![首頁 Logo Keith ]p !!](/themes/mytheme/logo.png){kind=logo}
Windows Server 2003 is grounded in the same Active Directory structure in Windows 2000 where each domain controller holds a read-write copy of the AD database, relying on multi-master replication to keep everything up-to-date.
Windows Server 2003
dsadd
dsmove
dsrm
dsquery
dsget
"Install From Media" feature.
initially populate the Active Directory database using a System State backup from an existing DC
replication enhancements
=========================
Windows 2000 - Replication delays + Inconsistent replication
Microsoft published a size limitation where you could not place more than 5,000 members in a single group object
(since the membership list was replicated as a single block)
Windows 2003 - linked-value replication
addition, removal would be replicated as two separate transactions
Service Pack 1
tombstoned object
This allows the deletion to be replicated properly to other domain controllers.
tombstone lifetime
2000 => 60
2003 => 180 (not automatically change when you upgrade to Windows Server 2003 SP1)
2003 R2 => 60
SID History attribute to the list of attributes that are retained when an object is tombstoned
When an Active Directory object is tombstoned, it is stripped of most of its attributes, so the tombstoned object only takes up a fraction of the size of the original object within the Active Directory database
SID History
============
Windows 2000 introduced a feature called SID History, which allows migrated user objects to retain records of any old SIDs they once possessed.
if you restored an object, any previous SIDs that were recorded in its SID History were lost. Fortunately, Windows Server 2003 SP1 includes SID History among the attributes retained when an object is deleted.
Ntdsutil utility has a greatly simplified syntax to remove extinct server metadata from the AD database. Extinct server metadata is created when a domain controller suffers an irretrievable hardware failure or is otherwise removed from the directory without using the Dcpromo tool.
The authoritative restore process provides a much cleaner option for restoring group memberships of authoritatively restored users, groups and computer objects by generating an LDIF file that contains any back-link references for restored objects.
