Check out @gT_aKa_Pratik’s Tweet: https://twitter.com/gT_aKa_Pratik/status/859625211167219712?s=09
You Might have wonder whats new in Windows Server 2016 & its new features with Active directory.
So here i am gonna share few details which will help you out to answer your queries.
Active Directory levels
Windows Server forest and domain functional levels are updated in 2016. File Replications Services (FRS) which Server 2003 use to replicate SYSVOL and its folder contents will not work on Windows Server 2016. Organisations should therefore raise the functional of a domain to Windows Server 2008 or higher to ensure SYSVOL replication continues to work in future.
Privileged Access Management
Privileged Access Management (PAM) is a feature that is configured by Microsoft Identity Manager (MIM) which is based on two concepts, Just-In-Time (JIT) Administration and Just Enough Administration (JEA). It gives you much more granularity over the management of admin accounts and administrative privileges which seem to grow and grow. When PAM is configured, MIM creates a new AD forest which is isolated for the use of privileged accounts, negating the need to upgrade all Servers to 2016. MIM will then provide workflows to grant additional administrative privileges, and this is shadowed in the groups trusted forest on the live domain. Users can be also added to a group with a limited amount of time set for that membership. Monitoring capabilities help identify who requested access, what was granted and what activities they performed.
Azure AD Join
Server 2016 allows authenticating against Server 2016. This means passwords to your server do not have to be exposed outside of the local environment, and also enables Azure AD functionality to enhance the identity experience for organisation through features such as Single Sign-on and Mobile Device Management.
This is Microsoft new key-based authentication that goes beyond passwords. This form of authentication relies on a breach, theft, and phish-resistant credentials. Through two-factor authentication, it aim is to provide more security of a conventional password, without the complexity of solutions like physical smart cards. The solution is paired with Microsoft Hello, the built-in biometric sign-in for Windows 10 Pro.
Time Synchronisation Improvements
While a small detail, any Administrator will know the pain of a set of domain controllers or workstations even that are out of sync with time. Windows Server 2016 has included several updates to domain time synchronisation to help mitigate some of these problems. They include eliminating rounding errors that build up over time, increasing the frequency of synchronisations and enhancing the accuracy of synchronisation tup to tens of microseconds.
Group Membership Expiration
As mentioned in PAM section, Windows Server 2016 adds support for time limited group membership, allowing administrators to add a user to a security group for a limited period of time and set an expiry, without having to worry about manually removing the user from the group.
I hope this new features will excite Windows & AD lovers & also it will help Administrators to make their tasks easy & smooth.