Rick, I agree that R2 adds new functionalities. As we all know R2 is an updated release of the Windows Server OS and it is not mandatory. My opinion is that R2 has some new cool features and my favorite is DFS-R!!!
Update Releases (http://www.microsoft.com/windowsserver2003/evaluation/overview/roadmap.mspx) Update releases integrate the previous major release with the latest service pack, selected feature packs, and new functionality. Because an update release is based on the previous major release, customers can incorporate it into their environment without any additional testing beyond what would be required for a typical service pack. Any additional functionality provided by an update would be optional and thus not affect application compatibility or require customers to re-certify or re-test applications. As you can see above, Microsoft states "Because an update release is based on the previous major release, customers can incorporate it into their environment without any additional testing beyond what would be required for a typical service pack" The integration on member servers is easy and straightforward and requires no testing as nothing will be enabled. The integration on DCs and the use of several component (print connections, DFS-R, etc) demand an extension of the AD schema to version 31 so the new objects and attributes are available for "print connections", DFS-R and Unix Identity Management. Some components also demand the installation and use of the new "Microsoft .NET Framework v2".. With this in mind, and for those who want to implement R2, my opinion is to still test and plan it. Especially for the new framework and the schema update. By the way: the R2 schema update does not change the PAS. What are your thoughts on this? Cheers, #JORGE# ________________________________ From: [EMAIL PROTECTED] on behalf of Rick Kingslan Sent: Wed 8/3/2005 11:24 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] R2 Functionality - (Was Biggest AD Gripes) Guido (and all, really)- You bring up a good point. There seems to be some misconception and misinformation (BTW, no one here is doing the misinformation - just to be clear) around R2. When R2 is installed (or whatever this is going to be called when released - it may be just Windows Server 2003 Release 2 - or it might be something else) it is really a series of modules that ADD FUNCTIONALITY. That's key - it adds functionality. Remember that Rights Management Services when run on Win2k3 really changes nothing in the way that the OS operates and communicates. Functionality of the base doesn't change. However, RMS adds functionality and has a very minor impact on AD - which is not a schema change, but a Service Point addition to allow detection and determination of what server(s) is/are running RMS. This is really what you'll see out of R2. ADFS (Active Directory Federation Services) for example, is not going to make a huge change to the underlying OS functions - nor is it going to make a big change to AD. It's going to provide a way to EXTEND AD into a Federated Service for Partner access/auth to a common AuthN mechanism (and much more - but it's not important at the moment). The important thing is that for this release - R2 is a collection of really valuable and cool enhancement that many, many customers have been asking for. However, the point is that they are plug-in modules. It's much like putting new rims, tires, a body kit, a stereo, lowering kit, and a fart can on your Honda. It's still a Honda, but you've added customized pieces to it. Think of R2 as these things for your Honda. (However, you might want R2 much more than you want a 'fart can' or a lowering kit...) As Guido mentions - and rightfully so, the big plumbing pieces aren't coming in until LH Server. However, THOSE are really going to be worth waiting for. Rick -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Grillenmeier, Guido Sent: Wednesday, August 03, 2005 10:57 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Biggest AD Gripes actually that's not the case Carlos - even after all DCs are upgraded to R2, SYSVOL is still using the legacy FRS replication mechanism. This won't change before Lonhorn. so it should stay on the list of gripes ;-) /Guido -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Carlos Magalhaes Sent: Dienstag, 2. August 2005 23:15 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Biggest AD Gripes * Using the new DFS-Replication mechanism in R2 for the SYSVOL This is available AFAIK if all your servers are running R2 :P Carlos Magalhaes -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dean Wells Sent: 02 August 2005 09:59 PM To: Send - AD mailing list Subject: RE: [ActiveDir] Biggest AD Gripes http://www.novell.com :o) Bloody NetWare bigot ... -- Dean Wells MSEtechnology * Email: [EMAIL PROTECTED] http://msetechnology.com -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Almeida Pinto, Jorge de Sent: Tuesday, August 02, 2005 2:06 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Biggest AD Gripes A while ago I put some AD feature thoughts in a textfile not knowing what to do with them at that moment Here goes: * Active Directory thoughts: * OU = security principal * Possibility to merge Forests * "Cut and paste" a domain from one forest to another * Domain concept: * Domain controller -> directory server (not specific to a certain domain, but hosting naming contexts) * Password policies not only per domain but also per OU * Keep domain as a replication boundary but remove the flat structure (prevent context login like NDS -> Aliases?) * Multiple replication boundaries (naming contexts) per directory server * Remove domain as an entity. Forest is only entity needed * Integrate file system and possible other resources into the directory (e.g. search where security principals are used) * Permissioning TOP-DOWN and BOTTOM-UP (file system) * Delegation of Control: ability to dictate MEMBERS attribute AND the MEMBEROF attribute (so the possibility exists to dictate which users can be added to what groups) * Disabling sidhistory? * Loginscripts at container level * Using the new DFS-Replication mechanism in R2 for the SYSVOL Just some thoughts. Interesting? Cheers, #JORGE# -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Tuesday, August 02, 2005 18:25 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Biggest AD Gripes So what are everyone's biggest AD Gripes? I am not talking about gripes about things that use AD like GPOs[1] or Exchange or NFS or anything else like that. I mean actual AD really missed the boat because of this that or the other thing. Like o I dislike that when you defunct an attribute it doesn't purge the information in the directory for that attribute. o The fact that AD Security policy is managed through a technology dependent on AD and replicates both within AD and the other technology. o I dislike that there is no true schema delete. o I dislike the fact that I can't specify which branches of the tree replicate where. o I dislike the fact that GUIDs are represented in multiple ways in the directory. o I dislike the implementation of property sets especially since they could be so incredible awesomely cool. Specifically I dislike that an attribute can only be in a single property set. o I dislike creator/owner on SDs. o I dislike the lack of configurable business rules. o I dislike the fact that I can't run multiple domains on a single domain controller. Etc etc. I have more but lets see what others say. Everyone pipe up. Let's pretend that MS will actually see this, let's further say let's pretend MS AD Developers will see this. What would you tell them if you were sitting in the room with them? joe [1] I do not consider GPOs to be part of AD. They are a technology that leverages AD. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/