http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=13380Microsoft Active Directory Topology Diagrammer

\http://technet.microsoft.com/en-us/library/cc751379.aspx

Visio step by Step

http://www.microsoft.com/download/en/details.aspx?id=7826

Microsoft Assessment and Planning Toolkit

************************************************** Audit and Assessment of Active Directory   *

Audit and Assessment of Windows Server  *

Audit and Assessment of Windows Workstations  

http://technet.microsoft.com/en-in/library/dd379558(en-us,WS.10).aspx

Migration plan and check list

http://chandoo.org/wp/2009/06/16/gantt-charts-project-management/

Gantt chart

http://technet.microsoft.com/en-us/library/mergers_acquisitions_active_directory_prune_and_graft_restructuring_support_limitations%28WS.10%29.aspx

http://technet.microsoft.com/en-us/library/cc974327(WS.10).aspx

Restructuring details limitations Checklist: Performing an Interforest Migration

http://social.technet.microsoft.com/Forums/en-US/winserverMigration/thread/dab33e51-25f4-476c-b173-7e65ee253373

migration from windows 2003 to windows 2008Checklist

In-place upgrading Windows Server 2003 and Windows Server 2003 R2 can both be upgraded in-place to Windows Server 2008, as long as you keep the following in mind: 

The Windows Server 2003 patchlevel should be at least Service Pack 1

You can't upgrade across architectures (x86, x64 & Itanium)

Standard Edition can be upgraded to both Standard and Enterprise Edition

Enterprise Edition can be upgraded to Enterprise Edition only

Datacenter Edition can be upgraded to Datacenter Edition only

This might be your preferred option when:

Your Active Directory Domain Controllers can still last three to five years (economically and technically)

You worked hard to get your Active Directory in the shape it's in.

Your servers are in tip-top shape. 

Transitioning Migrating this way means adding Windows Server 2008 Domain Controllers to your existing Active Directory environment. After successfully moving the Flexible Single Master Operations (FSMO) roles you can simply demote the previous Domain Controllers, remove them from the domain and throw them out of the window. Transitioning is possible for Active Directory environments which domain functional level is at least Windows 2000 Native.

 

I feel transitioning is the middle road between the two other ways to migrate to Windows Server 2008:

Restructuring means filling a new Active Directory from scratch

In-place upgrading means you're stuck with the same hardware and limited to certain upgrade paths

Transitioning means you get to keep your current Active Directory lay-out, contents, group policies and schema. Transitioning also means moving to new machines, which can be dimensioned to last another three to five years without trouble.

Transitioning is good when:

You worked hard to get your Active Directory in the shape it's in.

Your servers are faced with aging.

In-place upgrading leaves you with an undesired outcome (for instance 32bit DC's)

You need a chance to place your Active Directory files on different partitions/volumes.When done right your colleagues might not even suspect a thing! The downside is you need to know exactly what you're doing, because things can go wrong pretty fast. that's why I wrote this useful piece of information.   

Restructuring A third way to go from Windows Server 2003 Domain Controllers to Windows Server 2008 Domain Controllers is restructuring your Active Directory environment. This involves moving all your resources from one (Windows Server 2003) domain to a new and fresh (Windows Server 2008) domain. Tools like the Active Directory Migration Tool (ADMT) are priceless in these kind of migrations.

 

Restructuring is good when:

Your current Active Directory environment is a mess or is uncontrolable

You want to build a new Active Directory environment and import (pieces of) your existing Active Directory environment.

You need to merge (information from)(domains from) two Active Directory forests together

You need to split (information from)(domains from) two Active Directory forests

http://www.microsoft.com/windowsserver2008/en/us/why-upgrade-2003.aspx

Active Directory Planning Worksheets

taken with permission from Active Directory Planning and Design by Harry Brelsford Table 1: Business Needs Analysis (Q and A)Table 2: Business Requirements AnalysisTable 3: Project PlanTable 4: Active Directory Design and Planning TeamTable 5: Technical Requirements AnalysisTable 6: Security Requirements PlanningTable 7: Windows 2000 Server Network Infrastructure PlanningTable 8: Active Directory Design and PlanningTable 9: Windows NT 4.0 to Windows 2000 Migration Planning Table 1: Business Needs Analysis (Q and A)Question AnswerHave you clearly defined the nature of the organization’s business?

