Through the course of answering questions for SearchWinIT.com's Ask the Expert center, we've noticed one question that frequently crops up from readers. It is about the changes in Active Directory that came about when Windows Server 2003 was released. In this article, we will examine the changes that occurred when the initial release of Windows Server 2003 hit the streets. In a later article, we'll look at additional changes that came about with the release of Windows Server 2003, Service Pack 1.
Same structure; new capabilities
Unlike the transformation in the directory service architecture that took place between Windows NT and Windows 2000, the changes you see between Windows 2000 and Windows Server 2003 are much more incremental in nature. Windows Server 2003 is grounded in the same Active Directory structure in Windows 2000 where each domain controller holds a read-write copy of the AD database, relying on multi-master replication to keep everything up-to-date.
In the Windows Server 2003 Active Directory Users & Computers MMC snap-in, you can now move an object from one location in the directory tree to another by using the familiar drag-and-drop method, rather than being forced to right-click the object and select "Move", as was the case in Windows 2000. You can also now select multiple objects simultaneously for editing or deletion, and save commonly-used queries within the ADUC console window. Although really, if you're going to be working with more than one object at a time, I would recommend that you get out of the MMC console anyway and use command-line tools or scripts to take away some of your administrative burdens.
New command-line tools
Windows Server 2003 includes a number of built-in command-line tools that were not available in Windows 2000, including:
Added feature promotes new domain controllers into a domain
To continue reading for free, register below or login
To read more you must become a member of SearchWindowsServer.com
b>
Another new feature is the "Install from Media" option for promoting new domain controllers into a domain. In Windows 2000, if you needed to install a domain controller at a remote location, you had one of two options:
Enter the "Install From Media" feature. In Windows Server 2003 you can initially populate the Active Directory database using a System State backup from an existing DC, saving you both WAN traffic and shipping costs. For those of us who run extremely decentralized environments, this is one of those "Where has this been all my life?" kinds of features.
Enhanced replication capabilities
Another significant change, particularly for larger environments, is a replication enhancement called linked-value replication for objects such as Active Directory group objects. In Windows 2000, a group's membership list was replicated as one single block of information. This led to a number of potential problems, such as the following:
Linked-value replication solves these problems by replicating these multi-valued attributes separately. In our first example above, the addition of jsmith and the removal of bthomas would be replicated as two separate transactions, allowing both updates to be applied without causing a replication conflict. In our second example, only the individual changes to the group membership will be replicated, greatly streamlining the replication process and removing the 5000-member limitation on Active Directory groups.
In a future installment, we'll talk about more Active Directory changes that came about with Windows Server 2003, focusing specifically on changes that happened when Windows Server 2003 Service Pack 1 was released.
Laura E. Hunter (CISSP, MCSE: Security, MCDBA, Microsoft MVP) is a senior IT specialist with the University of Pennsylvania, where she provides network planning, implementation and troubleshooting services for business units and schools within the university. Hunter is a two-time recipient of the prestigious Microsoft "Most Valuable Professional" award in the area of Windows Server-Networking. She is the author of the Active Directory Field Guide (APress Publishing). You can contact her at laurahcomputing@gmail.com.
