And the server vulnerability vectors are?
So for windows 2003 servers to be at risk they have to be connected to a rogue network.
Most servers are not connected to a wireless network at all and generally for larger businesses are in physically hard to access locations. Therefore the main vulnerabilities seem to be:
Access to the network connection anywhere between the windows 2003 server the AD server (could be in a remote office, and over a 3rd party link - hello spooks!)
Virtual servers carried around on laptops (eg demos) which you might connect via a wireless network or plug into a home network
Home based and small business servers where they are connected to wireless networks or just generally not too hard to access
Physical server access (duh) though they only have to plug a cable in and not access via console therefore leaving no obvious trace
and this only has to happen anywhere in your domain for you to have an owned server inside the corporate firewall...