Sams Microsoft Windows Server 2003 Unleashed R2 Edition May 2006 ISBN 0672328984

Microsoft® Windows Server 2003 Unleashed, R2 Edition


By Rand Morimoto, Michael Noel, Alex Lewis


  Publisher: Sams Pub Date: May 10, 2006 Print ISBN-10: 0-672-32898-4 Print ISBN-13: 978-0-672-32898-5 Pages: 1368


Microsoft Windows Server 2003 Unleashed, 3rd Edition is the first book on the market to

cover Windows Server 2003 R2. This latest edition will keep the text viable with the major

"R2" update being released from Microsoft late in 2005. Many of the Windows Server 2003

titles have not been revised since release in 2003 even though Microsoft has released a service pack and now the R2 update.

  This book will provide detailed guidance focused on the most commonly used yet most

complicated planning, installation, migration, and problem solving topics that challenge IT

professionals. This title goes far beyond the basic installation and setup information found

in hundreds of other resources and focus on the less understood yet most important

details for system configuration, tips, tricks, and techniques to successfully implement and

administer a Windows networking system.

Microsoft® Windows Server 2003 Unleashed, R2 Edition

  By Rand Morimoto, Michael Noel, Alex Lewis ...............................................

  Publisher: Sams Pub Date: May 10, 2006 Print ISBN-10: 0-672-32898-4 Print ISBN-13: 978-0-672-32898-5 Pages: 1368





























Copyright Microsoft Windows Server 2003 Unleashed, R2 Edition

  Copyright © 2006 by Sams Publishing All rights reserved. No part of this book shall be reproduced, stored in a retrieval system, or transmitted by any means, electronic, mechanical, photocopying, recording, or otherwise, without written permission from the publisher. No patent liability is assumed with respect to the use of the information contained herein. Although every precaution has been taken in the preparation of this book, the publisher and author assume no responsibility for errors or omissions. Nor is any liability assumed for damages resulting from the use of the information contained herein.

  Library of Congress Catalog Card Number: 2006901232 Printed in the United States of America First Printing: May 2006 09 08 07 06 4 3 2 1


  All terms mentioned in this book that are known to be trademarks or service marks have been appropriately capitalized. Sams Publishing cannot attest to the accuracy of this information. Use of a term in this book should not be regarded as affecting the validity of any trademark or service mark.

  Every effort has been made to make this book as complete and as accurate as possible, but no warranty or fitness is implied. The information provided is on an "as is" basis. The authors and the publisher shall have neither liability nor responsibility to any person or entity with respect to any loss or damages arising from the information contained in this book or from the use of the CD or programs accompanying it.

Bulk Sales

  Sams Publishing offers excellent discounts on this book when ordered in quantity for bulk purchases or special sales. For more information, please contact U.S. Corporate and Government Sales 1-800-382-3419


  For sales outside of the U.S., please contact International Sales 1-317-428-3341

   Associate Publisher

  Greg Wiegand

  Acquisitions Editor

  Neil Rowe

  Development Editor

  Mark Renfrow

  Managing Editor

  Charlotte Clapp

  Senior Project Editor


  Cheryl Lenser


  Kathy Bidwell

  Contributing Author

  Tyson Kopczynski

  Technical Editor

  Convergent Computing

  Publishing Coordinator

  Cindy Teeters

  Book Designer

  Gary Adair

  Page Layout

  Nonie Ratcliff



I dedicate this book to my mother Vickie. Thank you for

all you and dad did for me! Something I never really appreciated until I began raising children of my own. I brag about you all the time of the accomplishments you've

had in your life, and I thank you for preparing me for the

life I live today! Rand H. Morimoto, Ph.D., MBA, MCSE I dedicate this book to my brother George and his wonderful family; Robin, Carrie, and Sophie. You were

always the big brother I looked up to and that has never

changed. Michael Noel, MCSE+I, MCSA I dedicate this book to my wife Penny. I could write a tome filled with all the reasons why. In short, you love me

  Alex Lewis

About the Authors

  Rand Morimoto has been in the computer industry for more

  than 25 years and has authored, coauthored, or been a contributing writer on dozens of books on Windows 2003, Exchange 2003, security, BizTalk Server, and remote and mobile computing. Rand is the President of Convergent Computing, an

  IT consulting firm in the San Francisco Bay Area that was one of the key early adopter program partners with Microsoft in implementing beta versions of Windows Server 2003 in production environments more than three years before the product's release. Besides speaking at more than 50 conferences and conventions around the world in the past year about tips, tricks, and best practices on planning, migrating, and implementing Windows Server 2003, Rand is also a Special Advisor to the White House on Cyber-Security and Cyber- Terrorism.


