Installed Server 2003 in two virtual machines ("server1" and "server2") this evening. Made them domain controllers for the same domain. Learned how to force replication via ADSS. Disabled the default domain GP password settings & tried to create a user w/ no password; this failed with "Windows cannot create the object because: Unable to update the password. The value provided for the new password does not meet the length, complexity, or history requirement of the domain." Running gpupdate by itself didn't help, but running gpupdate /force did.
Windows allows you turn off Global Catalog functionality completely in a domain, but if you try to create a user after that, it reports "Windows cannot verify that the user name is unique because the following error occurred while contacting the global catalog: The directory service is unavailable. Windows will create this user account, but the user can log on only after the user name is verified to be unique. Make the sure the global catalog is available." If the user that you create in this offline state is a duplicate, the global catalog server will keep the duplicate account name but assign a unique SID and append gibberish to the name in AD.
A cool tool for viewing an account's SID or last logon/off date comes with the Server 2003 Resource Kit. After you download and install the kit (it's free), run regsvr32 "C:\Program Files\Windows Resource Kits\Tools\acctinfo.dll".
Despite the fact that my two domain controllers are running in the default forest/domain modes, intrasite replication happens almost immediately! I thought you'd have to wait 15 minutes or 5 minutes or 15 seconds.
In other news, Windows Server 2008 was released yesterday (February 28) and I took 70-297 last Saturday, but failed.
