Windows Tip Sheet

But I Don't WANT to Upgrade!

You don't have to upgrade to take advantage of some of Windows 2003 tools.

Sometimes, new product features are too cool not to live without. Like the drag and drop capability offered by AD Users and Computers (ADUC) or the Resultant Set of Policy (RSoP) Wizard, both offered in Windows 2003. But convincing the boss to undergo a major enterprise upgrade just for the sake of a few features…well, good luck. If you can do it, let me know, because I want to come work at your company.

Guess What? You Don't Have to Upgrade!
Fortunately, some features don't require a full-on enterprise upgrade. For example, consider the two features I just mentioned, drag and drop and RSoP in Win2003's ADUC. You can get both features in an all-Windows 2000 domain, provided you have at least one Win2003 DC somewhere in the mix.

Keep in mind that, normally, ADUC will connect to whatever DC authenticated you. So, even if you've installed the Win2003 AdminPak.msi and you have the new ADUC snap-in, when it connects to a Win2K DC you won't be able to use any of Win2003's cool new features. But that doesn't mean you're stuck! You can right-click the domain in ADUC to target a different DC. Just make sure your domain contains at least one Win2003 DC (which works just fine in an all-Win2K domain, by the way), and have ADUC specifically target that DC (make sure you're using the Win2003 version of ADUC, of course).

Win2003 DCs can process RSoP queries, allowing you to use this powerful tool for planning and troubleshooting Group Policy Object application throughout the domain. Win2003 DCs can also process object drag and drop, such as dragging a user from one domain to another (yes, you could just right-click the user and select "Move" but drag and drop is so much cooler).

There's a bunch of Win2003 features that work just fine without a native Win2003 domain. For example, Win2003 DCs cache universal security group membership information, allowing the DC to process user logons even if a GC isn't immediately available. Any Win2003 DC can do this, even if it's in a Win2K domain and even if it's the only Win2003 DC you own.

Micro Tip Sheet

If you frequently open a command-line window by typing "cmd" at the Run prompt, you may not be happy with the default directory Windows picks. Change it by modifying HKEY_CURRENT_USER\Software\Microsoft\CommandProcessor: There's an AutoRun value that needs to be set to CD /D C:\ to start new command windows at the C:\ directory.

Do you know where your Flexible Single-Master Operations (FSMO) roles are? Use the Netdom.exe utility (part of the Support Tools) to query the domain and find out. Hang a poster in the datacenter listing each of the five FSMOs and their current holder. That way if one of those servers goes down, you'll remember that it held a FSMO role and be able to decide whether or not the role needs to be seized on another DC.

More Resources
Microsoft's technical resources for Win2003, including new features: http://www.microsoft.com/windowsserver2003/techinfo/default.mspx

Download the Win2003 AdminPak: http://www.microsoft.com/downloads/details.aspx?FamilyID=
c16ae515-c8f4-47ef-a1e4-a8dcbacff8e3&DisplayLang=en

Read this before installing the Win2003 AdminPak on WinXP: http://support.microsoft.com/default.aspx?scid=kb;en-us;304718

About the Author

Don Jones is a multiple-year recipient of Microsoft’s MVP Award, and is Curriculum Director for IT Pro Content for video training company Pluralsight. Don is also a co-founder and President of PowerShell.org, a community dedicated to Microsoft’s Windows PowerShell technology. Don has more than two decades of experience in the IT industry, and specializes in the Microsoft business technology platform. He’s the author of more than 50 technology books, an accomplished IT journalist, and a sought-after speaker and instructor at conferences worldwide. Reach Don on Twitter at @concentratedDon, or on Facebook at Facebook.com/ConcentratedDon.

comments powered by Disqus
Most   Popular