Differences with Windows 2000
Even though Active Directory was scalable enough to meet the needs of most organizations, there were some improvements to be made after several years of real-world deployment experience. Many of the functionality differences with Windows 2000 are the direct result of feedback from AD administrators.
As with the new features, we suggest you carefully review each of the differences and rate them according to the following categories:
It would positively affect my environment to a large degree.
It would positively affect my environment to a small degree.
It would negatively affect my environment.
The vast majority of differences are actually improvements that translate into something positive for you, but in some situations, such as with the security-related changes, the impact may cause you additional work initially.
- Single instance store
Unique security descriptors are stored once no matter how many times they are used, as opposed to being stored separately for each instance. This alone can save upwards of 20%-40% of the space in your DIT after upgrading. Note that an offline defragmentation will have to be performed to reclaim the disk space on upgraded domain controllers.
- Account Lockout enhancements
Several bugs have been fixed that erroneously caused user lockouts in Windows 2000.
- Improved event log messages
There are several new event log messages that will aid in troubleshooting replication, DNS, FRS, etc.
- Link value replication (LVR )
Replication ...
Get Active Directory, 3rd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