Michael Noel has been in the computer industry for more than

  15 years and has been working with the latest in Windows, Exchange, and SharePoint technologies since the early versions of the software. Michael is the author of ISA Server 2004

  Unleashed and the coauthor of Exchange Server 2003 Unleashed and SharePoint 2003 Unleashed from Sams

  Publishing, and leads WebCasts and other speaking events throughout the United States. Currently a Senior Consultant at Convergent Computing in the San Francisco Bay Area, Michael leverages his expertise in enterprise deployment and migration projects in his publications and speaking engagements.

  Alex Lewis has been in the high tech industry over 10 years

  ranging from aerospace to gaming and is an expert in system and process security, data integrity, incident handling, and security strategy. He is a specialist in secure messaging and companies and government contractors. Alex is a contributing author of Exchange Server 2003 Unleashed from Sams Publishing. He has also spoken at dozens of industry conferences including HOPE and private sessions at DEFCON. Currently a Senior Consultant at Convergent Computing in the San Francisco Bay Area, Alex uses a wide array of expertise in enterprise design and implementation in his writing and speaking engagements.



Rand H. Morimoto, Ph.D., MBA, MCSERevising this book was

  a lot of work, and there are many people to thank who have helped to make it a reality. We want to thank our acquisitions editor, Neil Rowe, who continues to support our efforts! We also want to thank all the consultants, consulting engineers, technical specialists, project managers, technical editors, and systems engineers at Convergent Computing who were valuable resources we called upon for thoughts, suggestions, best practices, tips, and tricks that made up the content of this book. The only way we could create such a valuable book was to compile the experience of so many individuals living and working with Windows 2003 day in and day out. Thank you to all of the writers, contributors, and technical editors from the first and second editions including Kenton Gardinier, Omar Droubi, Lynn Langfeld, Colin Spence, Ilya Eybelman, and Tiffany Phillips for your contribution to the initial core of this book.

  Last but not least, to my two wonderful children, Kelly and Chip, thank you for being my inspiration to everything! Thank you to my parents, Ed and Vickie, for sharing with me the belief that hard work, dedication, and determination can lead to accomplishment and success. Another one done, whew!

  Michael Noel, MCSE+I, MCSAA big thanks to all of the folks

  that made this book possible, especially Rand Morimoto, who brought me in on the first edition of this book what seems like so long ago. Thanks as well to all of the technical staff at Convergent Computing who helped to write chapters, test scenarios, and just plain and simple beat this software into submission. You guys are the best technical team I have ever

  And to my family, thanks again for putting up with yet another book. I honestly don't know how you put up with losing your husband/father/son so often! I love you Marina, you complete me! Liza and Val, you guys are wonderful! Julia, you make me smile every day!

  Alex LewisThis wouldn't have been possible without unending

  support from my new wife, Penny. She performed the ultimate in gopher duties from coffee to massages during my writing of this book. She understood the long nights and made every sacrifice with a supportive smile. She is my rock in every way.

  Also, thank you to Rand Morimoto for being a daily inspiration and the personification of the American dream. I truly appreciate your drive for success and pushing me to do the same. It has been a pleasure working on this project together. I wouldn't be the person I am today without your support and the technical hive-mind at Convergent Computing. Andrew Abbate, you embody the idyllic traits needed to be successful paired with a unique technical acuity. Thank you for your help on so many levels. Finally, thank you to my parents, Debi and Al, for instilling a sense of independence, responsibility, and ambition. It's those lessons I learned years ago that drive me today.

We Want to Hear from You!

  As the reader of this book, you are our most important critic and commentator. We value your opinion and want to know what we're doing right, what we could do better, what areas you'd like to see us publish in, and any other words of wisdom you're willing to pass our way. As an associate publisher for Sams Publishing, I welcome your comments. You can email or write me directly to let me know what you did or didn't like about this bookas well as what we can do to make our books better.

  Please note that I cannot help you with technical problems related to the topic of this book. We do have a User Services group, however, where I will forward specific technical questions related to the book.

