RIP, Windows 2000!

On Tuesday, Windows 2000 Advanced Server finally reached its end of support. Ten years is a long time for an OS release, and Microsoft’s server operating system has come a long way since then.  W2KAS and AD revolutionized the way the entire Microsoft world approached authentication (authN) and authorization (authZ); everything since then has been evolutionary.

NTS5B1I have fond memories of this OS because it also coincided with my move from Texas Instruments to Intel, and because I was writing a book about it. I clearly remember first learning about Windows 2000 (aka NT 5.0) and its Active Directory at the Professional Developer’s Conference in May of 1997. (I just yesterday ran across the tape set I purchased at the conference to study it.) Much of what seems blindingly obvious to me now was really confusing back then; Mark Minasi and I had some long conversations about it, and I cornered more than one speaker during those PDC evenings to answer my questions. My book was mainly focused on explaining what I’d learned about AD to an audience that had never seen it before.

I suspect that many people working in the IT infrastructure now, 10 years later, don’t realize how much W2KAS and AD shook up the security infrastructure of the day. It was possible to simply upgrade your NT4 domains to Windows 2000, but I believe very few did because Windows 2000, thanks to features like Kerberos, presented an opportunity to vastly simplify the multiple account and resource domains most companies had. Rest In Peace, Windows 2000!

To simplify, however, was a complicated process. Most companies went the route of creating a pristine new AD forest, coming up with an organizational unit (OU) structure, populating it with user accounts and groups, and migrating servers and workstations into this shiny new kingdom. If you had set up a one-way trust between the new AD domain(s) and the NT 4.0 resource domains, when the accounts had been moved (and the smoke-and-mirrors trick of SID History preserved their resource access – thank you Steve Grobman of Intel for selling Microsoft on the idea!) users could logon to the new W2K domains and access their old resources until the resources could be moved into the AD forest.

But it took years to get rid of the NT4 resource domains. Years. And I know we weren’t alone. Since then we’ve hopefully all moved on, first to Windows 2003, and many of us have moved (very slowly) to Windows 2008 or R2.

But you always fondly remember your first AD :).

 

 

 

 

 

 

 

Follow Sean Deuby on Twitter at @shorinsean.

Discuss this Blog Entry 1

Gerry (not verified)
on Jul 16, 2010
Hi! I enjoyed reading this article. My first certs were on Win2000, and I also thought back then how awesome AD was, and was constantly thinking how I was going to get out there and start convincing people to use AD. To this day, I still find myself in environments where the NT4 way of doing things somehow is the dominant scheme, and even if they have Win2003 or 2008, still has a taste of old, scripts everywhere instead of GPOs, for instance. So even if NT4 boxes are not out here anymore, the mindset still is. But slowly but surely everyone realizes the benefits of the new way of doing things, specially on R2. I guess that will be the way virtualization slowly creeps in IT environments over the next ten years.

Please or Register to post comments.

What's Windows IT Pro Archived Blogs?

Blog entries from the past

Blog Archive

Sponsored Introduction Continue on to (or wait seconds) ×