making the move to windows server 2003 in the enterprise doing more with less peter j. meister...
Post on 19-Dec-2015
219 Views
Preview:
TRANSCRIPT
Making the move to Windows Making the move to Windows Server 2003 in the Enterprise Server 2003 in the Enterprise Doing More with Less Doing More with Less
Peter J. MeisterPeter J. MeisterProduct Manager Product Manager Windows Server Product ManagementWindows Server Product ManagementMicrosoft CorporationMicrosoft Corporation
AgendaAgenda
Migration StrategyMigration Strategy
Preparing to MigratePreparing to Migrate
Choose a Migration PathChoose a Migration Path
Upgrade MigrationUpgrade Migration
Restructure MigrationRestructure Migration
Upgrade and Restructure MigrationUpgrade and Restructure Migration
Migration StrategyMigration Strategy
Migrate by rolesMigrate by rolesDivide migration into manageable chunksDivide migration into manageable chunks
Do high-return migrations firstDo high-return migrations first
Priority = (Value of migration) x Priority = (Value of migration) x (number of servers)(number of servers)
HighHigh LowLow
HighHigh Priority 1Priority 1 Priority 3Priority 3
LowLow Priority 2Priority 2 Priority 4Priority 4
Num
ber of servers
Value
Value by RoleValue by Role
Different for each organizationDifferent for each organization
What are What are youryour priorities? priorities?Reduce capital costReduce capital cost
Reduce labor costReduce labor cost
Reduce space/labor requirementsReduce space/labor requirements
Increase reliabilityIncrease reliability
Deploy new applicationsDeploy new applications
High-value upgrades:High-value upgrades:Application serversApplication servers
Domain controllersDomain controllers
File serversFile servers
Upgrade by Role ExamplesUpgrade by Role Examples
Example: Major U.S. bankExample: Major U.S. bankServer role: Application serversServer role: Application servers
Server count: 200Server count: 200Key innovation: applications can be consolidated; reliabilityKey innovation: applications can be consolidated; reliabilityBusiness value: space and power savings; lower capital cost; Business value: space and power savings; lower capital cost; higher availabilityhigher availability
Example: GE Medical SystemsExample: GE Medical SystemsServer role: Domain controllersServer role: Domain controllers
Server count: 70Server count: 70Key innovation: Active Directory scalability, central Key innovation: Active Directory scalability, central management (GPMC)management (GPMC)Business value: lower management cost (no need to maintain Business value: lower management cost (no need to maintain trust relationships; Exchange integration); higher reliabilitytrust relationships; Exchange integration); higher reliability
Example: Microsoft IT GroupExample: Microsoft IT GroupServer role: Print serversServer role: Print servers
Server count: 16Server count: 16Key innovation: performanceKey innovation: performanceBusiness value: lower capital cost, lower management costBusiness value: lower capital cost, lower management cost
Preparing to MigratePreparing to Migrate
Identify The Current Identify The Current EnvironmentEnvironment
IdentifyIdentifyCurrent domain modelCurrent domain model
Existing trust relationshipsExisting trust relationships
Number and location of domain Number and location of domain controllerscontrollers
User, group, and computer accountsUser, group, and computer accounts
How user profiles are managedHow user profiles are managed
Domain administrationDomain administration
Security standards and proceduresSecurity standards and procedures
Migration TerminologyMigration Terminology
Domain MigrationDomain Migration – Moving user, group, and computer accounts from a – Moving user, group, and computer accounts from a Windows NT 4.0 domain to a Windows Server 2003 domainWindows NT 4.0 domain to a Windows Server 2003 domain