 

Has the organization developed a clear sense of direction or mission?

 

Does the organization have a clear philosophy for conducting its business affairs?

 

Are the organization’s business goals attainable?

 

Are the organization’s objectives logically related in a hierarchy that will lead to goal achievement?

 

Does the organization periodically reevaluate its objectives to be sure they have not grown obsolete?

 

Has the organization developed a logical and planned approach for collecting data on its internal and external environment?

 

Are data stored of filed in ways that allow easy retrieval of useful information?

 

Are reports produced that are seldom or never used?

 

Does the organization periodically review its information system to make certain it is useful and up-to-date?

 

List four or five key strengths of the organization.

 

What are key weaknesses in the organization?

 

In developing the organization’s final strategy, did it consider three or four possible alternatives?

 

Table 1: Business Needs Analysis (Q and A)Question AnswerAre employees involved in making planning decisions?

 

Did management take time to communicate the final strategic plan to employees and deal with their concerns?

 

Is the timetable for implementation of the strategic plan realistic?

 

Have definite checkpoints been schedules for assessing progress toward goals?

 

Has the organization developed effective ways of measuring progress?

 

 

 Table 2: Business Requirements AnalysisAnalysis Item Sub-Analysis Item CompletedAnalyze the existing and planned business models

   

  Analyze the company model and the geographical scope. Models include regional, national, international, subsidiary, and branch offices.

 

  Analyze company processes. Processes include information flow, communication flow, service and product life cycles, and decision-making.

 

Analyze the existing and planned organizational structures. Considerations include management model: company organization: vendor, partner, and customer relationships; and acquisition plans.

   

Analyze factors that influence company strategies.

   

  Identify company priorities.    Identify the projected

growth and growth strategy. 

  Identify relevant laws and regulations.

 

  Identify the company’s tolerance for risk.

 

  Identify the total cost of operations

 

Analyze the structure of IT management. Considerations include type of administration, such as centralized or decentralized; funding model; outsourcing; decision-making process; and change-management

   

Table 2: Business Requirements AnalysisAnalysis Item Sub-Analysis Item Completedprocess.Analyze business and security requirements for the end user.

   

Analyze the current physical model and information security model.

   

  Analyze internal and external security risks.

 

Other    Other    Other    

 

 Table 3: Project PlanPhase Tasks Duration / Assigned

Resources / CommentsA. AD Design Creation      A.1. Namespace (DNS)

Selection 

  A.2. Namespace Design    A.3. Domain Tree/Forest

Architectural Development 

  A.4. AD Domain Naming Conventions

 

  A.5. DNS Design    A.6. DNS Interoperability

Issues 

  A.7. DNS Zones and Administrative Model Development

 

  A.8 OU Development and Design

 

  A.9. Group and User Design

 

  A.10. Security Design and Development

 

  A.11. Delegation of Authority Design

 

  A.12. AD/Windows 2000 Capacity Planning

 

  A.13. Design of Group Policies

 

B Test Lab (Proof of Concept)

   

  B.1. Testing Server Functionality

 

  B.2. Core Service Testing (DNS, DHCP, WINS)

 

  B.3. Server Interoperability and Coexistence Testing

 

  B.4. Server Migration Testing

 

  B.5. Desktop Testing (Operating System, Applications)

 

  B.6. Network Infrastructure    B.7. Hardware

Infrastructure 

Table 3: Project PlanPhase Tasks Duration / Assigned

Resources / CommentsC. Production Pilot      C.1. Launch Pilot Phase    C.2. Pilot Planning Tasks    C.3. Pilot Feedback  D. Rollout      D.1. Develop

Implementation Plan 

  D.2. Perform Work    D.3. Troubleshooting    D.4. Feedback  Other    Other    Other    

 