  When you write, please be sure to include this book's title and author as well as your name, email address, and phone number. I will carefully review your comments and share them with the author and editors who worked on the book.

  Email: Mail: Neil Rowe Senior Acquisitions Editor Sams Publishing 800 East 96th Street Indianapolis, IN 46240 USA For more information about this book or another Sams Publishing title, visit our Web site at . Type the ISBN (excluding hyphens) or the title of a book in the Search field to find the page you're looking for.


  Since its release in April 2003, the Windows Server 2003 operating system has undergone several updates and enhancements. However, unlike earlier versions of the Windows operating systems in which the updates were built into the Service Packs, with Windows Server 2003, Microsoft has released the updates as Feature Packs and most recently as the Windows 2003 R2 update. In addition to changes in how Windows 2003 would be designed, implemented, and supported with these new additions, there have been tips, tricks, and lessons learned from post-product release implementations that take advantage of these new enhancements to Windows.

  When my co-authors and I set out to revise this book, we wanted to provide a fresh perspective on planning, designing, implementing, migrating, and supporting a Windows Server 2003 environment based on the latest best practices. We went through every page of this book and chose to rewrite sections in which new product features, functions, or lessons learned suggested a revision was advisable. We found that Windows 2003 R2 was more than just a handful of new Windows components, but in many ways changed the way an organization would design, implement, and support their Windows 2003 environment now that the R2 enhancements are available. So, you'll find notes, comments, and tips throughout this third edition on the various components and tools now available in these updates. The three of us (Rand, Mike, and Alex) have been working with Windows "Whistler" since within two weeks after Windows 2000 was released to manufacturing in December 1999. We have planned, designed, implemented, and supported hundreds, if not thousands, of implementations of Windows Server 2003.

  Windows Server 2003. This book is organized into 11 parts, each part focusing on core Windows Server 2003 areas, with several chapters making up each part. The parts of the book are as follows:

   : Windows Server 2003 Overview This part

  provides an introduction to Windows Server 2003, not only from the perspective of a general technology overview, but also to note what is truly new in Windows Server 2003 that made it compelling enough for organizations to implement the technology in beta in a production environment. We also cover basic planning, prototype testing, and migration techniques, as well as provide a full chapter on the installation of Windows Server 2003.


: Windows Server 2003 Active Directory This

  part covers Active Directory planning and design. If you have already designed and implemented your Active Directory, you will likely not read through this section of the book in detail. However, you might want to look through the best practices at the end of each chapter because we highlight some of the tips and tricks new to Windows Server 2003 that are different from Windows 2000. You might find that limitations or restrictions you faced when designing and implementing Windows 2000 and Active Directory have now been revised. Topics such as domain rename, inter- forest trusts, and forest-to-forest migration capabilities might be of interest.


: Networking Services This part covers DNS,

DHCP, domain controllers, and IIS from the perspective of

  planning, integrating, migrating, and coexistence. Again, just like in

   , you might find the notes, tips, and best

  practices to have valuable information on features that are these chapters to understand what's new and different that you can leverage after a migration to Windows Server 2003.

   : Security Security is on everyone's mind these

  days, so it was a major enhancement to Windows Server 2003. We actually dedicated four chapters of the book to security, breaking the information into server-level security such as the Encrypting File System (EFS) and Software Update server; transport-level security such as IPSec and NAT Traversal; Windows .NET Passports for single sign-on authentication; and security policies and security tools that focus on Group Policies for Active Directory security implementation and enforcement.

   Migrating to Windows Server 2003 This part is

  dedicated to migrations. We provide a chapter specifically on migrating from Windows NT 4.0 to Windows Server 2003, as well as a chapter specifically on migrating from Windows 2000 to Windows Server 2003. These chapters are loaded with tips, tricks, and cautions on migration steps and best practices.

   : Windows Server 2003 Administration and Management In this part, seven chapters focus on the

  administration of a Windows Server 2003 environment. This is where the importance of a newly written book (as opposed to a modified Windows 2000 book) is of value to you, the reader. The administration and management of users, domains, sites, and organizations have been greatly enhanced in Windows Server 2003. Although you can continue to perform tasks the way you did in Windows 2000, because of significant changes in replication, background transaction processing, secured communications, and management tools, there are better ways to work with Windows Server 2003. These chapters varying levels of responsibility.


