11

UPGRADING AND MIGRATING TO WINDOWS SERVER 2003

Chapter 12

Chapter 12: UPGRADING AND MIGRATING TO WINDOWS SERVER 2003 2

UPGRADE OR MIGRATE

Clean installation

Upgrade

Migrate

Chapter 12: UPGRADING AND MIGRATING TO WINDOWS SERVER 2003 3

FROM WINDOWS NT 4.0 TO WINDOWS SERVER 2003

Upgrading Preparing to upgrade

Upgrading the PDC

Upgrading any BDCs

Completing post-upgrade tasks

Migrating

Chapter 12: UPGRADING AND MIGRATING TO WINDOWS SERVER 2003 4

PREPARING TO UPGRADE

Set up a test environment.

Document the existing environment.

Back up your data.

Ensure all Windows NT 4.0 versions are running service pack 5.0 or later.

Chapter 12: UPGRADING AND MIGRATING TO WINDOWS SERVER 2003 5

ADDITIONAL UPGRADE PREPARATIONS

Verify hardware meets requirements winnt32 /checkupgradeonly

Microsoft Web site

Prepare DNS environment Plan to create a new zone

Delegate DNS zone, if necessary NS record for new zone

Host record (glue record)

Chapter 12: UPGRADING AND MIGRATING TO WINDOWS SERVER 2003 6

LAN MANAGER REPLICATION

Used to propagate read-only information. Typically user profiles and logon scripts to backup

domain controllers (BDCs)

May be used to copy other information to other servers and workstations

Lbridge.cmd is used to copy files from Windows Server 2003 domain controllers to the Windows NT 4.0 export server.

The export server copies to all remaining import servers on the Windows NT 4.0 domain.

Chapter 12: UPGRADING AND MIGRATING TO WINDOWS SERVER 2003 7

WINDOWS SERVER 2003 MEMBER SERVERS

You can add or upgrade member servers before you upgrade the Windows NT 4.0 domain.

Upgrade any Windows NT 4.0 RAS servers. Windows NT 4.0, RAS servers make NULL

sessions.

If you must support Windows NT 4.0 RAS, you must weaken security.

Chapter 12: UPGRADING AND MIGRATING TO WINDOWS SERVER 2003 8

UPGRADING THE PDC

Domain structures: Single-domain strategy

Multi-domain strategy

Upgrade the PDC of the largest accounts’ domain first.

Chapter 12: UPGRADING AND MIGRATING TO WINDOWS SERVER 2003 9

A. DATUM CORPORATION’S WINDOWS NT 4.0 NETWORK

Chapter 12: UPGRADING AND MIGRATING TO WINDOWS SERVER 2003 10

A. DATUM CORPORATION’S WINDOWS SERVER 2003 DOMAIN

Chapter 12: UPGRADING AND MIGRATING TO WINDOWS SERVER 2003 11

MIGRATING EXTERNAL RESOURCES

Source Domains Trust the Target Domain

Chapter 12: UPGRADING AND MIGRATING TO WINDOWS SERVER 2003 12

UPGRADE PROCESS

Chapter 12: UPGRADING AND MIGRATING TO WINDOWS SERVER 2003 13

MIGRATION TYPES

Interforest

Intraforest

Chapter 12: UPGRADING AND MIGRATING TO WINDOWS SERVER 2003 14

INTERFOREST MIGRATION

Windows NT 4.0 to Active Directory

Between two different Active Directory forests

Cloning is usually the process for this type of migration Active Directory Migration Tool (ADMT)

ClonePrincipal

Netdom

Chapter 12: UPGRADING AND MIGRATING TO WINDOWS SERVER 2003 15

INTRAFOREST MIGRATION

Does not include Windows NT 4.0 domains

Windows 2000 or Windows Server 2003 domains only

Objects are typically moved (destructive) ADMT

Movetree

Netdom

Chapter 12: UPGRADING AND MIGRATING TO WINDOWS SERVER 2003 16

ACTIVE DIRECTORY MIGRATION TOOL (ADMT)

ADMIGRATION.MSI Windows Server 2003 CD-ROM in the i386\

admt folder

Microsoft Web site

Run from PDC emulator

Source domain Windows NT 4.0 Service Pack 4 (SP4)

Target domain in Windows 2000 native functional level

Chapter 12: UPGRADING AND MIGRATING TO WINDOWS SERVER 2003 17

PREPARING TO USE ADMT

Source domain must trust the target domain

Source Domain Admins must be Administrators on destination domain

Migrating SID History Domain$$$ group

Success and Failure auditing for user and group management must be enabled on source domain

TcpipClientSupport key must be set to 1

Chapter 12: UPGRADING AND MIGRATING TO WINDOWS SERVER 2003 18

ADMT AND MIGRATING SID HISTORY

Chapter 12: UPGRADING AND MIGRATING TO WINDOWS SERVER 2003 19

PASSWORD OPTIONS AND MIGRATION ERRORS

Chapter 12: UPGRADING AND MIGRATING TO WINDOWS SERVER 2003 20

PASSWORD MIGRATION PROCEDURES

Chapter 12: UPGRADING AND MIGRATING TO WINDOWS SERVER 2003 21

MULTI-DOMAIN DOMAIN STRATEGY

Chapter 12: UPGRADING AND MIGRATING TO WINDOWS SERVER 2003 22

MULTI-DOMAIN STRATEGY STEPS

Create a Windows Server 2003 empty forest root domain.

Modify the domain and forest function levels.

Create delegation entries in DNS, as needed.

Upgrade the Windows NT 4.0 PDC.

Create delegation entries for BDCs and upgrade them.

Chapter 12: UPGRADING AND MIGRATING TO WINDOWS SERVER 2003 23

MULTI-DOMAIN STRATEGY STEPS (continued)

Raise domain functional level.

Upgrade remaining domains using same procedure.

Raise forest functional level.

Chapter 12: UPGRADING AND MIGRATING TO WINDOWS SERVER 2003 24

PREPARING WINDOWS 2000 FOR THE UPGRADE

Error message appears if you do not first run Adprep before a Windows 2000 upgrade

Adprep /forestprep

Adprep /domainprep

Chapter 12: UPGRADING AND MIGRATING TO WINDOWS SERVER 2003 25

UPGRADING TO WINDOWS SERVER 2003

Either Windows 2000 or Windows NT 4.0 operating systems

Required user rights Back up files and directories

Modify firmware environment values

Restore files and directories

Shut down the system

Default Administrator and Administrators group should have all needed permissions

Chapter 12: UPGRADING AND MIGRATING TO WINDOWS SERVER 2003 26

WINDOWS 2000 TO WINDOWS SERVER 2003

Can be interforest or intraforest.

Prerequisites for using ADMT. Administrator rights are required on all objects

to be migrated

Must also be a Domain Admins group member in both source and target domain

Source domain must trust the target domain

As discussed earlier, there are additional requirements for migrating passwords and SID History.

Chapter 12: UPGRADING AND MIGRATING TO WINDOWS SERVER 2003 27

SUMMARY

Upgrade or migration decisions. Test and document before you begin. What functional level is required for

migrations? What can you use to keep a Windows NT 4.0

domain replication in sync with a partially migrated network?

What are the extra requirements for migrating SID History?

How do you prepare a Windows 2000 forest/domain for upgrade?