Source DomainSource Domain – The domain from which user principals are – The domain from which user principals are being migratedbeing migrated
Target DomainTarget Domain – The domain into which security principals are – The domain into which security principals are being migratedbeing migrated
Account DomainAccount Domain – A Windows NT 4.0 domain containing user and – A Windows NT 4.0 domain containing user and group accountsgroup accounts
Resource DomainResource Domain – A Windows NT 4.0 domain hosting file, print, and – A Windows NT 4.0 domain hosting file, print, and other services and contain computer and group accountsother services and contain computer and group accounts
Consolidate DomainsConsolidate Domains – Restructure a larger number of domains into a – Restructure a larger number of domains into a lesser numberlesser number
Functional LevelsFunctional Levels – Provide backward compatibility for different – Provide backward compatibility for different Windows operating systems using Active DirectoryWindows operating systems using Active Directory
CloneClone – Create new accounts in the target domain that mirror accounts – Create new accounts in the target domain that mirror accounts in the source domainin the source domain
SID-HistorySID-History – An attribute of Active Directory security principals that – An attribute of Active Directory security principals that stores the former SIDs of moved objectsstores the former SIDs of moved objects
Choose a Migration PathChoose a Migration Path
Determine A Migration PathDetermine A Migration Path
Evaluate Evaluate upgrade upgrade
decisionsdecisions
Evaluate Evaluate restructure restructure decisionsdecisions
Evaluate Evaluate upgrade upgrade
and and restructure restructure decisionsdecisions
Possible Possible domain domain
migration pathsmigration paths
Domain Domain UpgradeUpgrade
Domain Domain RestructureRestructure
Upgrade and Upgrade and RestructureRestructure
Reasons To Choose A PathReasons To Choose A Path
UpgradeUpgradeSimilar domain structures suitable to the needs of Similar domain structures suitable to the needs of the organizationthe organization
Offers lowest risk/shortest time/fewest Offers lowest risk/shortest time/fewest resources/no new serversresources/no new servers
RestructureRestructureExisting structure does not meet needsExisting structure does not meet needs
Organization cannot tolerate downtimeOrganization cannot tolerate downtime
Need optimum domain structureNeed optimum domain structure
Upgrade and RestructureUpgrade and RestructureSimilar domain structuresSimilar domain structures
Implement AD features as soon as possibleImplement AD features as soon as possible
NT4.0 File and Print NT4.0 File and Print Server Consolidation Server Consolidation
NameNameGroupGroupMicrosoft CorporationMicrosoft Corporation
Demo Scenario: Trey Demo Scenario: Trey ResearchResearch
ScenarioScenarioTrey Research has too many File and Print Trey Research has too many File and Print servers in their Windows NT 4.0 domainservers in their Windows NT 4.0 domain
Using DFS to enable pilot migration and Using DFS to enable pilot migration and consolidation of their Atlanta officeconsolidation of their Atlanta office
ObjectivesObjectivesReduce administration costsReduce administration costs
Migrate NT 4 servers without impacting Migrate NT 4 servers without impacting end-user productivityend-user productivity
Improve overall user productivity.Improve overall user productivity.
Mitch
1
DFS links to other servers on the network that store the files…
Productive Consolidation at Trey Research, using DFS
2
Mitch uses DFS to easily browse to and find Trey.doc. He
then happily goes to editing.
3
Once migration is complete, the NT servers are decommissioned—and DFS redirects Mitch to Windows Server 2003!
NT 4.0 servers Windows Server 2003
The NT servers are migrated & consolidated to 2003.
4
And Mitch never stopped working!