: Remote and Mobile Technologies Mobility is a

  key improvement in Windows Server 2003, so this part focuses on enhancements made to Routing and Remote Access Services (RRAS) as well as Windows Terminal Services. Instead of just providing a remote node connection, Windows Server 2003 provides true end-to-end secured anytime/anywhere access functionality. The chapters in this part highlight best practices on implementing and leveraging these technologies.

   : Desktop Administration Another major

  enhancement in Windows Server 2003 is the variety of new tools provided to support better desktop administration, so this part is focused on desktop administration. The chapters in this part go in depth on Group Policies, the Group Policy Management Console, and desktop administration tools in Windows Server 2003.


: Fault Tolerance Technologies As networks have

  become the backbone for information and communications, Windows Server 2003 must be reliable, and sure enough, Microsoft included several new enhancements in fault- tolerant technologies. The four chapters in this part address file-level fault tolerance in Distributed File System (DFS), clustering, network load balancing, backup and restore procedures, and Automated System Recovery (ASR). When these new technologies are implemented in a networking environment, an organization can truly achieve enterprise- level reliability and recoverability.


Problem Solving, Debugging, and Optimization

This part of the book covers performance optimization,

  capacity analysis, logging, and debugging to help optimize environment.


: Integrated Windows Application Services

Based on suggestions from book reviews and online

  comments, we have added a new part to this edition that covers the Feature Pack add-in Windows Sharepoint Services and the Windows Media Services component.

  The chapters in this book that underwent the most significant changes since the second edition of the book include


This chapter was revised to reference all the

  new capabilities built in to Windows 2003 R2 and the best practices at implementing R2.

  This chapter was revised to address the

  installation of the Windows 2003 service packs as well as the Windows 2003 R2 update.


This chapter was revised to highlight all the

  revisions and changes made in the new Active Directory Federated Forest function introduced in Windows 2003 R2.

  This chapter was revised to address new design

  considerations for Active Directory Federated Forests (ADFS) and Active Directory in Application Mode (ADAM) capabilities new to Windows 2003 R2.

  This chapter underwent significant revisions to

  support discussions around Windows 2003 R2's Unix supportability specific to NFS, ID Mgmt for Unix, Subsystem for Unix, and SNIS.

  This chapter was revised to highlight the new

  This chapter was revised to highlight updated

  tips and tricks in migrating from Windows NT to Windows 2003 R2 that are slightly different than pre-R2 migration strategies.

  This chapter was also revised to highlight

  updated tips and tricks in migrating from Windows 2000 to Windows 2003 R2 that are slightly different than pre-R2 migration strategies.


This chapter had an entire section added at the

  end of the chapter to cover the new Print Management Component new to Windows 2003 R2 that helps organizations better manage printers throughout the enterprise.

  This chapter was significantly updated to

  highlight the updates to the MOM 2005 Management Packs for Windows 2003 and the Windows 2003 R2 update.


This chapter underwent significant revisions to

  address two major enhancements added to Windows 2003 R2: the File Server Resource Manager tool and the new Distributed File System Replication functionality.

  This chapter was revised to highlight the

  updates to Windows 2003 R2 relative to enterprise logging, as well as updates to tips and tricks in debugging Windows 2003.

  This chapter was revised to address new tips optimization of a Windows 2003 R2 environment using new tools such as the Server Performance Analyzer tool.

  the new changes in Windows SharePoint Services SP2 that was included as part of the Windows 2003 R2 update.

  It is our hope that the real-world experience we have had in working with Windows Server 2003 and our commitment to revising this book to update it with current tips, tricks, and best practices has allowed us to relay to you information that will be valuable in your planning, implementation, migration, and support of a Windows Server 2003 enterprise environment.

  Part I: Windows Server 2003 Overview In This Part

Installing Windows Server 2003

Windows Server 2003 Defined

  More than three years after its release date, and well over five years from the time early adopters were putting it out in production environments, Windows Server 2003 has proven itself to be the most stable and reliable server operating system Microsoft has ever shipped. Many have called Windows Server 2003 a major Service Pack for Windows 2000 for the ease of the upgrades from Windows 2000 to Windows 2003. However, many consider the new security, fault tolerance, add-on tools, and overall functional improvements to be the long-awaited rewrite of the Windows operating system.