 Table 4: Active Directory Design and Planning TeamTeam Member Role Comments  Enterprise or AD Architect    Corporate Standards

Implementation Lead 

  Deployment Site Lead    Deployment Team Lead    Help Desk Lead    Networking Lead    Services/Product/

Technology Lead 

  Developer Lead    End User Lead    Senior

Management/Executive Representative

 

  Line Manager(s)    Other    Other    Other  

 

 Table 5: Technical Requirements AnalysisAnalysis Item Sub-Analysis Item CompletedEvaluate the company’s existing and planned technical environment and goals

   

  Analyze company size and user and resource distribution

 

  Assess the available connectivity between the geographic location of worksites and remote sites

 

  Assess the net available bandwidth and latency issues

 

  Analyze performance, availability, and scalability requirements of services

 

  Analyze the method of accessing data and systems

 

  Analyze network roles and responsibilities. Roles include administrative, user, service, resource ownership, and application.

 

  Analyze security considerations

 

Analyze the impact of Active Directory on the existing and planned technical environment

   

  Assess existing systems and applications

 

  Identify existing and planned upgrades and rollouts

 

  Analyze technical support structure

 

  Analyze existing and planned network and system management

 

Analyze the business requirements for client computer desktop

   

Table 5: Technical Requirements AnalysisAnalysis Item Sub-Analysis Item Completedmanagement  Analyze end-user work

needs 

  Identify technical support needs for end-users

 

Establish the required client computer environment standards

   

Analyze the existing disaster recovery strategy for client computers, servers, and the network

   

Analyze the impact of infrastructure design on the existing and planned technical environment

   

  Assess current applications    Analyze network

infrastructure, protocols, and hosts

 

  Evaluate network services    Analyze TCP/IP

infrastructure 

  Assess current hardware    Identify existing and

planned upgrades and rollouts

 

  Analyze technical support structure

 

  Analyze existing and planned network and systems management

 

Other    Other    Other    

 

 Table 6: Security Requirements PlanningAnalysis Item Sub-Analysis Item CompleteDesign a security baseline for a Windows 2000 network that includes domain controller, operations masters, application servers, file and print servers, RAS servers, desktop computers, portable computers, and kiosks

   

Identify the required level of security for each resource. Resources include printers, files, shares, Internet access, and dial-in access

   

Design an audit policy    Design a delegation of authority policy

   

Design the placement and inheritance of security policies for sites, domains, and organizational units

   

Design an Encrypting File System strategy

   

Design an authentication strategy

   

  Select authentication methods. Methods include certificate-base authentication, Kerberos authentication, clear-text passwords, digest authentication, smart cards, NTMLM, RADIUS, and SSL.

 

  Design an authentication strategy for integration with other systems

 

Design a security group strategy

   

Design a Public Key Infrastructure

   

  Design Certificate  

Table 6: Security Requirements PlanningAnalysis Item Sub-Analysis Item Complete

Authority (CA) hierarchies  Identify certificate server

roles 

  Certificate management plan

 

  Integrate with third-party CAs

 

  Map certificates  Design Windows 2000 network services security

   

  Design Windows 2000 DNS security

 

  Design Windows 2000 Remote Installation Services (RIS) security

 

  Design Windows 2000 SNMP security

 

  Design Windows 2000 Terminal Services security

 

Provide secure access to public networks from a private network

   

Provide external users with secure access to private network resources

   

Provide secure access between private networks

   

  Provide secure access within a LAN

 

  Provide secure access within a WAN

 

  Provide secure access across a public network

 

Design Windows 2000 security for remote access users

   

Design a Server-Messaging Block (SMB)-signing solution

   

Design an IPSec solution      Design an IPSec encryption

scheme 

  Design an IPSec management strategy

 

Table 6: Security Requirements PlanningAnalysis Item Sub-Analysis Item Complete  Design negotiation policies    Design security policies    Design IP filters    Design security levels  Other    Other    Other    

 

 Table 7: Windows 2000 Server Network Infrastructure PlanningAnalysis Item Sub-Analysis Item CompletedModify and design a network topology

   

Design network services that support application architecture

   