Before and after Consolidation Before and after Consolidation at Trey Researchat Trey Research
Windows XP Client (XPCLIENT)
Shared Printers (3)
NT4Member01 NT4Member02
Ethernet
File Shares
Shared Printers (3)
File Shares
NT4PDC
...03
...05...04
Windows XP Client (XPCLIENT)
All Shared Printers
NT4Member01
NT4Member02
Ethernet
All File Shares
NT4PDC
WindowsServer Cluster
...03
...04
...05
NT 4.0 net before NT 4.0 net before ConsolidationConsolidation
After Consolidating to After Consolidating to Windows Server 2003Windows Server 2003
Upgrade MigrationUpgrade Migration
Clean Up The SAM DatabaseClean Up The SAM Database
DeleteDeleteDuplicate user accountsDuplicate user accounts
Unused user, group or computer accountsUnused user, group or computer accounts
Group accounts for resources that do not existGroup accounts for resources that do not exist
DisableDisableFor accounts not needed in the near termFor accounts not needed in the near term
To retain rights, permissions, and group To retain rights, permissions, and group membershipsmemberships
For accounts that own important network For accounts that own important network resourcesresources
Consolidate accounts that do the same thingConsolidate accounts that do the same thing
Clean Up The SAM Clean Up The SAM DatabaseDatabase
NameNameGroupGroupMicrosoft Microsoft
The Order Of UpgradeThe Order Of Upgrade
Upgrade account domains firstUpgrade account domains firstUpgrade an existing account domain to Upgrade an existing account domain to the forest rootthe forest root
-or--or-
Create a forest rootCreate a forest root
Upgrade account domains to form child Upgrade account domains to form child domains in Active Directorydomains in Active Directory
Upgrade resource domainsUpgrade resource domains
Upgrade Account DomainsUpgrade Account Domains
Domains to which you have the easiest Domains to which you have the easiest physical accessphysical access
Domains that will contain objects from Domains that will contain objects from domains restructured early in the domains restructured early in the processprocess
Always balance the risk/benefit of Always balance the risk/benefit of upgrading a domainupgrading a domain
Upgrade Resource DomainsUpgrade Resource Domains
Domains that contain applications Domains that contain applications requiring features of requiring features of Windows Server 2003Windows Server 2003
Domains that will contain objects from Domains that will contain objects from domains restructured early in domains restructured early in the processthe process
Domains with many client accountsDomains with many client accounts
Upgrade Domain ControllersUpgrade Domain Controllers
Upgrade the PDC firstUpgrade the PDC first
Upgrade BDCsUpgrade BDCs-or--or-
Decommission BDCs and install Decommission BDCs and install Windows Server 2003 DCsWindows Server 2003 DCs
Upgrade a BDC first if the PDC does Upgrade a BDC first if the PDC does not meet installation requirementsnot meet installation requirements
What Happens During A What Happens During A PDC UpgradePDC Upgrade
DNS is configured for Active DirectoryDNS is configured for Active Directory
The domain function level is set to The domain function level is set to Windows 2000 mixedWindows 2000 mixed
The forest functional level is set to The forest functional level is set to Windows 2000Windows 2000
The upgraded PDC holds the PDC The upgraded PDC holds the PDC Emulator operations master roleEmulator operations master role
Upgrading The PDCUpgrading The PDC
NameNameGroupGroupMicrosoftMicrosoft
Domain Upgrades Effect TrustsDomain Upgrades Effect Trusts
Windows NT 4.0 Windows NT 4.0 DomainsDomains
ACCT1ACCT1 ACCT2ACCT2
RES1RES1
UpgradeUpgrade
Windows Server 2003 Windows Server 2003 DomainsDomains
Forest rootForest root
ACCT1ACCT1 ACCT2ACCT2
RES1RES1
TransitiveTransitiveTrustTrust
TransitiveTransitiveTrustTrust
TransitiveTransitiveTrustTrust
Ensure Reliable DNSEnsure Reliable DNS
Upgrade DNSUpgrade DNSUpgrade the serverUpgrade the server
Install a new server with Install a new server with Windows Server 2003 DNSWindows Server 2003 DNS
Update non-Microsoft DNS serversUpdate non-Microsoft DNS servers
Minimize the impact of DNS upgradeMinimize the impact of DNS upgradeUse only native tools to manage DNSUse only native tools to manage DNS
Define master servers for DNSDefine master servers for DNS
Restructure MigrationRestructure Migration
Benefits Of Using The Active Benefits Of Using The Active Directory Migration ToolDirectory Migration Tool
Why use ADMT?Why use ADMT?