  To the casual observer, Windows Server 2003 looks like nothing more than the Windows XP graphical user interface on top of the old Windows 2000 server operating system, with a few added utilities. However, now that organizations have been able to deploy Windows 2003 throughout their enterprises, when you look under the hood, Windows Server 2003 is a major rewrite of the Windows 2000 operating system, with significant changes to the kernel that makes Windows Server 2003 achieve the reliability, fault tolerance, and scalability that major organizations have been demanding of their network operating system for years. This chapter introduces the significant enhancements and diverse capabilities of the Windows Server 2003 operating system, and references the chapters through the balance of this book that detail these improvements. The differences that Windows Server 2003 adds to a networking environment, along with best practices learned from enterprise implementation of Windows 2003, require a re-education so that design and implementation decisions made with previous versions of Windows are handled differently with Windows Server 2003 to take advantage of the enhanced operating system capabilities.


  This edition of Microsoft Windows Server 2003


Unleashed covers the base Windows 2003 operating

system as well as the Windows 2003 R2 update.

  Throughout this chapter and this book, references will be made to features standard to the base configuration of Windows 2003, as well as what has been incrementally added to the Windows 2003 R2 update.

Windows .NET Framework Versus Windows Server 2003

  When we're talking about Windows Server 2003, one of the first points that frequently needs to be clarified is the difference between the Windows Server 2003 operating system and the Windows .NET Framework. These two terms are frequently (and improperly) used interchangeably; however, they are completely different. The Windows .NET Framework was announced first, formally during the summer of 2001, in reference to a completely new application development environment by Microsoft. When we refer to Windows Server 2003, it is an actual network operating system product in which software is installed on a server and applications are executed. Windows Server 2003 is a part of the Windows .NET Framework.

  The Windows .NET Framework is the application development environment in which a common language runtime, framework classes, and an application development process are defined. Until the introduction of the Windows .NET Framework, some organizations developed applications using Visual Basic; some organizations, using Visual C; some organizations, using Active Server Pages technology for a Web server; and some organizations, using an Open Database Connectivity (ODBC) front-end application to Microsoft SQL or Microsoft Access. Now with the Windows .NET Framework, a default programming model called ASP.NET is defined. ASP.NET makes building real- world Web applications much easier. It has a series of built-in framework classes that allow a developer to call a built-in application function instead of having to code the function line by line. This capability greatly minimizes the amount of programming necessary to create a Web application similar to those created in the past.

  ASP.NET does not require any single application development tool; in fact, it supports dozens of standard programming languages available today, such as VBScript, JScript, Visual Basic .NET, C#, Visual Basic, and the like.

  Other significant improvements in ASP.NET include a dynamic code compilation that automatically detects changes and compiles the code so that it is ready to run at any time. The Windows .NET Framework is a distributed application environment allowing for code to be distributed across multiple systems within a Web farm. In addition, to deploy a Windows .NET Framework application for access within an organization or to the general public, all the developer needs to do is copy the files to a Windows .NET Framework server. There is no need to run regsrv32 to register components on the server because configuration settings are stored in an XML data file within the application.

  For organizations looking to develop Web-based applications, the Windows .NET Framework greatly simplifies application development. The Windows .NET Framework has created a powerful development environment that has a series of built-in routines that decrease application coding time and effort, while providing the support for existing standards for application programming languages. As server add-ons are created for a Windows Server 2003 environment, such as Outlook Web Access for Exchange 2003 and SharePoint 2003, or even add-on tools like the Directory Services Mark-up Language (DSML), the .NET Framework is leveraged more and more in developing core applications and Feature Packs.

Understanding the Core Windows Server 2003 Operating System

  Whereas the Windows .NET Framework is the set of tools and technologies used for application development, the Windows Server 2003 product is a full network operating system. As a traditional network operating system, Windows Server 2003 can serve in the following roles:

  File and print server As a file and print server, the

  Windows Server 2003 system can provide network users with centralized access to data files or can act as a print queue server to host multiple printers. Several improvements have been made in Windows Server 2003 for file security (covered in


  redundant print services (covered in

  Web server In Windows Server 2003, Web servers take on

  a much more expanded role than they did with early Windows NT or even Windows 2000 Web environments. Rather than just hosting static HTML Web pages, Windows Server 2003 participates in Web farms that distribute dynamic Web content with network load balancing (covered

  applications that run on the Windows Server 2003 system will be released regularly. Some of the applications that come with Windows Server 2003 include Windows Terminal Services for thin client computing access (covered in

  ), Windows Media Server for

  video and audio hosting and broadcasting (covered in

   , "Windows Media Services"), and utility server

  services such as DNS and DHCP (covered in , "Domain Name System," and


  Controllers"). Add-ons to Windows Server 2003 include Windows Server 2003 editions of Microsoft Exchange Server 2003, SharePoint Portal Server 2003, BizTalk Server 2004, and ISA Server 2004.