Design a resource strategy      Plan for the placement and

management of resources 

  Plan for growth    Plan for decentralized or

centralized resources 

Design a TCP/IP networking strategy

   

  Analyze IP subnet requirements

 

  Design a TCP/IP addressing and implementation plan

 

  Measure and optimize a TCP/IP infrastructure design

 

  Integrate software routing into existing networs

 

  Integrate TCP/IP with existing WAN requirements

 

Design a plan for the interaction of Windows 2000 network services such as WINS, DHCP, and DNS

   

Design a DHCP strategy      Integrate DHCP into a

routed environment 

  Integrate DHCP with Windows 2000

 

  Design a DHCP service for remote locations

 

  Measure and optimize a DHCP infrastructure design

 

Design name resolution services

   

  Create an integrated DNS design

 

  Create a secure DNS design    Create a highly available  

Table 7: Windows 2000 Server Network Infrastructure PlanningAnalysis Item Sub-Analysis Item Completed

DNS design  Measure and optimize a

DNS infrastructure design 

  Design a DNS deployment strategy

 

  Create a WINS design    Create a secure WINS

design 

  Measure and optimize a WINS infrastructure design

 

  Design a WINS deployment strategy

 

Design a multi-protocol strategy. Protocols include IPX/SPX and SNA

   

Design a Distributed file system (Dfs) strategy

   

  Design the placement of a Dfs root

 

  Design a Dfs root replica strategy

 

Designing for Internet Connectivity

   

  Design an Internet and extranet access solution. Components of the solution could include proxy server, firewall, routing and remote access, Network Address Translation (NAT, connection sharing, Web server, or mail server

 

  Design a load-balancing strategy

 

Design an implementation strategy for dial-up remote access

   

  Design a remote access solution that uses Routing and Remote Access

 

  Integrate authentication with Remote Authentication Dial-In User Service (RADIUS)

 

Table 7: Windows 2000 Server Network Infrastructure PlanningAnalysis Item Sub-Analysis Item CompletedDesign a virtual private network (VPN) strategy

   

Design a Routing and Remote Access routing solution to connect locations

   

  Design a demand-dial routing strategy

 

Other    Other    Other    

 

 Table 8: Active Directory Design and PlanningAnalysis Item Sub-Analysis Item CompletedDesign an Active Directory forest and domain structure

   

  Design a forest and schema structure

 

  Design a domain structure    Analyze and optimize trust

relationships 

Design an Active Directory naming strategy

   

  Establish the scope of the Active Directory

 

  Design the namespace    Plan DNS strategy  Design and plan the structure of organizational units (OU). Considerations include administration control, existing resource domains, administrative policy, and geographic and company structure.

   

  Develop an OU delegation plan

 

  Plan Group Policy Object management

 

  Plan policy management for client computers

 

Plan for the coexistence of Active Directory and other directory services

   

Design an Active Directory site topology

   

  Design a replication strategy

 

  Define site boundaries  Design a schema modification policy

   

Design an Active Directory implementation plan

   

Design the placement of operations masters

   

  Considerations include performance, fault

 

Table 8: Active Directory Design and PlanningAnalysis Item Sub-Analysis Item Completed

tolerance, functionality, and manageability

Design the placement of Global Catalog Servers

   

  Considerations include performance, fault tolerance, functionality, and manageability

 

Design the placement of domain controllers

   

  Considerations include performance, fault tolerance, functionality, and manageability

 

Design the placement of DNS servers

   

  Considerations include performance, fault tolerance, functionality, and manageability

 

  Plan for interoperability with the existing DNS

 

Other    Other    Other    

 

 Table 9: Windows NT 4.0 to Windows 2000 Migration PlanningAnalysis Item Sub-Analysis Item CompletedChoose the type of migration. Types include upgrade, restructure Windows NT to Windows 2000, restructure Windows 2000 to Windows 2000, upgrade and restructure, inter-forest restructure, and intra-forest restructure

   

Plan the domain restructure      Select the domain to be

restructured and decide on the proper order for restructuring them. Decide when incremental migrations are appropriate

