Active Directory includes a number of architectural changes. Although most of these are invisible if you don't look for them, it's valuable to understand what they do and how they work so you can manage and plan your domains more effectively. PartitioningA new feature of Active Directory in Windows Server 2003 is the capability to support application partitions. These partitions are sections of Active Directory that don't have to be replicated to every domain controller in a domain. For example, suppose you have a new line-of-business application that stores information in Active Directory. Only two of your branch offices use this application, and they each have their own domain controllers. You can instruct the application to store its information in a separate Active Directory partition and then configure that partition to replicate only to those two branch offices' domain controllers. You'll reduce replication traffic to other domain controllers, as well as saving hard drive space and memory on other domain controllers. You create and manage partitions entirely from the command line using the Ntdsutil utility (hopefully, a future update to Windows will include a GUI for this functionality). The process isn't complicated, but you do have to be careful because Ntdsutil doesn't provide much in the way of error-checking or undo capabilities. For step-by-step instructions, consult Windows Server 2003's online Help and Support Center and search for "application partitions." You'll also need to do some planning for your partitions because they get their own names . For example, in a domain named braincore.net , you might create an application partition named application.braincore.net . The fact that the partition looks like a child domain lets applicationseven those that don't know about partitionseasily store information there, but you need to be careful not to conflict with your domain naming scheme. Again, planning details can be found in the Help and Support Center. Schema DeactivationIn Windows 2000, you can extend the Active Directory schema to include custom classes and attributes. Many applications, including Microsoft Exchange 2000 Server, take advantage of this capability to store application data in Active Directory. The problem is that you can't subsequently delete the custom classes and attributes if you stop using the application. Windows Server 2003 still doesn't allow you to delete classes and attributes, but it comes one step closer. As shown in Figure 5.9, you can use the Active Directory Schema console to make classes or attributes defunct . To do so, you modify the properties for the attribute or class and simply clear the Active check box. You'll receive a warning message and, if you click OK, the class or attribute will be made defunct , meaning it cannot be used to create any new objects. Figure 5.9. Use the Schema console to mark classes and attributes as defunct.
Note that no Schema console is configured by default. You must follow these steps to get to this new feature:
Even though you still can't delete schema classes and attributes, you can at least ensure that they won't be used in new object definitions. Perhaps a future version of Windows will allow you to remove defunct classes after a period of time. Replication ImprovementsWindows Server 2003 offers some major improvements to replication, providing better performance in Windows Server 2003 domains. The major improvements include the following:
|