  Windows .NET application host New to Windows Server

  2003 is the capability for the server to act as a host system for the execution of Windows .NET Framework applications. With built-in Internet Information Server version 6 (covered in

  .NET applications can be copied straight to the Windows Server 2003 for execution.

  This book focuses on the Windows Server 2003 operating system and the planning, migration, security, administration, also the base network operating system on top of which all future Windows server applications will be built.

Choosing to Implement Windows Server 2003

  Windows Server 2003 is a versatile operating system, one that meets the needs of various business functions. Like earlier network operating systems such as Novell NetWare or Windows NT that were known best for file/print servers, Windows Server 2003 can provide all that functionality and a lot more.

  Because Windows Server 2003 provides many different functions, an organization needs to choose how to best implement Windows Server 2003 and the various networking features that meet its needs. In small network environments with fewer than 20 to 30 users, an organization may choose to implement all the Windows Server 2003 features on a single server. However, in larger environments, multiple servers may be implemented to improve system performance as well as provide fault tolerance and redundancy. As mentioned in the preceding section, Windows Server 2003 can act as the core operating system to host applications such as utility services, file services, print services, or Web-based services. Some of the other major networking services provided by Windows Server 2003 include running the operating system as the core to an Active Directory environment, as a built-in Windows application server, or as an add-on application server.

Windows Server 2003 Core to an Active Directory Environment

  One of the major additions to the network operating system role introduced with the release of the Windows 2000 operating system was the Active Directory. Active Directory is more than a simple list of users and passwords for authentication into a applications. When fully leveraged, an organization can have its Human Resources (HR) department add an employee to the organization's HR software. The HR software automatically creates a user in the Active Directory, generating a network logon, an email account, a voicemail account, and remote access capabilities, and then links pager and mobile phone information to the employee. Likewise, if an employee is terminated, a single change in the HR software can issue automated commands to disable the individual's network, email, remote logon, and other network functions.

  Windows Server 2003 extends the capabilities of the Active Directory by creating better management tools, provides for more robust directory replication across a global enterprise, and allows for better scalability and redundancy to improve directory operations. Windows Server 2003 effectively adds in more reliability, faster performance, and better management tools to a system that can be leveraged as a true enterprise directory provisioning, resource tracking, and resource management tool. Because of the importance of the Active Directory to the Windows Server 2003 operating system, plus the breadth of capabilities that Active Directory can facilitate, five chapters in

Part II of this book are dedicated to Active Directory. Windows Server 2003 Running Built-in Application Server Functions Windows Server 2003 comes with several programs and utilities

  to provide robust networking capabilities. In addition to the basic file and print capabilities covered earlier in this chapter, Windows Server 2003 can provide name resolution for the network and enable high availability through clustering and fault tolerance, mobile communications for dial-up and virtual dozens of other application server functions. When planning the implementation of Windows Server 2003, a network architect needs to consider which of the server services are desired, how they will be combined on servers, and how they will be made redundant across multiple servers for business continuity failover. For a small organization, the choice to combine several server functions to a single system or to just a few systems is one of economics. However, an organization might distribute server services to multiple servers to improve performance (covered in


  redundancy (covered in

   ), or to

  service users across a diverse geographic area (covered in

  allows users to authenticate to the server for access to network resources.

  Global catalog server The global catalog server stores a

  copy of the user list of the Active Directory network. When an internal or external user with appropriate security rights wants to look at a list of Active Directory users, the global catalog server provides the list.


DNS server The domain name service (DNS) is a list of

  network servers and systems, so a DNS server provides

  DHCP server The Dynamic Host Configuration Protocol

  (DHCP) assigns network addresses to devices on the network. Windows Server 2003 provides the service function to facilitate DHCP addresses to network devices.

