1

UPGRADING AND MIGRATING TO WINDOWS SERVER 2003

Chapter 12

Chapter 12: UPGRADING AND MIGRATING TO WINDOWS SERVER 2003 2

UPGRADE OR MIGRATE Clean installation Upgrade Migrate

Chapter 12: UPGRADING AND MIGRATING TO WINDOWS SERVER 2003 3

FROM WINDOWS NT 4.0 TO WINDOWS SERVER 2003 Upgrading

Preparing to upgrade Upgrading the PDC Upgrading any BDCs Completing post-upgrade tasks

Migrating

Chapter 12: UPGRADING AND MIGRATING TO WINDOWS SERVER 2003 4

PREPARING TO UPGRADE Set up a test environment. Document the existing environment. Back up your data. Ensure all Windows NT 4.0 versions are

running service pack 5.0 or later.

Chapter 12: UPGRADING AND MIGRATING TO WINDOWS SERVER 2003 5

ADDITIONAL UPGRADE PREPARATIONS Verify hardware meets requirements

winnt32 /checkupgradeonly Microsoft Web site

Prepare DNS environment Plan to create a new zone Delegate DNS zone, if necessary

NS record for new zone Host record (glue record)

Chapter 12: UPGRADING AND MIGRATING TO WINDOWS SERVER 2003 6

LAN MANAGER REPLICATION Used to propagate read-only information.

Typically user profiles and logon scripts to backup domain controllers (BDCs)

May be used to copy other information to other servers and workstations

Lbridge.cmd is used to copy files from Windows Server 2003 domain controllers to the Windows NT 4.0 export server. The export server copies to all remaining import servers on the Windows NT 4.0 domain.

Chapter 12: UPGRADING AND MIGRATING TO WINDOWS SERVER 2003 7

WINDOWS SERVER 2003 MEMBER SERVERS You can add or upgrade member servers

before you upgrade the Windows NT 4.0 domain.

Upgrade any Windows NT 4.0 RAS servers. Windows NT 4.0, RAS servers make NULL

sessions. If you must support Windows NT 4.0 RAS,

you must weaken security.

Chapter 12: UPGRADING AND MIGRATING TO WINDOWS SERVER 2003 8

UPGRADING THE PDC Domain structures:

Single-domain strategy Multi-domain strategy

Upgrade the PDC of the largest accounts’ domain first.

Chapter 12: UPGRADING AND MIGRATING TO WINDOWS SERVER 2003 9

A. DATUM CORPORATION’S WINDOWS NT 4.0 NETWORK

Chapter 12: UPGRADING AND MIGRATING TO WINDOWS SERVER 2003 10

A. DATUM CORPORATION’S WINDOWS SERVER 2003 DOMAIN

Chapter 12: UPGRADING AND MIGRATING TO WINDOWS SERVER 2003 11

MIGRATING EXTERNAL RESOURCES

Source Domains Trust the Target Domain

Chapter 12: UPGRADING AND MIGRATING TO WINDOWS SERVER 2003 12

UPGRADE PROCESS

Chapter 12: UPGRADING AND MIGRATING TO WINDOWS SERVER 2003 13

MIGRATION TYPES Interforest Intraforest

Chapter 12: UPGRADING AND MIGRATING TO WINDOWS SERVER 2003 14

INTERFOREST MIGRATION Windows NT 4.0 to Active Directory Between two different Active Directory

forests Cloning is usually the process for this type

of migration Active Directory Migration Tool (ADMT) ClonePrincipal Netdom

Chapter 12: UPGRADING AND MIGRATING TO WINDOWS SERVER 2003 15

INTRAFOREST MIGRATION Does not include Windows NT 4.0 domains Windows 2000 or Windows Server 2003

domains only Objects are typically moved (destructive)

ADMT Movetree Netdom

Chapter 12: UPGRADING AND MIGRATING TO WINDOWS SERVER 2003 16

ACTIVE DIRECTORY MIGRATION TOOL (ADMT) ADMIGRATION.MSI

Windows Server 2003 CD-ROM in the i386\admt folder

Microsoft Web site Run from PDC emulator Source domain Windows NT 4.0 Service

Pack 4 (SP4) Target domain in Windows 2000 native

functional level

Chapter 12: UPGRADING AND MIGRATING TO WINDOWS SERVER 2003 17

PREPARING TO USE ADMT Source domain must trust the target domain Source Domain Admins must be

Administrators on destination domain Migrating SID History

Domain$$$ group Success and Failure auditing for user and

group management must be enabled on source domain

TcpipClientSupport key must be set to 1

Chapter 12: UPGRADING AND MIGRATING TO WINDOWS SERVER 2003 18

ADMT AND MIGRATING SID HISTORY

Chapter 12: UPGRADING AND MIGRATING TO WINDOWS SERVER 2003 19

PASSWORD OPTIONS AND MIGRATION ERRORS

Chapter 12: UPGRADING AND MIGRATING TO WINDOWS SERVER 2003 20

PASSWORD MIGRATION PROCEDURES

Chapter 12: UPGRADING AND MIGRATING TO WINDOWS SERVER 2003 21

MULTI-DOMAIN DOMAIN STRATEGY

Chapter 12: UPGRADING AND MIGRATING TO WINDOWS SERVER 2003 22

MULTI-DOMAIN STRATEGY STEPS Create a Windows Server 2003 empty forest

root domain. Modify the domain and forest function

levels. Create delegation entries in DNS, as

needed. Upgrade the Windows NT 4.0 PDC. Create delegation entries for BDCs and

upgrade them.

Chapter 12: UPGRADING AND MIGRATING TO WINDOWS SERVER 2003 23

MULTI-DOMAIN STRATEGY STEPS (continued) Raise domain functional level. Upgrade remaining domains using same

procedure. Raise forest functional level.

Chapter 12: UPGRADING AND MIGRATING TO WINDOWS SERVER 2003 24

PREPARING WINDOWS 2000 FOR THE UPGRADE Error message appears if you do not first

run Adprep before a Windows 2000 upgrade

Adprep /forestprep Adprep /domainprep

Chapter 12: UPGRADING AND MIGRATING TO WINDOWS SERVER 2003 25

UPGRADING TO WINDOWS SERVER 2003 Either Windows 2000 or Windows NT 4.0

operating systems Required user rights

Back up files and directories Modify firmware environment values Restore files and directories Shut down the system

Default Administrator and Administrators group should have all needed permissions

Chapter 12: UPGRADING AND MIGRATING TO WINDOWS SERVER 2003 26

WINDOWS 2000 TO WINDOWS SERVER 2003 Can be interforest or intraforest. Prerequisites for using ADMT.

Administrator rights are required on all objects to be migrated

Must also be a Domain Admins group member in both source and target domain

Source domain must trust the target domain As discussed earlier, there are additional

requirements for migrating passwords and SID History.

Chapter 12: UPGRADING AND MIGRATING TO WINDOWS SERVER 2003 27

SUMMARY Upgrade or migration decisions. Test and document before you begin. What functional level is required for migrations? What can you use to keep a Windows NT 4.0

domain replication in sync with a partially migrated network?

What are the extra requirements for migrating SID History?

How do you prepare a Windows 2000 forest/domain for upgrade?