Analyzes the migration impact Analyzes the migration impact both before and after the actual both before and after the actual migration process migration process
Tests Tests migration scenarios migration scenarios before you perform the before you perform the migrationmigration
Supports migration within a Supports migration within a forest and between forestsforest and between forests
Provides wizards to support the Provides wizards to support the most common migration tasksmost common migration tasks
Migration tasks supported by ADMTMigration tasks supported by ADMT
Migrating user, group, and Migrating user, group, and computer accounts between computer accounts between domainsdomains
Performing security translation Performing security translation on local groups, user profiles, on local groups, user profiles, and file and print resourcesand file and print resources
Populating the SID-History Populating the SID-History attribute with migrated security attribute with migrated security principalsprincipals
Translating security on Translating security on computerscomputers
Resolving the related file, Resolving the related file, directory, and share directory, and share security issuessecurity issues
ADMT User Migration OptionsADMT User Migration OptionsOptionOption PurposePurpose
Translate roaming profilesTranslate roaming profiles Copies roaming profiles from the source domainCopies roaming profiles from the source domainto the target domain for the selected user accounts to the target domain for the selected user accounts
Update user rights Update user rights Sets the user rights assigned to the new user Sets the user rights assigned to the new user account in the target domain to be the same as the account in the target domain to be the same as the user rights of the original user accountuser rights of the original user account
Migrate associated user groups Migrate associated user groups Migrates the user’s group at the same time as theMigrates the user’s group at the same time as theuser accountuser account
Update previously migrated Update previously migrated objects objects
Updates the groups of which the migrated userUpdates the groups of which the migrated useraccounts are members accounts are members
Do not rename accounts Do not rename accounts Tries to assign the migrated account the sameTries to assign the migrated account the samename as the account in the source domain name as the account in the source domain
Rename with prefix Rename with prefix Adds the specified prefix to the name of eachAdds the specified prefix to the name of eachmigrated account in the target domain migrated account in the target domain
Rename with suffix Rename with suffix Adds the specified suffix to the name of each Adds the specified suffix to the name of each migrated account in the target domain migrated account in the target domain
ADMT Password MigrationADMT Password Migration
OptionOption PurposePurpose
Complex passwords Complex passwords Automatically generates a complex passwordAutomatically generates a complex passwordfor each migrated user account for each migrated user account
Same as user name Same as user name Sets the password for each copied user accountSets the password for each copied user accountto the first 14 characters of the user account name to the first 14 characters of the user account name
Migrate passwords Migrate passwords Maintains the user password during the account Maintains the user password during the account migration migration
You can use Password Encryption Service to migrate You can use Password Encryption Service to migrate passwords by using the User Account Migration Wizardpasswords by using the User Account Migration Wizard
It is not possible for any password filter to verify the password’s complexity It is not possible for any password filter to verify the password’s complexity or length because only a hash of the password exists in the source domain or length because only a hash of the password exists in the source domain
Location to store password file Location to store password file Specifies a password file to which the assigned orSpecifies a password file to which the assigned orgenerated passwords are written generated passwords are written
Sequence For Collapsing DomainsSequence For Collapsing Domains
Account Account DomainDomain
OU
OU
OU OU
Resource Resource DomainDomain
Resource Resource DomainDomain
Source
Target OUTarget OU
1
Target OUTarget OU
OU
OUOU
Migrate the account domainMigrate the account domain
2Migrate the resource domainMigrate the resource domain
Moving Migrated Moving Migrated UsersUsers
NameNameGroupGroupMicrosoft Microsoft
Global GroupsGlobal Groups
Migrating Global GroupsMigrating Global Groups
Group Account Migration WizardGroup Account Migration WizardReads global group objects in the source domainReads global group objects in the source domain