  Cluster server When fault tolerance is important to an

  organization, clustering provides failover from one system to another. Windows Server 2003 provides the ability to link systems together so that when one system fails, another system takes over.


Terminal server Instead of having a full desktop or laptop

  computer for each user on the network, organizations have the option of setting up simple, low-cost terminals for users to gain access to network resources. Windows Server 2003 Terminal Services allows a single server to host network system access for dozens of users.


Remote access server When a remote user has a desktop

  or laptop system and needs access to network services, Windows Server 2003 provides remote access services that allow the remote systems to establish a secure remote connection.


Web server As more and more technologies become Web-

  aware and are hosted on Web servers, Windows Server 2003 provides the technology to host these applications for browser-based access.

  Media server With information extending beyond text-

  based word processing documents and spreadsheets into rich media such as video and audio, Windows Server 2003 provides a source for hosting and publishing video and audio content.

  Distributed File System (DFS) server For the past

  decade, data files have been stored on file servers all around an organization. Windows Server 2003 provides Distributed File Systems that allow an organization to take control of distributed files into a common lookup file directory.

  These plus several other functions provide robust networking services that help organizations leverage the Windows Server 2003 technologies into solutions that solve business needs.

Windows Server 2003 Running Add-in Applications Server Functions

  In addition to the built-in server application functions such as DNS, DHCP, Global Catalog, Terminal Services, and the like noted in the preceding section, Windows Server 2003 also provides the basis from which add-in applications can be purchased and implemented on the Windows servers. Some of these add-in applications come from Microsoft, such as the Windows Server 2003 versions of the Microsoft Exchange messaging system or Microsoft SQL database system. Other add-ins to Windows Server 2003 are furnished by companies that provide human resource management applications; accounting software; document management tools; fax or voicemail add-ins; or other business, industry, or user productivity capabilities.

  In earlier Windows server operating systems, the core operating system provided simple logon and network connectivity functions; however, with Windows Server 2003, the operating system includes many core capabilities built into the Windows Server 2003 operating environment. With integrated fault tolerance, data recovery, server security, remote access organizations creating add-ins to Windows Server 2003 can focus on business functions and capabilities, not on core infrastructure reliability, security, and mobile access functionality. This offloading of the requirement of third-party add-in organizations to implement basic networking technologies into their applications allows these developers to focus on improving the business productivity and functionality of their applications. Additionally, consolidating information routing, security, remote management, and the like into the core operating system provides a common method of communication, authentication, and access to users without having to load up special drivers, add-ins, or tools to support each and every new application. Much of the shift from application-focused infrastructure components to core operating system-focused functionality was built into Windows 2000. There were many challenges when Windows 2000 was first released because of this shift in product functionality; however, after being on the market for more than three years, Windows 2000 add-ins and now Windows Server 2003 add-ins have had several revisions to work through system functionality and component reliability between application and operating system. Fortunately, Windows Server 2003 uses the same application/operating system technology used in Windows 2000, so applications written for Windows 2000 typically need just a simple Service Pack update to be able to run on Windows Server 2003.

When Is the Right Time to Migrate?

  When Windows Server 2003 first shipped during the Spring of 2003, many organizations wondered about the right time to migrate to the new operating system. It used to be that you waited until the first Service Pack shipped before installing any Microsoft product; however, Windows 2003 surprised a lot of organizations by being extremely reliable and actually more dependable than patched versions of Windows NT4 and Windows 2000. So, the end result decision came down to the same decision on migration to any new technologyidentify the value of migrating versus the cost and effort to migrate.

  This introductory chapter notes the many features and functions built into Windows Server 2003 that have helped other organizations make the decision that Windows Server 2003 has significant value to plan a migration. Improvements in security, performance, and manageability provide benefits to organizations looking to minimize administration costs, while providing more functionality to users. The cost and effort to migrate to Windows Server 2003 vary based on the current state of an organization's networking environment as well as the Windows Server 2003 features and functions the organization wants to implement. Some organizations begin their migration process to Windows Server 2003 by adding a Windows Server 2003 into an existing Windows NT4 or Windows 2000 network, migrating from Windows 2000 to Windows Server 2003, and migrating from Windows NT4 to Windows Server 2003.

