Windows Server 2003 La migrazione da Windows NT 4.0 a Windows Server 2003

13
Windows Server 2003 La migrazione da Windows NT 4.0 a Windows Server 2003 Relatore: [email protected] MCSE - MCT

description

Windows Server 2003 La migrazione da Windows NT 4.0 a Windows Server 2003. Relatore: [email protected] MCSE - MCT. Upgrading Domains. The Domain Upgrade Process. A domain upgrade: Upgrades a PDC to Windows Server 2003 and Active Directory - PowerPoint PPT Presentation

Transcript of Windows Server 2003 La migrazione da Windows NT 4.0 a Windows Server 2003

Page 1: Windows Server 2003 La migrazione da Windows NT 4.0 a Windows Server 2003

Windows Server 2003

La migrazione da Windows NT 4.0a Windows Server 2003

Relatore: [email protected]

MCSE - MCT

Page 2: Windows Server 2003 La migrazione da Windows NT 4.0 a Windows Server 2003

Upgrading Domains

Page 3: Windows Server 2003 La migrazione da Windows NT 4.0 a Windows Server 2003

The Domain Upgrade Process

A domain upgrade:

Upgrades a PDC to Windows Server 2003 and Active Directory

Maintains existing users, groups, computers, and applications

Prevent domain controller overloadPrevent domain controller overload

Upgrade the PDC to Windows Server 2003Upgrade the PDC to Windows Server 2003

Install and configure DNSInstall and configure DNS

Install Active DirectoryInstall Active Directory

11

33

44

22

Verify domain controller operationsVerify domain controller operations

Upgrade Windows NT 4.0 BDCsUpgrade Windows NT 4.0 BDCs

55

66

Page 4: Windows Server 2003 La migrazione da Windows NT 4.0 a Windows Server 2003

Effects of a Domain Upgrade on Groups

Forest and domain functional levels Local Global Domain

Local Universal

Windows NT 4.0(original domain)

Windows 2000 Mixed(allows multiple operating systems)

Windows 2000 Native(allows multiple operating systems)

Windows Server 2003 Interim

Windows Server 2003

Page 5: Windows Server 2003 La migrazione da Windows NT 4.0 a Windows Server 2003

Effects of a Domain Upgrade on Trust Relationships

To protect resource security:To protect resource security:

Audit memberships in all administrative groupsAudit memberships in all administrative groups11

Review DACLs for important resources Review DACLs for important resources 22

Windows Server 2003 Domains

2-WayTransitive

Trust

2-WayTransitive

Trust

2-WayTransitive

Trust

Res1Res1

ForestRoot

ForestRoot

Acct1Acct1 Acct2Acct2One-Way

Non-TransitiveTrust

One-WayNon-Transitive

Trust

2 One-WayNon-Transitive

Trust

Windows NT 4.0 Domains

Res1Res1

Acct1Acct1 Acct2Acct2

UpgradeUpgrade

Page 6: Windows Server 2003 La migrazione da Windows NT 4.0 a Windows Server 2003

Implications of Upgrading a PDC

What happens during a PDC upgrade?

The forest functional level can be set at either: Windows 2000 mixed Windows Server 2003 interim

Security level permissions are set at either: Permissions compatible with pre-Windows 2000 Permissions compatible only with Windows 2000 or

Windows Server 2003

The upgraded PDC holds the PDC emulator operations master role

Page 7: Windows Server 2003 La migrazione da Windows NT 4.0 a Windows Server 2003

How to Upgrade a Windows NT 4.0 PDC

Select Upgrade for the installation typeSelect Upgrade for the installation type

Verify that you are using a static IP addressVerify that you are using a static IP address

Configure DNS client settingsConfigure DNS client settings

Configure partitions as NTFSConfigure partitions as NTFS

11

44

22

33

Add a newly installed domain controllerAdd a newly installed domain controller11

Transfer operations master rolesTransfer operations master roles22

Reformat disk on upgraded domain controller and perform a clean installation

Reformat disk on upgraded domain controller and perform a clean installation

33

Transfer back any operations master rolesTransfer back any operations master roles44

Process minimizes adverse effects from any corrupted data on the PDC

prior to upgrade

Process minimizes adverse effects from any corrupted data on the PDC

prior to upgrade

To upgrade a PDC: Best practice to add additional domain controllers:

Install Active DirectoryInstall Active Directory55

Page 8: Windows Server 2003 La migrazione da Windows NT 4.0 a Windows Server 2003

How to Verify Domain Controller Operations

Verify trust relationshipsVerify trust relationships

Verify new user accounts can be createdVerify new user accounts can be created

Verify new user object replicationVerify new user object replication

Verify successful logonVerify successful logon

To verify Active Directory is functional:

11

33

44

22

At this point a complete recovery is still possible without any data lossAt this point a complete recovery is still possible without any data loss

Diagnostic tools:Use dcdiag.exe to verify the Active Directory serviceUse Repadmin.exe/showreps to verify the parent domainUse nltest.exe/bdc_query:domainname to verify the BDC replication status

Page 9: Windows Server 2003 La migrazione da Windows NT 4.0 a Windows Server 2003

How to Develop a Recovery Plan for a Domain Upgrade

Recovery plan:Details steps to roll back

directory services migration

Recovery plan:Details steps to roll back

directory services migration

Rollback strategy:A plan to return production environment

to the state before changes

Rollback strategy:A plan to return production environment

to the state before changes

Remove all computers running Windows Server 2003

Promote the offline BDC to a PDC

Recovery tasks:

Add a BDC to any domain that contains only a single domain controller

Document configuration of services and applications

Back up all services and applications to tape

Synchronize all BDCs with PDC

Take a fully synchronized BDC offline before upgrades are performed

Periodically start protected BDC while still in Windows 2000 mixed domain

To ensure that a domain can be rolled back:

Page 10: Windows Server 2003 La migrazione da Windows NT 4.0 a Windows Server 2003

How to Prevent the Domain Controller from Overloading

On the domain controller to be upgraded, browse to HKEY_LOCAL_MACHINE\SYSTEM\ CurrentControlSet\Services\Netlogon\Parameters

On the domain controller to be upgraded, browse to HKEY_LOCAL_MACHINE\SYSTEM\ CurrentControlSet\Services\Netlogon\Parameters

11

Repeat the procedure on each domain controllerRepeat the procedure on each domain controller33

After additional domain controllers have been added, set the value of the NT4Emulator registry key to 0, or delete the keyAfter additional domain controllers have been added, set the value of the NT4Emulator registry key to 0, or delete the key44

Add the REG_DWORD entry NT4Emulator with the value 1Add the REG_DWORD entry NT4Emulator with the value 122

Overload occurs when too many client computers request authentication from too few domain controllers

Overload occurs when too many client computers request authentication from too few domain controllers

Page 11: Windows Server 2003 La migrazione da Windows NT 4.0 a Windows Server 2003

How to Neutralize Windows NT 4.0 Domain Controller Emulation

The Active Directory installation will fail if the domain controller is configured to prevent domain controller overload

The Active Directory installation will fail if the domain controller is configured to prevent domain controller overload

Use NeutralizeNT4Emulator for the new entry nameUse NeutralizeNT4Emulator for the new entry name33

Change the DWORD valueChange the DWORD value22

In the Edit DWORD Value dialog box, type 1 In the Edit DWORD Value dialog box, type 1 55

Double-click the new entry nameDouble-click the new entry name44

Click Registry, and then click Exit Click Registry, and then click Exit 66

On the client computer, browse to HKEY_LOCAL_MACHINE\ SYSTEM\CurrentControlSet\Services\Netlogon\ParametersOn the client computer, browse to HKEY_LOCAL_MACHINE\ SYSTEM\CurrentControlSet\Services\Netlogon\Parameters11

Page 12: Windows Server 2003 La migrazione da Windows NT 4.0 a Windows Server 2003

How to Add Additional Domain Controllers

Process for upgrading a Windows NT 4.0 BDC:Process for upgrading a Windows NT 4.0 BDC:

Upgrade operating system to Windows Server 2003Upgrade operating system to Windows Server 200311Run the Active Directory Installation WizardRun the Active Directory Installation Wizard22

Add additional domain controllers for fault tolerance and load balancing

Add additional domain controllers for fault tolerance and load balancing

Add new servers running Windows Server 2003 to the domain and then install Active Directory

Take a Windows NT 4.0 BDC offline, reformat hard disk, then install Windows Server 2003 and Active Directory

Upgrade a Windows NT 4.0 BDC to Windows Server 2003

Options:

Page 13: Windows Server 2003 La migrazione da Windows NT 4.0 a Windows Server 2003

How to Complete the Upgrade

To complete the domain upgrade:To complete the domain upgrade:

Reconfigure the DNS serviceReconfigure the DNS service11

Eliminate anonymous connections to domain controllersEliminate anonymous connections to domain controllers33

Raise domain and forest functional levelsRaise domain and forest functional levels44

Move users and computers to an OUMove users and computers to an OU55

Add Windows NT 4.0 BDCs to the domain if necessaryAdd Windows NT 4.0 BDCs to the domain if necessary22