Windows Server 2003

La migrazione da Windows NT 4.0a Windows Server 2003

Relatore: Corrado.Cappucci@pipeline.it

MCSE - MCT

Agenda della giornata

Ore 09.30: Progettare la migrazione dei servizi di directory

Ore 11.00: Coffee Break

Ore 11.15: Preparare la migrazione dei servizi di directory

Ore 13.00: Intervallo

Ore 14.00: Gestione dei servizi di rete durante la migrazione

Ore 15.15: Coffee Break

Ore 15.30: Upgrading e ristrutturazione dei domini

Ore 17.30: Peculiarità della migrazione da Windows NT4 a SBS 2003

Ore 18.00: Domande & Risposte

Introduction to Migrating from Windows NT 4.0 to Windows

Server 2003

The Benefits of Migrating to Windows Server 2003

Domain consolidation

Enhanced security

Application support

Server performance

Centralized management with Group Policy

Simplified administration and resource management

Active Directory Design and Migration

Migration Deployment ProjectMigration Deployment Project

Planning the migration deployment

Designing a migration strategy

Deploying the migration

Planning the migration deployment

Designing a migration strategy

Deploying the migration

Forest plan

Domain plan

DNS namespace plan

OU plan

Site plan

Functional levels plan

Active DirectoryDesign

The Active Directory design is the input to the migration processThe Active Directory design is the input to the migration process

Migration Terminology

Moving user, group, and computer accounts from a Windows NT 4.0 domain to a Windows Server 2003 domainMoving user, group, and computer accounts from a Windows NT 4.0 domain to a Windows Server 2003 domaindomain migration

The domain from which security principals are being migratedThe domain from which security principals are being migratedsource domain

The domain into which security principals are being migratedThe domain into which security principals are being migratedtarget domain

A Windows NT 4.0 domain that contains user and group accountsA Windows NT 4.0 domain that contains user and group accountsaccount domain

A Windows NT 4.0 domain that hosts file, print, and otherservices and primarily contains computer accountsA Windows NT 4.0 domain that hosts file, print, and otherservices and primarily contains computer accountsresource domain

To restructure a larger number of domains into a lesser numberTo restructure a larger number of domains into a lesser number

domain consolidation

Provide backward compatibility for the different Windows operating systems that use Active DirectoryProvide backward compatibility for the different Windows operating systems that use Active Directoryfunctional levels

An attribute of Active Directory security principals that is used to store the former SIDs of moved objectsAn attribute of Active Directory security principals that is used to store the former SIDs of moved objectsSID-History

Migration Preparation Tasks

Clean up the SAM database

Install Windows NT 4.0 Service Pack 4 or later

Prepare the domain controller for migration

Prepare for a domain restructure

Ensure that DNS implementation supports Active Directory

Lock down the Windows NT 4.0–based environment

Relocate the LMRepl file

Migrate Remote Access Service

Freeze the Windows NT 4.0 domain controller environment

Interim Migration Tasks

Provide reliable naming resolution services during the migration

Identify possible interruptions to the DHCP Server service

Develop a strategy for planning remote access support

Maintain file replication services

Develop a strategy for transitioning from Windows NT 4.0 System Policy to Group Policy

Develop a strategy for transitioning from Windows NT 4.0 logon scripts to Group Policy

Test applications for functionality and interoperability

Verify if a service pack or newer version will make software functional

Guidelines for Identifying the Current Resources and Network Services

Identify:

Current network services, which include:

Logical organization of the network and services

Geographic locations and physical connectivity

Statically assigned IP address assignments and other network operating systems

DNS infrastructure

File and print resources

All backup and restore processes

Server Planning

11 Complete Active

Directory site topology

22 Determine the number of

domain controllers

33 Consider operations and services that

affect performance

44 Determine the minimum number of

domain controllers

A migration strategy:A migration strategy:

Components of a Migration Strategy

Migration pathThe migration path for each Windows NT 4.0 domain that will be migrated to Windows Server 2003

Migration sequence

The sequence for migrating all Windows NT 4.0 domains to Windows Server 2003

Forest root domain

The method for creating the forest root domain

A migration strategy consists of:

Determines the migration path for every domain in the organization

Determines the migration sequence

Defines the overall plan for how the migration will occur

Determines the migration path for every domain in the organization

Determines the migration sequence

Defines the overall plan for how the migration will occur

How to Develop a Migration Strategy

After determining an Active Directory design:After determining an Active Directory design:

Develop a domain upgrade or a restructure strategyDevelop a domain upgrade or a restructure strategy11

Plan deployment of migration strategyPlan deployment of migration strategy33

Choose a migration path Choose a migration path 22

Criteria for Selecting a Domain Migration Path

Migration path selection criteria Decision points

Domain structure Are the domain structures similar?

Downtime tolerance What is the tolerance for production downtime?

Risk tolerance What is the organization’s tolerance of risk?

Time constraints Is there a preference for a shortened timeline?

Resource availability Are the resources available for the migration?

Application compatibility

Are there server-based applications that are incompatible with Windows Server 2003?

