There are 10 major differences are available in 2008 AD.
- Active Directory Recycle Bin: Information Technology (IT) professionals can use Active Directory Recycle Bin to undo an accidental deletion of an Active Directory object. Accidental object deletion causes business downtime. See What’s New in AD DS: Active Directory Recycle Bin.
- Active Directory module for Windows PowerShell and Windows PowerShell™ cmdlets:
The Active Directory module for Windows PowerShell provides command-line scripting for administrative, configuration, and diagnostic tasks, with a consistent vocabulary and syntax, see What’s New in AD DS: Active Directory Module for Windows PowerShell.
- Active Directory Administrative Center: The Active Directory Administrative Center has a task-oriented administration model, with support for larger datasets. The Active Directory Administrative Center can help increase the productivity of IT professionals by providing a scalable, task-oriented user experience for managing AD DS, see What’s New in AD DS: Active Directory Administrative Center.
- Active Directory Best Practices Analyzer: The Active Directory Best Practices Analyzer (BPA) identifies deviations from best practices to help IT professionals better manage their Active Directory deployments. BPA uses Windows PowerShell cmdlets to gather run-time data, see What’s New in AD DS: Active Directory Best Practices Analyzer.
- Active Directory Web Services: Active Directory Web Services (ADWS) provides a Web service interface to Active Directory domains and AD LDS instances, including snapshots, that are running on the same Windows Server 2008 R2 server as ADWS. For more information, see What’s New in AD DS: Active Directory Web Services.
- Authentication Mechanism Assurance: Authentication Mechanism Assurance makes it possible for applications to control resource access based on authentication strength and method. Administrators can map various properties, including authentication type and authentication strength, to an identity. Based on information that is obtained during authentication, these identities are added to Kerberos tickets for use by applications. For more information, see What’s New in AD DS: Authentication Mechanism Assurance.
- Offline Domain Join: Offline domain join makes provisioning of computers easier in a datacenter. You can use offline domain join to join computers to a domain without contacting a domain controller over the network. You can join computers to the domain when they first start up after an operating system installation. It provides the ability to preprovision computer accounts in the domain to prepare operating system images for mass deployment. Computers are joined to the domain when they first start. This reduces the steps and time necessary to deploy computers in a datacenter. For more information, see What’s New in AD DS: Offline Domain Join.
- Managed Service Accounts: Managed Service Accounts provide simple management of service accounts. At the Windows Server 2008 R2 domain functional level, this feature provides better management of service principal names (SPNs). Managed Service Accounts help lower total cost of ownership (TCO) by reducing service outages (for manual password resets and related issues). You can run one Managed Service Account for each service that is running on a server, without any human intervention for password management. For more information, see the Service Accounts Step-by-Step Guide (http://go.microsoft.com/fwlink/?LinkId=134695).
- Active Directory Management Pack: The Active Directory Management Pack enables proactive monitoring of availability and performance of AD DS. It discovers and detects computer and software states, and it is aligned with the health state definitions. The Active Directory Management Pack works with Windows Server 2008 and Windows Server 2008 R2 and Microsoft® Systems Center Operations Manager 2007.
- Bridgehead Server Selection: The bridgehead server selection process enables domain controllers to load balance incoming connections. The new logic for bridgehead server selection allows for even distribution of workload among bridgehead servers