Windows Server 2003 End of Life and Active Directory
Why should you be concerned with that now “old” Windows 2003 server in your environment? WOW, it’s tough to imagine that we can actually call Windows 2003 old. It feels as if it just recently took over as the staple of your server OS environment. Similar to the dreaded End of Life (EOL) countdown of XP on the desktops, Microsoft has announced that, as of July 14th 2015, Windows Server 2003 will be EOL. How that directly affects everyone mainly concerns support and development of Microsoft themselves. 2003 will still run in your environment but the next time you get hit, “Hey, what is going on, I need to open a ticket on this” will fall on deaf ears. Even worse, those hotfixes constantly, and sometimes painfully, being pushed out to protect not only that single machine but the entire environment will now be gone. When 2012 was discovered to have major security vulnerabilities in its Remote Desktop Protocol (RDP) a patch was immediately released to solve that issue. These functions will end for 2003 as soon as it reaches the end of its life.
What that really means is it’s time to start the transition to Windows Server 2012, 2012 R2, or even 2016 with rumored release dates for early next year.
Understanding the “need” to upgrade the server environment can sometimes be enough, but really it comes down to the “why”. In this case, the number of “whys” aren’t only on the server side but heavily on the features and functions. These are not only things that impact your MEDITECH servers but maybe your entire environment. Windows Server 2012 has great impact for Active Directory (AD). If you don’t use AD, you have most certainly heard of it. In Windows Server 2012, we have some functionally we’ve been waiting for. There are now virtual machine cloning capabilities, true DHCP failover has been built in, PowerShell cmdlets have grown by over 2000. An upgrade to Windows Server 2012 is the perfect opportunity to upgrade and redeploy AD.
The link to the full documentation is below. Trust us, it’s not as boring as it sounds. Only 36 pages or so and it stays at a high enough level to keep everyone from falling asleep!
With just the little bit we’ve touched on, if you are still running Windows 2003 in your environment, or even worse still running your AD on Windows 2003 servers, it really should be a high priority to come up with a plan to move on. Not only are there features that could really improve your infrastructure, but the security holes you could leave open, and the possible down time you could encounter, should most certainly turn some heads.
Recently at a customer site, we encountered an AD environment running on Windows Server 2003 at a functional level of 2000. We were performing an assessment determining their compatibility to transition to OpSus|Live, Infrastructure as a Service. The site was using a single-name domain space as it was a feature of Windows 2000, but we needed to run adprep.exe to allow the addition of a 2008 domain controller. Windows Server 2008 R2 is incompatible with single-name domain spaces. We had to set up new servers, create a new domain, and migrate the old to the new. The net result of running an EOL operating system was additional capital expenditure and significant delay in the transition to hosting.
Of course, this migration could be a large undertaking and there should be a plan tailored to your environment to transition to a newer version of Windows Server. If you have a plan, it’s time to start implementing. If you do not have a plan, it’s time to get one going.
- Leo Maguire and Mike Donahue