Budget constraints What are the effects of decreasing budgets?

Available tools Are the necessary tools available to implement the migration?

A domain upgrade may notbe appropriate when:

Reasons for Selecting the Domain Upgrade Path

The existing domain structure is similar to the proposed

Some down time is acceptable

Minimal risk is required

The migration must be completed in the least amount of time possible

Resources to work on the migration are limited

Existing applications are compatible

Budget is limited for new hardware

No special tools are required

The existing domain structure is similar to the proposed

Some down time is acceptable

Minimal risk is required

The migration must be completed in the least amount of time possible

Resources to work on the migration are limited

Existing applications are compatible

Budget is limited for new hardware

No special tools are required

The existing domain infrastructure is ineffective or outdated

An infrastructure change directly impacts your production environment

There is little or no reduction in the number of servers

There is little or no reduction in administrative costs

The existing domain infrastructure is ineffective or outdated

An infrastructure change directly impacts your production environment

There is little or no reduction in the number of servers

There is little or no reduction in administrative costs

Select the domain upgrade pathwhen:

Your current domain infrastructure meets business needs

There is a potential short-term increase in hardware costs

Your current domain infrastructure meets business needs

There is a potential short-term increase in hardware costs

Reasons for Selecting the Domain Restructure Path

The existing structure does not meet the business or migration goals

Downtime cannot be tolerated

Some degree of risk can be incurred

There is enough time in the schedule

There are enough resources available

Some of the applications are not compatible with the new environment

There is enough money in the budget to buy additional hardware

ADMT can be used

The existing structure does not meet the business or migration goals

Downtime cannot be tolerated

Some degree of risk can be incurred

There is enough time in the schedule

There are enough resources available

Some of the applications are not compatible with the new environment

There is enough money in the budget to buy additional hardware

ADMT can be used

A domain restructure may not be appropriate when:

Select the domain restructure path when:

Rapid deployment of the restructured environment is a migration goal

The current environment is not similar to the proposed environment

Rapid deployment of the restructured environment is a migration goal

The current environment is not similar to the proposed environment

Reasons for Selecting the Upgrade and Restructure Path

The proposed Active Directory domain structure is similar to the existing domain structure

The organization wants to use certain Active Directory features early

The organization wants to implement a solution that presents the least amount of risk

The organization wants to restructure eventually

Resources are not available to perform a restructure

Lower short-term hardware costs and administrative costs are desired

ADMT can be used

The proposed Active Directory domain structure is similar to the existing domain structure

The organization wants to use certain Active Directory features early

The organization wants to implement a solution that presents the least amount of risk

The organization wants to restructure eventually

Resources are not available to perform a restructure

Lower short-term hardware costs and administrative costs are desired

ADMT can be used

Select the upgrade and restructure path when:

An upgrade followed by a restructure may not beappropriate when:

Criteria for Determining How to Create a Forest Root Domain

Issues of upgrading an existing domainIssues of upgrading an existing domain

Domain represents organizational headquarters

Region that has fastest network connection

Political issues of choosing domain to upgrade

Domain represents organizational headquarters

Region that has fastest network connection

Political issues of choosing domain to upgrade

Issues of creating a new forest root domainIssues of creating a new forest root domain

Creates a clean forest root

Serves as a neutral root so that no region appears to be subordinate

Overhead of creation and management of domain

Creates a clean forest root

Serves as a neutral root so that no region appears to be subordinate

Overhead of creation and management of domain

Create the forest root domain by:

Upgrading an existing Windows NT 4.0 domain

Running the Active Directory Installation Wizard on a computer running Windows Server 2003

The Recommended Sequence for Migrating Domains

Resource Domain

Resource Domain

Account DomainAccount Domain

Target OUTarget OU

Migrate the account domain

Migrate account domains first to:

Improve scalability of Active Directory

Delegate user administration

Migrate account domains first to:

Improve scalability of Active Directory

Delegate user administration

11

SourceSource

Resource Domain

Resource Domain

Target OUTarget OU

Migrate the resource domain22

Guidelines for Determining the Sequence for Upgrading Account Domains

Upgrade the domains in which you have the easiest physical access to the domain controllers

Upgrade the domains that will contain objects from restructured domains early in the process

Balance the risk versus the benefit of upgrading the domain

Guidelines for Determining the Sequence for Upgrading Resource Domains

Upgrade any domains that contain applications that require the features of Windows Server 2003

Upgrade domains that will contain objects from restructured domains early in the process

Upgrade domains with many client computer accounts

Guidelines for Determining the Sequence for Upgrading Domain Controllers

Upgrade the PDC first

Upgrade all of the BDCs after upgrading the PDC

Upgrade a BDC first if the PDC does not meet installation requirements

Promote the BDC to a PDC

Upgrade the newly promoted PDC to Windows Server 2003 and Active Directory

The Recommended Sequence for Restructuring Objects in a Domain

Migrate user and group accountsMigrate user and group accounts11

Migrate member serversMigrate member servers33

Move domain controllersMove domain controllers44

Migrate client computer accountsMigrate client computer accounts22