Differences With Windows 2000
Even though Active Directory was scalable enough to meet the needs of most organizations, there were some improvements to be made after several years of real-world deployment experience. Many of the functionality differences with Windows 2000 are the direct result of feedback from AD administrators.
As with the new features, we suggest you carefully review each of the differences and rate them according to the following categories:
It would positively affect my environment to a large degree.
It would positively affect my environment to a small degree.
It would negatively affect my environment.
The vast majority of differences are actually improvements that translate into something positive for you, but in some situations, such as with the security-related changes, the impact may cause you additional work initially.
- Single instance store
Unique security descriptors are stored once no matter how many times they are used as opposed to being stored separately for each instance. This alone can save upwards of 20%-40% of the space in your DIT after upgrading. Note that an offline defragmentation will have to be performed to reclaim the disk space.
- Account Lockout enhancements
Several bugs have been fixed which erroneously caused user lockouts in Windows 2000. A new Active Directory Users and Computers property page called Additional Account Info and the
lockoutstatus.exeutility are great troubleshooting tools for diagnosing lockout problems.- Improved event log ...
Get Active Directory, Second Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
