Logo
programming4us
programming4us
programming4us
programming4us
Home
programming4us
XP
programming4us
Windows Vista
programming4us
Windows 7
programming4us
Windows Azure
programming4us
Windows Server
programming4us
Windows Phone
 
Windows Server

Migrating from Active Directory 2000/2003 to Active Directory 2008 : Understanding the Benefits to Upgrading Active Directory

- Free product key for windows 10
- Free Product Key for Microsoft office 365
- Malwarebytes Premium 3.7.1 Serial Keys (LifeTime) 2019
4/14/2011 3:43:28 PM
The decision to upgrade Active Directory to a newer version is more than just making sure Active Directory is up to date; the organization should keep in mind some of the benefits it receives when migrating to a newer version of AD. If one or more of the improvements to Active Directory Domain Services justifies an upgrade, it validates the decision to migrate to AD 2008 or AD 2008 R2. Improvements were introduced in Windows Server 2003 and yet more improvements in Windows 2008 and Windows 2008 R2.

Benefits of Active Directory 2003

Active Directory 2000 was the first version of AD to ship from Microsoft and was the base configuration of the directory. Microsoft made a number of major updates to Active Directory 2003 extending the basic AD to include a number of needed features and functions. The following list details some of the many changes made to Active Directory in Windows Server 2003 that improved on the original Windows 2000 Active Directory:

  • Domain rename capability— Windows Server 2003 Active Directory supported the renaming of either the NetBIOS name or the LDAP/DNS name of an Active Directory domain. The Active Directory domain rename tool can be used for this purpose, but only in domains that have completely upgraded to Windows Server 2003 or later domain controllers.

  • Cross-forest transitive trusts— Windows Server 2003 supports the implementation of transitive trusts that can be established between separate Active Directory forests. Windows 2000 supported only explicit cross-forest trusts, and the trust structure did not allow for permissions to flow between separate domains in a forest. This limitation has been lifted in Windows Server 2003 or later.

  • Universal group caching— One of the main structural limitations of Active Directory was the need to establish very “chatty” global catalog servers in every site established in a replication topology, or run the risk of extremely slow client logon times and directory queries. Windows Server 2003 or later enables remote domain controllers to cache universal group memberships for users so that each logon request does not require the use of a local global catalog server.

  • Intersite topology generator (ISTG) improvements— The ISTG in Windows Server 2003 was improved to support configurations with extremely large numbers of sites. In addition, the time required to determine site topology has been noticeably improved through the use of a more efficient ISTG algorithm.

  • Multivalued attribute replication improvements— In Windows 2000, if a universal group changed its membership from 5,000 users to 5,001 users, the entire group membership had to be re-replicated across the entire forest. Windows Server 2003 addressed this problem and allowed incremental membership changes to be replicated.

  • Lingering objects (zombies) detection— Domain controllers that have been out of service for a longer period of time than the Time to Live (TTL) of a deleted object could theoretically “resurrect” those objects, forcing them to come back to life as zombies, or lingering objects. Windows Server 2003 properly identified these zombies and prevented them from being replicated to other domain controllers.

  • AD-integrated DNS zones in application partitions— Replication of DNS zones was improved and made more flexible in Windows Server 2003 by storing AD-integrated zones in the application partition of a forest, thus limiting their need to be replicated to all domain controllers and reducing network traffic. Conversely, the DNS zones could be configured to replicate them to the entire forest if that was appropriate.

Benefits of Active Directory 2008

Five years after AD 2003 was released, Microsoft made a number of additional improvements to Active Directory with the release of AD 2008. Windows 2008 Active Directory retained all the updated features of Windows Server 2003 Active Directory and added several key new features. The updated AD 2008 features are as follows:

  • Fine-grained password policies— Password policies can be customized to different users within the same Active Directory domain.

  • Read-Only Domain Controllers— These domain controllers are designed for branch offices and for extranet scenarios, in that they allow directory information to be accessed but not changed. This adds an element of security to scenarios that require directory services but are not as secure as the corporate data center.

  • Granular auditing— The Active Directory auditing is much more granular and allows tracking of some objects but not others. This reduces the volume of security logs; however, it provides less information for the auditor or analyst to review during an audit or information acquisition process.

  • Distributed File System Replication (DFSR)— DFSR is now used for SYSVOL replication, replacing the File Replication Service (FRS) that is used to replicate SYSVOL in Windows 2000 Server and Windows Server 2003. This feature provides more robust and detailed replication of SYSVOL contents and is available when the domain functional level is raised to Windows Server 2008.

Benefits of Active Directory 2008 R2

Almost a decade after Active Directory was first released, Microsoft has once again updated the capabilities of Active Directory running on Windows 2008 R2. The Windows 2008 R2 Active Directory retained all the new features of Active Directory 2003 and Active Directory 2008, and added several key new features. The new AD 2008 R2 features are as follows:

  • Recovery of deleted objects— Active Directory 2008 R2 has a recycle bin that allows an administrator to recover a deleted object and all of its corresponding and related objects.

  • Managed service accounts— The maintenance of passwords relative to service accounts in Active Directory has always been a challenge for network administrators. As passwords expire, all applications utilizing service accounts had to be updated, usually resulting in service account passwords NOT being changed, which created a security issue for the organization. Active Directory 2008 R2 now supports managed service accounts where a password change to a service account invokes a feature that automatically updates the password for all services that use the service account.

  • Offline domain join— With Active Directory 2008 R2, and administrator can take a workstation or server and join it to Active Directory without that system being connected to the network. An XML file is created that has all of the information for the target computer and generates a key that allows the target system to be added to the domain without even being connected to the network. During a system imaging or refresh process, the target system can be imaged and joined all offline so that the first time a user logs on to the network is the first time the system is physically connected to the network.

Other -----------------
- Windows Server 2008 R2 : Deploying Failover Clusters (part 5)
- Windows Server 2008 R2 : Deploying Failover Clusters (part 4) - Deploying Services or Applications on Failover Clusters
- Windows Server 2008 R2 : Deploying Failover Clusters (part 3)
- Windows Server 2008 R2 : Deploying Failover Clusters (part 2) - Creating a Failover Cluster & Configuring Cluster Networks
- Windows Server 2008 R2 : Deploying Failover Clusters (part 1) - Installing the Failover Clustering Feature & Running the Validate a Configuration Wizard
- BizTalk 2010 Recipes : Orchestrations - Using Nontransactional Orchestration Scopes
- BizTalk 2010 Recipes : Orchestrations - Using XPath Queries on Messages
- SharePoint 2010 : Working with the Other Standard Tools in a Document Library (part 4)
- SharePoint 2010 : Working with the Other Standard Tools in a Document Library (part 3)
- SharePoint 2010 : Working with the Other Standard Tools in a Document Library (part 2)
 
 
Top 10
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 2) - Wireframes,Legends
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 1) - Swimlanes
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Formatting and sizing lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Adding shapes to lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Sizing containers
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 3) - The Other Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 2) - The Data Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 1) - The Format Properties of a Control
- Microsoft Access 2010 : Form Properties and Why Should You Use Them - Working with the Properties Window
- Microsoft Visio 2013 : Using the Organization Chart Wizard with new data
 
programming4us
Windows Vista
programming4us
Windows 7
programming4us
Windows Azure
programming4us
Windows Server