 

  Implement organizational units (OUs)

 

Select the appropriate tools for implementing the migration from Windows NT to Windows 2000. Tools include Active Directory Migration Tool (ADMT); ClonePrincipal and NETDOM (for inter-forest type), and Move Tree and NETDOM (for intra-forest type)

   

Perform pre-migration tasks      Develop a testing strategy

for upgrading and implementing a pilot migration

 

  Prepare the environment for upgrade. Considerations include readiness remediation

 

Plan to install or upgrade DNS

   

Plan the upgrade for hardware, software, and infrastructure

   

  Assess current hardware    Assess and evaluate

security implications. Considerations include physical security, delegating control to groups, and evaluating post-migration security risks

 

  Assess and evaluate application compatibility. Considerations include Web Server, Microsoft Exchange, and line of business (LOB) applications.

 

  Assess the implications of an upgrade for network services. Considerations include RAS, networking protocols, DHCP, LAN Manager Replication, WINS, NetBIOS, and third-party DNS.

 

  Assess security implications. Considerations include physical security, certificate services, SID history, and evaluating post-migration security risks

 

Identify upgrade paths. Considerations include O/S version and service packs

   

Develop a recovery plan. Considerations include Security Account Manger, WINS, DHCP, and DNS

   

Upgrade the PDC, the BDCs, the application servers, and the RAS servers

   

Implement system policies as Group Policies

   

Implement replication bridges as necessary

   

Decide when to switch to    

native modeIf necessary, develop a procedure for restructuring. Create a Windows 2000 target domain, if necessary

   

  Create trusts as necessary    Create OUs    Create sites    Reapply account policies

and user rights in the Windows 2000 Group Policy

 

Plan for migration      Migrate groups and users    Migrate local groups and

computer accounts 

Verify the functionality of Exchange. Considerations include service accounts and mailboxes

   

  Map mailboxes  Test the deployment    Implement disaster recovery plans

   

  Have a plan to restore to a pre-migration environment

 

Perform post-migration tasks

   

  Redefine DACLS    Back up source domains    Decommission source

domains and redeploy domain controllers

 

Other    Other    Other    

                       

http://allcomputers.us/windows_server/migrating-from-windows-server-20032008-to-windows-server-2008-r2---beginning-the-migration-process.aspx

Any migration procedure should define the reasons for migration, steps involved, fallback precautions, and other important factors that can influence the migration process. After finalizing these items, the migration can begin.

Identifying Migration Objectives

Two underlying philosophies influence technology upgrades, each philosophy working against the other. The first is the expression “If it ain’t broke, don’t fix it.” Obviously, if an organization has a functional, easy-to-use, and well-designed Windows Server 2003/2008 infrastructure, popping in that Windows Server 2008 R2 DVD and upgrading might not be so appealing. The second philosophy is something along the lines of “Those who fail to upgrade their technologies perish.” Eventually, all technologies become outdated and unsupported.

Choosing a pragmatic middle ground between these two philosophies effectively depends on the factors that drive an organization to upgrade. If the organization has critical business needs that can be satisfied by an upgrade, such an upgrade might be a good idea. If, however, no critical need exists, it might be wise to wait until the next iteration of Windows or a future service pack for Windows Server 2008 R2.

Establishing Migration Project Phases

After the decision is made to upgrade, a detailed plan of the resources, timeline, scope, and objectives of the project should be outlined. Part of any migration plan requires establishing either an ad-hoc project plan or a professionally drawn-up project plan. The migration plan assists the project managers of the migration project to accomplish the planned objectives in a timely manner with the correct application of resources.

The following is a condensed description of the standard phases for a migration project:

Discovery— The first portion of a design project should be a discovery, or fact-finding, portion. This section focuses on the analysis of the current environment and documentation of the analysis results. Current network diagrams, server locations, wide area network (WAN) throughputs, server application dependencies, and all other networking components should be detailed as part of the Discovery phase.

