Windows Tip Sheet
But I Don't WANT to Upgrade!
You don't have to upgrade to take advantage of some of Windows 2003 tools.
Sometimes, new product features are too cool not to live without. Like
the drag and drop capability offered by AD Users and Computers (ADUC)
or the Resultant Set of Policy (RSoP) Wizard, both offered in Windows
2003. But convincing the boss to undergo a major enterprise upgrade just
for the sake of a few features…well, good luck. If you can do it,
let me know, because I want to come work at your company.
Guess What? You Don't Have to Upgrade!
Fortunately, some features don't require a full-on enterprise upgrade.
For example, consider the two features I just mentioned, drag and drop
and RSoP in Win2003's ADUC. You can get both features in an all-Windows
2000 domain, provided you have at least one Win2003 DC somewhere in the
Keep in mind that, normally, ADUC will connect to whatever DC authenticated
you. So, even if you've installed the Win2003 AdminPak.msi and you have
the new ADUC snap-in, when it connects to a Win2K DC you won't be able
to use any of Win2003's cool new features. But that doesn't mean you're
stuck! You can right-click the domain in ADUC to target a different DC.
Just make sure your domain contains at least one Win2003 DC (which works
just fine in an all-Win2K domain, by the way), and have ADUC specifically
target that DC (make sure you're using the Win2003 version of ADUC, of
Win2003 DCs can process RSoP queries, allowing you to use this powerful
tool for planning and troubleshooting Group Policy Object application
throughout the domain. Win2003 DCs can also process object drag and drop,
such as dragging a user from one domain to another (yes, you could just
right-click the user and select "Move" but drag and drop is
so much cooler).
There's a bunch of Win2003 features that work just fine without a native
Win2003 domain. For example, Win2003 DCs cache universal security group
membership information, allowing the DC to process user logons even if
a GC isn't immediately available. Any Win2003 DC can do this, even if
it's in a Win2K domain and even if it's the only Win2003 DC you own.
If you frequently open a command-line window by typing
"cmd" at the Run prompt, you may not be happy
with the default directory Windows picks. Change it
by modifying HKEY_CURRENT_USER\Software\Microsoft\CommandProcessor:
There's an AutoRun value that needs to be set to CD
/D C:\ to start new command windows at the C:\
Do you know where your Flexible Single-Master Operations
(FSMO) roles are? Use the Netdom.exe utility (part of
the Support Tools) to query the domain and find out.
Hang a poster in the datacenter listing each of the
five FSMOs and their current holder. That way if one
of those servers goes down, you'll remember that it
held a FSMO role and be able to decide whether or not
the role needs to be seized on another DC.
Microsoft's technical resources for Win2003, including new features: http://www.microsoft.com/windowsserver2003/techinfo/default.mspx
Download the Win2003 AdminPak: http://www.microsoft.com/downloads/details.aspx?FamilyID=
Read this before installing the Win2003 AdminPak on WinXP: http://support.microsoft.com/default.aspx?scid=kb;en-us;304718
Don Jones is a multiple-year recipient of Microsoft’s MVP Award, and is Curriculum Director for IT Pro Content for video training company Pluralsight. Don is also a co-founder and President of PowerShell.org, a community dedicated to Microsoft’s Windows PowerShell technology. Don has more than two decades of experience in the IT industry, and specializes in the Microsoft business technology platform. He’s the author of more than 50 technology books, an accomplished IT journalist, and a sought-after speaker and instructor at conferences worldwide. Reach Don on Twitter at @concentratedDon, or on Facebook at Facebook.com/ConcentratedDon.