Windows Server 2003

by

Windows Server 2003 / 2008 / 2012 Group Policy (ADMX, ADML, ADM) – Mixed mode

If you’re running a mixed environment where you have Windows Server 2003, 2008 and 2012, can you manage Group Policy in this side-by-side environment?

Yes, but it’s important to note that in Windows Server 2008, Microsoft introduced a central store (to avoid GPO bloating) with ADMX and ADML templates to manage your  Group Policy (GP).

Windows Server 2003 (ADM Templates)

Windows Server 2008 and higher (ADMX and ADML Templates)

————————————————————————————————————————–

Question:

Can you run two GP environments side-by-side (ADMX/ADML and ADM) without causing problems, and is this supported (central store and ADM)?

Answer:

Yes, but ADMX template always win if in conflict with ADM.

————————————————————————————————————————–

Question:

If we start using a central store and manage our custom ADM through higher OS level would this jeopardise any configuration on the existing ADM’s?

Answer:

No, this will be fine.

————————————————————————————————————————–

Recommend Approach:

The best recommend approach is to move ADMX and migrate the ADM to ADMX using full armours ADMX migration tool.

XML-based format with Full Armor’s release of the ADMX Migrator tool, which Microsoft has licensed and made available through the Download Center.  This tool provides a mechanism to convert your existing ADM files into ADMX format via a simple but effective user interface.  This tool can also be used to create ADMX files afresh, which means you now have a way to create ADMX files without needing to understand the underlying ADMX format.

Links:

ADMX Migrator: https://www.microsoft.com/en-us/download/details.aspx?id=15058

Group Policy Team Blog:  http://blogs.technet.com/b/grouppolicy/

 

 

 

by

Active Directory and Windows Server 2003 End of Support – July 14th 2015

The date is soon upon us (14th July 2015) when mainstream support for Windows Server 2003 stops!

So what if you still have Windows Server 2003 in your environment?  Well, there will not be any patches, hotfixes or support available unless you have signed up for “special” extended support directly with Microsoft.

However it’s important to distinguish between Windows Server Active Directory level and the running Operating System.

Jeff Woolsey – Principal Group Program Manager for Windows Servers Virtualisation answered these questions:

————————————————————————————————————————–

Question:

Active Directory has long offered the ability to operate at a “Windows Server 2003 Forest Functional Level” and “Windows Server 2003 Domain Functional Level.” How does this feature and functionality relate to the impending Windows Server 2003 End of Support on July 14th, 2015? Will this feature still be supported after July 14th 2015?

Answer:

Windows Server Active Directory Forest Functional Level (FFL)/Domain Functional Level (DFL) is not tied to any OS release (even though we named the feature that way). In this case, Windows Server 2003 FFL/DFL was introduced with Windows Server 2003 Active Directory, however, the ability for a Domain Controller to run at this level (AD version) is present in:

  • Windows Server 2008
  • Windows Server 2008 R2
  • Windows Server 2012
  • Windows Server 2012 R2

Thus, Active Directory 2003 FFL/DFL for a forest/domain where all domain controllers are using Windows Server 2008 or above will continue to be supported as those operating systems are still within extended support.

————————————————————————————————————————–

Question:

Do customers need to upgrade the Forest/Domain Functional Level beyond 2003 FFL/DFL  to obtain support?

Answer:

No. Support for Active Directory 2003 FFL/DFL for a forest/domain where all domain controllers are Windows Server 2008 or above will continue to be supported as those operating systems are still within extended support.

————————————————————————————————————————–

Question:

Is Active Directory 2003 FFL/DFL still supported with Windows Server 2012/2012 R2 Domain Controllers?

Answer:

Yes. Windows Server 2012/2012 R2 still support for Active Directory 2003 FFL/DFL. However, Microsoft’s recommendation and best practice is to adopt a higher FFL/DFL as soon as practical to ensure that all new deployments use Distributed File System Replication (DFSR) and take advantage of numerous new features and security enhancements such as:

  1. Claims Based Authentication
  2. Kerberos Armoring
  3. Fine Grained Password Policies
  4. And more…

————————————————————————————————————————–

Question:

Is Active Directory 2003 FFL/DFL included with Windows Server v.Next?

Answer:

No. As Windows Server 2003 will soon be out of support, Active Directory 2003 FFL/DFL will be marked deprecated with the next release of Windows Server. We will no longer allow customers to create new forests/domains with these functional levels. This is primarily to ensure that all new deployments use Distribute File System Replication DFSR (and move away from the legacy File Replication Service FRS). Our guidance to customers is to move to a higher DFL/FFL as soon as practical to avoid future issues.

————————————————————————————————————————–

Question:

Where can I learn more about the differences in Active Directory Functional Level?

Answer:

To learn more about the enhancements in Active Directory Functional Level, click here:

https://technet.microsoft.com/en-us/library/understanding-active-directory-functional-levels(v=ws.10).aspx

————————————————————————————————————————–