  Adding a Windows Server 2003 to an NT4 or Windows 2000 Environment

  Many organizations want to add in a specific Windows Server 2003 function such as Windows Server 2003 Terminal Services, Windows Server 2003 Remote Access Services, Windows Server 2003 Media Services, or the like. Such functions can be added on Windows Server 2003 member servers in existing Windows NT4 or Windows 2000 networking environments. This allows an organization to get Windows Server 2003 application capabilities fairly quickly and easily without having to do a full migration to Windows Server 2003. In many cases, a Windows Server 2003 member server can simply be added to an existing network without ever affecting the existing network. This addition provides extremely low network impact but enables an organization to prototype and test the new technology, pilot it for a handful of users, and slowly roll out the technology to the client base as part of a regular system replacement or upgrade process. Some organizations have replaced all their member servers to Windows Server 2003 systems over a period of weeks or months as a preparatory step to eventually migrate to a Windows Server 2003 Active Directory structure.

Migrating from Windows 2000 to Windows Server 2003

  For organizations that have already migrated to Windows 2000 and the Active Directory environment, migrating to Windows Server 2003 for Active Directory functionality can provide access to several additional capabilities that require a Windows network to be running on Windows Server 2003. Some of the Windows Server 2003 technologies that require implementation of the Windows Server 2003 Active Directory include RIS for Servers, Windows Server 2003 group policy enhancements, and the full Windows Server 2003 Distributed File System.

  Fortunately, organizations that have already implemented Windows 2000 or have already migrated from Windows NT4 to Windows 2000 have completed the hard part of their migration process. Effectively, Windows Server 2003 uses the same Active Directory organizational structure that was created with Windows 2000, so forests, domain trees, domains, organizational users, sites, groups, and users all transfer directly into Windows Server 2003. If the organizational structure in Windows 2000 met the needs of the organization, the migration to Windows Server 2003 is predominantly just the insertion of a Windows Server 2003 global catalog server into the existing Windows 2000 Active Directory domain to perform a global catalog update from Windows 2000 Active Directory to Windows 2003 Active Directory.

  Unlike the migration process from Windows NT4 to Windows 2000, in which an organization was unable to migrate a Windows NT4 backup domain controller (BDC) to a Windows 2000 domain controller (DC), Windows Server 2003 enables an organization to migrate its Windows 2000 DCs to Windows Server 2003 DCs, thus allowing an interim mode for partial (slower) migration to Windows Server 2003.

  Of course, planning, system backup, and prototype testingcovered in

  and lead to a more successful migration process. However, the migration process from Windows 2000 to Windows Server 2003 is a relatively easy migration path for organizations to follow. Many organizations choose to make changes in their Active Directory structure when they migrate from Windows 2000 to Windows Server 2003, such as changing simple domain structure or possibly even doing a complete domain rename. Windows Server 2003 provides several tools, covered in

  Server 2003, but many of them can be completed after migrating to Windows Server 2003 as well. And several of these processes are best completed during the migration of Windows Server 2003. Therefore, it is important to plan any changes and review

Chapter 17 before starting a migration. Migrating Directly from Windows NT4 to Windows Server 2003 Organizations that still have Windows NT4 in their networking

  environments must decide whether to migrate from Windows NT4 to Windows 2000, or to migrate directly from Windows NT4 to Windows Server 2003. Some of the deciding factors are determining what Windows Server 2003 features and functions they want and the cost and effort to migrate. As noted earlier in the section , organizations do not necessarily have to migrate completely to Windows Server 2003 to get its functionality. They can choose to migrate just a couple of member servers from Windows NT4 to Windows Server 2003 without having to migrate the whole Active Directory domain structure. This can be a first step in getting Windows Server 2003 technology into their network.

  If an organization has already begun its migration to Windows 2000, it might choose to shift to an implementation of future global catalog servers as Windows 2003 systems. A huge benefit of a shift from Windows 2000 Active Directory to Windows 2003 Active Directory is the ability to easily intermix global catalog servers. New global catalog servers can be Windows 2003 systems, and existing Windows 2000 global catalog servers can remain until such time as it is convenient to upgrade those servers to Windows 2003. Of course, an organization can choose to migrate completely from Windows NT4 to Windows Server 2003, and because the forest, domain,

  Windows Server 2003 are identical, any planning done for a migration to Windows 2000 can be applied to an organization's decision to migrate from Windows NT4 to Windows Server 2003.