Design— The Design portion of a project is straightforward. All key components of the actual migration plan should be documented, and key data from the Discovery phase should be used to draw up design and migration documents. The project plan itself would normally be drafted during this phase. Because Windows Server 2008 R2 Active Directory is not dramatically different from Windows Server 2003 or 2008, significant reengineering of an existing Active Directory environment is not necessary. However, other issues such as server placement, new feature utilization, and changes in AD DS replication models should be outlined.

Prototype— The Prototype phase of a project involves the essential lab work to test the design assumptions made during the Design phase. The ideal prototype would involve a mock production environment that is migrated from Windows Server 2003/2008 to Windows Server 2008 R2. For Active Directory, this means creating a production domain controller (DC) and then isolating it in the lab and seizing the Flexible Single Master Operations (FSMO) roles with a server in the lab. The Active Directory migration can then be performed without affecting the production environment. Step-by-step procedures for the migration can also be outlined and produced as deliverables for this phase.

Pilot— The Pilot phase, or Proof-of-Concept phase, involves a production “test” of the migration steps, on a limited scale. For example, a noncritical server could be upgraded to Windows Server 2008 R2 in advance of the migration of all other critical network servers.

In a slow, phased migration, the Pilot phase would essentially transition into Implementation, as upgrades are performed slowly, one by one.

Implementation— The Implementation portion of the project is the full-blown migration of network functionality or upgrades to the operating system. As previously mentioned, this process can be performed quickly or slowly over time, depending on an organization’s needs. It is, subsequently, important to make the timeline decisions in the Design phase and incorporate them into the project plan.

Training and support— Learning the ins and outs of the new functionality that Windows Server 2008 R2 can bring to an environment is essential in realizing the increased productivity and reduced administration that the OS can bring to the environment. Consequently, it is important to include a Training portion into a migration project so that the design objectives can be fully realized.

Comparing the In-Place Upgrade Versus New Hardware Migration Methods

Due to the changes in Windows Server 2008 R2, the in-place upgrade path is limited to servers using the 64-bit version of Windows Server 2003 and Windows Server 2008. Depending on the type of hardware currently in use in a Windows Server 2003/2008 network, this type of migration strategy might be an option. Often, however, it is more appealing to simply introduce newer systems into an existing environment and retire the current servers from production. This technique normally has less impact on current environments and can also support fallback more easily.

Note

Because Windows Server 2008 R2 is a 64-bit only operating system, upgrades from 32-bit versions of older operating systems are not supported. Upgrades from Windows 2000 Server are also not supported.

Determining which migration strategy to use depends on one additional factor: the condition of the current hardware environment. If Windows Server 2003/2008 is taxing the limitations of the hardware in use, it might be preferable to introduce new servers into an environment and simply retire the old Windows Server 2003/2008 servers. This is particularly true if the existing servers are veterans of previous upgrades, maybe transitioning from Windows 2000 Server to Windows Server 2003 to Windows Server 2008. If, however, the hardware in use for Windows Server 2003/2008 is newer and more robust, and could conceivably last for another two to three years, it might be easier to simply perform in-place upgrades of the systems in an environment.

In most cases, organizations take a hybrid approach to migration. Older hardware, 32-bit systems, or Windows Server 2003 domain controllers are replaced by new hardware running Windows Server 2008 R2. Newer Windows Server 2008 64-bit systems are instead upgraded in place to Windows Server 2008 R2. Consequently, auditing all systems to be migrated and determining which ones will be upgraded and which ones will be retired are important steps in the migration process.

Identifying Migration Strategies: “Big Bang” Versus Phased Coexistence

As with most technology implementations, there are essentially two approaches in regard to deployment: a quick “Big Bang” approach or a slower phased coexistence approach. The Big Bang option involves the entire Windows Server 2003/2008 infrastructure being quickly replaced, often over the course of a weekend, with the new Windows Server 2008 R2 environment; whereas the phased approach involves a slow, server-by-server replacement of Windows Server 2003/2008.

