Slashdot Mirror


Active Directory on Win2k or 2k3?

lordbry asks: "I am a Windows admin for a major university in a business computing area (if we have problems, people might not get paid). We have a Windows NT Domain, and are planning to migrate to Active Directory. One of my co-workers is pushing for doing this under Windows 2003. I, however, feel that (as with any M$ product) we should not even consider using 2003 for production anything until there is an SP 2 or 3, and that we should go with AD under Windows 2000. Does anyone have any advice, arguments, or horror stories that could help me make my case to the rest of my group, all of whom are somewhere in the middle? Does anyone think that 2003 is the way to go?"

9 of 105 comments (clear)

  1. At my office by secondsun · · Score: 4, Informative

    We went to 2k3 around the time it was released. The response around the office is more or less, "Fuck chevy this thing's a rock".

    Fot shits and giggles we put it on a pentium 2 300 laptop with 300MB of ram, it was stable, fast, and useful. In all honesty it is a great prduct and a worthy successor to 2k.

    --
    There is nothing wrong with being gay. It's getting caught where the trouble lies.
  2. Go with 2003 by Finni · · Score: 4, Informative

    Um. AD using Windows 2003 is the service pack for the version of AD using Windows 2000.
    It's not like they re-wrote it from scratch. Nor is it like AD (using 2000) is entirely new either; it was developed from the backend of Exchange's directory service, if I understand correctly.
    Go with 2003, I haven't read of any particular defects of either AD or the server OS features under 2003, compared to 2000. And yes, things like Volume Shadow Copy, or whatever it's called, may make your life as an admin easier. Certainly, if you're running IIS sites, you'll appreciate the security of IIS 6 more than IIS 5.

  3. Re:Word of advice.. by altp · · Score: 4, Informative

    I've loaded 33,000 into a Windows 2000 AD with some perl scripts I wrote. Takes several hours, but all went well.

    What type of problems did you encounter?

  4. Re:Word of advice.. by eingram · · Score: 3, Informative

    Users and groups permissions started changing randomly for a few hours afterwards. It was not a fun day. I didn't write the script or even execute it, so I don't know why it happened, but I (and a few other IT people) got to clean up the mess.

  5. Re:Don't believe the hype. by Jeremiah+Cornelius · · Score: 3, Informative
    CALs (Client Acces Licenses) are priced differently with 2003.

    Owning a 2000 WS or XP Pro license no longer counts as a server CAL for 2003 - you need also to buy a CAL for that station, on top of OS price.

    That said, 2003 is definitely what 2000 was supposed to be. You are worried about service packs? I would look at 2003 as the 3rd rev of 2000. The directory scales better times 1000 - and is massively more flexible in configuration, especially if you are interoperationg with non-MS Kerberos realms. Plus, you get ADAM, constrained and granular delegation of Kerb IDs, a built-in firewall, etc.

    Really, it's hard to know where to start on the advantages.

    --
    "Flyin' in just a sweet place,
    Never been known to fail..."
  6. Re:I think you misunderstand.... by Judg3 · · Score: 3, Informative

    I say this because it's only going to be a few years I bet before Microsoft drops support for patches for 2K.

    Actually, Windows 2000 life cycle is Jun 30th 2005 for mainstream support and Jun 30 2010 for extended support. (By comparison Windows 2003 mainstream is Jun 30 2008 and extended is Jun 30 2013)

    This is from MS.com. Difference between Mainstream and Extended support here.

    --
    Looking for hardware (Currently need: Large Etch-a-Sketch) Have one? See my journal!
  7. Re:Don't believe the hype. by Anonymous Coward · · Score: 4, Informative
    Sorry for posting this anonymously but I cannot legally speak for my company. We are a major worldwide bank and after months of testing (including Microsoft) we went with 2003 and haven't looked back.

    I admit my first reaction was "Global infrastructure on a service pack 0 platform ????" but after spending some time on the system my view changed entirely.

    Go with w2k3. You won't regret it.

    ps I am personally responsible for finding bugs that some of the hotfixes fix ;-)

  8. Re:Don't believe the hype. by weave · · Score: 3, Informative
    Just to throw this out, 2003 server doesn't play nice with kerberos 1.2.7 that is under RHEL 3. What makes it weirder is that it sometimes will auth with some people, and not others. So in a small test environment it will probably work well.

    The problem is that windows 0003 server's kerberos server will use tcp to send out large bits of data, like allegedly when a user is a member of a lot of groups. Kerberos 1.2 only uses udp.

    Kerberos 1.3 (used in Fedora) works just fine. We were able to get the Kerberos 1.3 source RPMs to compile under RHEL 3 but also had to get an updated e2fsprogs rpm and hand do a symlink for a library due to a minor version mismatch.

    OK, this may not apply to you but maybe someone reading this who has their RHEL boxes auth against AD in 2000 server may benefit.

  9. Re:Word of advice.. by Dibblah · · Score: 3, Informative

    Duh. Groups in W2k have only one 'member' attribute. When this gets replicated, the last writer wins.
    What this means is that the groups membership will 'loose' members if you change it in different places and wait for replication.
    This is one reason that 2k3 is better. It fixes this issue.