Windows Server 2003 Versus Windows Server 2003 R2

Windows Server 2003 Versus Windows Server 2003 R2

Microsoft has consistently extended release dates for future versions of Windows Server, so they decided to release an interim version of Windows Server 2003, which includes Service Pack 1 as well as several new optional components. Some of these new optional components, such as Active Directory Application Mode (ADAM), are available via Web downloads, but Microsoft chose to package them on the R2 CD to make them available to a wider audience. In addition, some users question Microsoft's commitment to software that is only available from its web site; making the components part of the Core OS dispels any doubts on Microsoft's support position.

Service Pack 1 offers a considerable number of improvements for Windows Server 2003. As with Windows XP Service Pack 2 , many of the changes are security related correcting issues in Internet Explorer and offering new firewall functionality, Figure gives an overview of the Active Directory specific updates.

Windows Server 2003 SP1 Active Directory enhancements



Directory service backup reminders

Special messages logged to the Directory Service event log if directory partitions are not backed up.

Additional replication security and fewer replication errors

Replication metadata for domain controllers removed from the domain is now removed. This enhances directory security and eliminates replication error messages related to the deleted domain controllers.

Install from media improvements for installing DNS Servers

New option to include application directory partitions in the backup media eliminates the requirement for network replication of DomainDNSZone and ForestDNSZones application directory partitions before the DNS Server is operational.

Updated tools

Newer versions of DcDiag, NTDSUtil, IADSTools.DLL, AdPrep, and other tools to aid in management, updates, and troubleshooting.

Virtual server support

Official support for running domain controllers within Microsoft Virtual Server 2005. Additional logic was added to guard against directory corruption due to improper backup and restoration procedures.

Extended storage of deleted objects

Tombstone lifetime on new forests increased from 60 to 180 days. Existing forests are not modified.

Improved domain controller name resolution

To avoid replication failures due to DNS name-resolution issues, Windows Server 2003 with SP1 will request other variations of the server name that could be registered.

Confidential attributes

Ability to mark attributes as confidential so they cannot be read without additional permissions granted. By default, any attribute marked confidential can only be read by trustees with full control access to the object; however, this can be delegated in a granular manner.

SID History attribute retained on object deletion

The SID History attribute has been added to the default list of attributes retained on an object tombstone. When the object is undeleted, the attribute will be restored with the object.

Operations master health and status reporting

Operations that require a FSMO domain controller that cannot be performed will generate Directory Service event log messages.

Drag and drop changes in Active Directory Users and Computers Console

Ability to disable drag and drop functionality in ADUC and display confirmation dialogs when initiating a move operation.

Although Service Pack 1 is certainly full of great updates that any domain administrator would want loaded on their domain controllers, the real meat in Windows Server 2003 R2 is in the optional components. If the optional components do not interest you, then R2 will probably not be an upgrade you will spend a lot of time on. Figure lists the various new components available in R2 specific to Active Directory.

Windows Server 2003 R2 optional Active Directory-specific components



Active Directory Application Mode (ADAM)

Standalone LDAP service that is Active Directory with the NOS-specific components and requirements stripped out.

Active Directory Federated Services (ADFS)

Standards-based technology that enables distributed identification, authentication, and authorization across organizational and platform boundaries.

Identity Management for UNIX (IMU)

Manage user accounts and passwords on Windows and Unix via NIS. Automatically synchronize passwords between Windows and Unix.

 Python   SQL   Java   php   Perl 
 game development   web development   internet   *nix   graphics   hardware 
 telecommunications   C++ 
 Flash   Active Directory   Windows