Each approach has its particular advantages and disadvantages, and key factors to Windows Server 2008 R2 should be taken into account before a decision is made. Few Windows Server 2008 R2 components require a redesign of current Windows Server 2003/2008 design elements. Because the arguments for the Big Bang approach largely revolve around not maintaining two conflicting systems for long periods of time, the similarities between Windows Server 2003/2008 and Windows Server 2008 R2 make many of these arguments moot. Windows Server 2008 R2 domain controllers can easily coexist with Windows Server 2003/2008 domain controllers. With this point in mind, it is more likely that most organizations will choose to ease into Windows Server 2008 R2, opting for the phased coexistence approach to the upgrade. Because Windows Server 2008 R2 readily fits into a Windows Server 2003/2008 environment, and vice versa, this option is easily supported.

Exploring Migration Options

As previously mentioned, the Windows Server 2008 R2 and Windows Server 2003/2008 Active Directory domain controllers coexist together very well. The added advantage to this fact is that there is greater flexibility for different migration options. Unlike migrations from NT 4.0 or non-Microsoft environments such as Novell NDS/eDirectory, the migration path between these two systems is not rigid, and different approaches can be used successfully to achieve the final objectives desired.

In this article, three Windows Server 2008 R2 migration scenarios are explored:

Big Bang migration— This scenario upgrades all domain controllers in a short span of time. This is typically suitable only for single domain and small organizations.

Phased migration— This scenario takes a phased coexistence approach and upgrades the domain controllers in phases over an extended period of time. During this time, there is coexistence between the existing versions of Active Directory and the new Windows Server 2008 R2 Active Directory Domain Services. This is typically the approach used when there are multiple domains or for large organizations.

Multiple domain consolidation migration— A variation on the phased upgrade, the multiple domain consolidation migrates the existing domains to a new Windows Server 2008 R2 Active Directory domain. This is the typical approach when there are problems with the existing domains, too many domains, or when merging organizations.

http://social.technet.microsoft.com/Forums/en/winserverMigration/thread/5b0319a2-e901-4763-8b46-4350cb2ad75d

Blog for AD migration from 2k3 to 2k8

http://msmvps.com/blogs/mweber/archive/2010/02/10/upgrading-an-active-directory-domain-from-windows-server-2003-to-windows-server-2008-or-windows-server-2008-r2.aspx

http://support.microsoft.com/kb/816043/en-us

Domain Controller time article

http://technet.microsoft.com/en-us/events/ee335985.aspx

Demos and articles migrating AD domains

http://social.technet.microsoft.com/forums/en-US/winserverMigration/threads

Migration forums

http://www.sivarajan.com/admt.html

Migration expert

http://searchwindowsserver.techtarget.com/answer/Active-Directory-migration-planning-checklist

Migration check list

You will have to cover at least the following: Collect diagrams configuration of current DNS Collect diagrams and configuration of current network structure -- include bandwidth, remote locations and stability Collect listings of all servers and their criticality Collect listing of workstations that will be affected Understand how all of the servers and workstations interrelate

Collect information on the security policies or the requirements if you have to create a security policy Determine the type of migration (post restructure, pre-restructure, pristine build or upgrade) Determine the rights, objects and policies that will need to be migrated. Determine the fall back procedures in case of failure This involved procedures for servers, backups, secondary systems, etc.Then you start the development the plans:

User education and notification plan (this gets missed so often) IT training plan DNS structure and implementation plan (must be completed first) AD installation and implementation/migration plan Must include fallback plan Must have interim operations plans (how to support) Must have interim functionality plan (how replication, WINS, DNS and logins will be working) Installation of AD Installation/upgrade of servers Trusts required and how to install Sites that will be installed Hardware requiredHere is the post-AD installation planning:

Must include cleanup of old accounts, groups, ACLS, etc. Retirement of old systems Retirement of old domains Move to NATIVE mode Upgrading other servers (applications, Web systems, etc.) Support plan for the migration and post migrationHere is the group policy planning:

Development of group policy for user accounts, passwords, security GP for event logs, desktops, etc. Who has access to modify group policyHere is the operations planning:

Who will be administrating the AD and each piece of the AD Help desk functions IT server administration functions

Well, that is my quick list. There is more of course, and the list is a little dynamic based on the type of migration that occurs.