Windows Server 2003 Versus Windows Server 2003 R2
Microsoft has consistently extended release dates for future versions of Windows Server, so they decided to release an interim version of Windows Server 2003, which includes Service Pack 1 as well as several new optional components. Some of these new optional components, such as Active Directory Application Mode (ADAM), are available via Web downloads, but Microsoft chose to package them on the R2 CD to make them available to a wider audience. In addition, some users question Microsoft's commitment to software that is only available from its web site; making the components part of the Core OS dispels any doubts on Microsoft's support position.
Service Pack 1 offers a considerable number of improvements for Windows Server 2003. As with Windows XP Service Pack 2
, many of the changes are security related correcting issues in Internet Explorer and offering new firewall functionality, Figure gives an overview of the Active Directory specific updates.
Windows Server 2003 SP1 Active Directory enhancements
Directory service backup reminders
Special messages logged to the Directory Service event log if directory partitions are not backed up.
Additional replication security and fewer replication errors
Replication metadata for domain controllers removed from the domain is now removed. This enhances directory security and eliminates replication error messages related to the deleted domain controllers.
Install from media improvements for installing DNS Servers
New option to include application directory partitions in the backup media eliminates the requirement for network replication of DomainDNSZone and ForestDNSZones application directory partitions before the DNS Server is operational.
Newer versions of DcDiag, NTDSUtil, IADSTools.DLL, AdPrep, and other tools to aid in management, updates, and troubleshooting.
Virtual server support
Official support for running domain controllers within Microsoft Virtual Server 2005. Additional logic was added to guard against directory corruption due to improper backup and restoration procedures.
Extended storage of deleted objects
Tombstone lifetime on new forests increased from 60 to 180 days. Existing forests are not modified.
Improved domain controller name resolution
To avoid replication failures due to DNS name-resolution issues, Windows Server 2003 with SP1 will request other variations of the server name that could be registered.
Ability to mark attributes as confidential so they cannot be read without additional permissions granted. By default, any attribute marked confidential can only be read by trustees with full control access to the object; however, this can be delegated in a granular manner.
SID History attribute retained on object deletion
The SID History attribute has been added to the default list of attributes retained on an object tombstone. When the object is undeleted, the attribute will be restored with the object.
Operations master health and status reporting
Operations that require a FSMO domain controller that cannot be performed will generate Directory Service event log messages.
Drag and drop changes in Active Directory Users and Computers Console
Ability to disable drag and drop functionality in ADUC and display confirmation dialogs when initiating a move operation.
Although Service Pack 1 is certainly full of great updates that any domain administrator would want loaded on their domain controllers, the real meat in Windows Server 2003 R2 is in the optional components. If the optional components do not interest you, then R2 will probably not be an upgrade you will spend a lot of time on. Figure lists the various new components available in R2 specific to Active Directory.
Windows Server 2003 R2 optional Active Directory-specific components
Active Directory Application Mode (ADAM)
Standalone LDAP service that is Active Directory with the NOS-specific components and requirements stripped out.
Active Directory Federated Services (ADFS)
Standards-based technology that enables distributed identification, authentication, and authorization across organizational and platform boundaries.
Identity Management for UNIX (IMU)
Manage user accounts and passwords on Windows and Unix via NIS. Automatically synchronize passwords between Windows and Unix.