues and generates reports on performance and availability.
- Root Cause Analysis: Helps identify the root cause of performance issues.
Alternative Solution 2: Using PowerShell Scripting and Scheduled Tasks
You can create custom PowerShell scripts to monitor specific aspects of Active Directory health and performance and schedule them to run regularly using Task Scheduler.
Example (PowerShell):
# Check replication status
$ReplicationStatus = Get-ADReplicationPartnerMetaData -Target "dc1.example.com" -Scope Server | Where-Object {$_.LastReplicationStatus -ne "0"}
if ($ReplicationStatus) {
Write-Warning "Replication issues detected!"
# Send an email notification or log the error
}
# Check for failed logon attempts
$FailedLogons = Get-WinEvent -LogName Security -MaxEvents 100 -FilterXPath "//Event[System[Provider[@Name='Microsoft-Windows-Security-Auditing'] and (EventID=4625)]]"
if ($FailedLogons) {
Write-Warning "Failed logon attempts detected!"
# Send an email notification or log the error
}Explanation:
- The first part of the script checks the replication status of the domain controller "dc1.example.com."
- It retrieves replication metadata and filters for replication partners with a non-zero
LastReplicationStatus, indicating a replication error. - The second part of the script checks for failed logon attempts in the Security event log.
- It retrieves the last 100 events with Event ID 4625, which indicates a failed logon attempt.
- If either replication issues or failed logon attempts are detected, the script writes a warning message.
- You can extend this script to send email notifications or log the errors for further investigation.
Benefits:
- Customizable: Tailor the scripts to monitor specific aspects of Active Directory health and performance.
- Cost-Effective: No additional software licenses are required.
- Automated: Schedule the scripts to run regularly using Task Scheduler.
- Integration: Integrate the scripts with existing monitoring and alerting systems.
These alternative solutions demonstrate that managing and monitoring Active Directory can be approached in various ways, each offering unique benefits and catering to different needs and preferences. The best approach depends on the organization’s size, complexity, and available resources. These improvements with Windows Server 2025 New Active Directory help streamline the process and allow for more robust solutions.
