R2 Moves Windows Server 2003 Forward

ADFS and Windows SharePoint Services
R2's new ADFS lets you extend internal Webbased applications to external users (e.g., customers, partners, suppliers)—for example, by letting an organization's partners use the same Web single sign-on (SSO) that's used within the organization's domain. Currently ADFS works only for Web-based applications. ADFS is different from other identity management products such as Microsoft Identity Integration Server 2003 Enterprise Edition (MIIS). ADFS effectively extends the visibility of objects in a directory service to other organizations, thereby giving access to external services and using only one account. MIIS synchronizes and replicates objects and their changes between multiple object repositories. In MIIS one principal (i.e., user) has multiple accounts, which MIIS keeps in sync; a single account password gives the illusion that only one account exists for a particular principal. For a more detailed explanation of how ADFS works, see the Web-exclusive sidebar "ADFS Architecture," http://www .windowsitpro.com, InstantDoc ID 48252.

The latest version of Windows SharePoint Services, SP2, provides full support for Windows .NET Framework 2.0, which eliminates the requirement of having .NET Framework 1.1 installed to use Windows SharePoint Services. However, Windows SharePoint Services SP2 doesn't currently leverage new .NET Framework 2.0 features, such as the new Web-part framework. But components you write to run with Windows SharePoint Services can now use full .NET Framework 2.0 functionality.

Another Windows SharePoint Services improvement is its enhanced extranet support. Windows SharePoint Services now dynamically uses the correct URLs depending on whether the client is on an internal or external network. This new feature lets you use different URLs for a Windows SharePoint Services site's external and internal users. And, as are many of the R2 components, Windows SharePoint Services is 64-bit compatible; that is, Microsoft has tested it on 64-bit systems, although it actually runs on the Windows 32-bit emulator layer.

Application Platform
As I mentioned, R2 includes .NET Framework 2.0, which is required for other parts of R2 and is installed automatically when you select the required R2 components. Also now included in R2 is ADAM, which applications and services typically use to store information that isn't used globally and doesn't warrant modifying the schema of the AD forest. ADAM complements AD: AD functions as the identity store, whereas ADAM acts as the application store.

R2 also contains a new version of MMC (2.1/3.0). This new MMC version makes it much easier to create snap-ins for MMC via the MMC managed-code framework and by using standard WinForms controls, which you can develop by using the Visual Studio (VS) designer. MMC now also has better isolation between snap-ins, which prevents one snap-in from hanging, causingthe other MMC snap-ins to stop functioning.

Improvements to the MMC UI include a new action pane. Snap-ins written to take advantage of MMC 2.1 or later can contain specific options. Older snap-ins can now display the in-focus object's specific contextmenu actions, which makes them more obvious to users, who no longer need rightclick options. R2 also provides a new, easiertouse Add or Remove Snap-ins dialog box, which Figure 1 shows and which makes adding snap-ins a far more intuitive procedure and greatly simplifies the process of creating your console view. The Edit Extensions button now provides a simple view of extensions that will be included in extensible snap-ins by default and lets you include or exclude specific extensions.

Application developers will appreciate Common Log File System (CLFS), which makes its debut in R2. You can think of CLFS as a mechanism for providing a robust logging environment to both kernel-and user-mode applications via the supplied loadable driver. CLFS is designed explicitly for situations that require any type of logged data to be written and read sequentially, for example, in data replication or transactional processing. CLFS is highly configurable; it allows linear and circular logging and single or multistream data input and gives the user process full control over when log file data is flushed to disk.

Operational Infrastructure
If your organization runs UNIX systems, you'll benefit from the new Identity Management for UNIX feature in R2. Identity Management for UNIX consists of two components: Server for Network Information Service (NIS) and Password Synchronization. Server for NIS lets you specify a DC from an AD environment as the master NIS server for the UNIX environment. Additional DCs in the domain can have Server for NIS installed, which lets them act as NIS subordinates (or slaves). Because the R2 AD schema is fully Request for Comments (RFC) 2307 compliant, UNIX and Linux clients can directly access AD by using LDAP.

As its name suggests, the Password Synchronization component allows synchronization of passwords between individual local accounts on a Windows computer or synchronization of passwords on an entire AD domain to individual UNIX hosts or all computers in an NIS domain. This synchronization allows a common set of accounts to be used between platforms and can be unior bidirectional in nature. If you understand MIIS's password-synchronization requirements, the Identity Management for UNIX Password Synchronization requirements will seem familiar. For Password Synchronization to function, password-synchronization services must be installed on all DCs in the domain to enable the DCs to intercept password-change requests, so that the DCs can send them to their UNIX counterparts.