The first version of Active Directory with Windows 2000 was surprisingly stable and robust. That said, since Active Directory is such a complex and broad technology, there was still much room for improvement. There were some issues with scalability, such as the infamous 5,000-member soft limit with groups or the 300-site soft limit, which may have imposed artificial limitations on how you implemented Active Directory. Both of these issues were resolved in Windows Server 2003. The default security setup with Windows 2000 Active Directory out-of-the-box was not as secure as it should have been. Signed LDAP traffic and other security enhancements have since been added into service packs, but they are provided by default as of Windows Server 2003. Finally, manageability was another area that needed work in Active Directory. Windows Server 2003 added numerous command-line utilities along with some significant improvements to the administrative snap-ins.

We have highlighted a few key areas where Active Directory was improved in Windows Server 2003, and we’ll describe more new features in the next section. If you already have a Windows 2000 Active Directory infrastructure deployed, your next big decision will be when to upgrade. At the time of publication, chances are you should be thinking of when to upgrade to Windows Server 2008 rather than Windows Server 2003. We still recommend you read the chapters on upgrading to Windows Server 2003 and ...