Creates a new object in the target (with a new SID)Creates a new object in the target (with a new SID)
Adds original SID to the SID-History attribute of the new objectAdds original SID to the SID-History attribute of the new object
Logs events in source and targetLogs events in source and target
Domain1Domain1
Domain3Domain3
Domain2Domain2
Windows NT 4.0Windows NT 4.0
Windows Server Windows Server 2003 Domain2003 Domain
New ObjectNew Object
New SIDNew SID
SID-HistorySID-History
Group Migration OptionsGroup Migration OptionsOptionOption PurposePurpose
Update user rightsUpdate user rights Copies the user rights assigned in the sourceCopies the user rights assigned in the sourcedomain to the target domaindomain to the target domain
Copy group membersCopy group members Copies the members of the groups you Copies the members of the groups you selected to migrate selected to migrate
Update previously migratedUpdate previously migratedobjectsobjects
Updates the members of the groups you Updates the members of the groups you selected to migrate selected to migrate
Migrate group SIDs to targetMigrate group SIDs to targetdomaindomain
Adds the SID of the migrated accounts in theAdds the SID of the migrated accounts in thesource domain to the SID-History of the source domain to the SID-History of the new accounts in the target domainnew accounts in the target domain
Do not rename accountsDo not rename accounts Tries to assign the migrated group the same Tries to assign the migrated group the same name as the group in the source domain name as the group in the source domain
Rename with prefix Rename with prefix Adds the specified prefix to the name of each Adds the specified prefix to the name of each migrated group in the target domain migrated group in the target domain
Rename with suffixRename with suffix Adds the specified suffix to the name of each Adds the specified suffix to the name of each migrated group in the target domain migrated group in the target domain
Naming Conflicts OptionsNaming Conflicts OptionsOptionOption PurposePurpose
Ignore conflicting accounts Ignore conflicting accounts and don't migrateand don't migrate
Leaves the account in the target domain Leaves the account in the target domain unchanged unchanged
Replace conflicting accounts Replace conflicting accounts Changes properties of existing accounts in theChanges properties of existing accounts in thetarget domain to match the properties of the target domain to match the properties of the account with same name in the source domainaccount with same name in the source domain
Remove existing user rights Remove existing user rights Ensures that the account in the target domain Ensures that the account in the target domain does not have more user rights than the account does not have more user rights than the account with the same name in the source domainwith the same name in the source domain
Remove existing members of Remove existing members of groups being replacedgroups being replaced
Ensures that the members of the migrated groups Ensures that the members of the migrated groups in the target domain are the same as the membersin the target domain are the same as the membersof the associated groups in the source domain of the associated groups in the source domain
Rename conflicting accounts Rename conflicting accounts by adding the followingby adding the following
Adds the specified prefix or suffix to the name Adds the specified prefix or suffix to the name of the migrated account in the target domainof the migrated account in the target domain
Account Transition OptionsAccount Transition OptionsOptionOption PurposePurpose
Disable source accounts Disable source accounts Disables the original user account in the Disables the original user account in the source domainsource domain
Disable target accounts Disable target accounts Disables the new user account in theDisables the new user account in thetarget domain target domain
Leave both accounts open Leave both accounts open Leaves both the existing account in the source Leaves both the existing account in the source domain and the new account in the target domain and the new account in the target domain active domain active
Days until source account Days until source account expires expires
Sets the number of days after which the Sets the number of days after which the source account will no longer be available source account will no longer be available
Migrate user SIDs to target Migrate user SIDs to target domaindomain
Adds the SID of the migrated accounts in the Adds the SID of the migrated accounts in the source domain to the SID-History attribute of source domain to the SID-History attribute of the new accounts in the target domain the new accounts in the target domain
Domain1Domain1
Migrating TrustsMigrating Trusts
Domain3Domain3
Domain2Domain2
Windows Server Windows Server 2003 Domain2003 Domain
TrustsTrusts
When there is a delay in When there is a delay in restructuring domainsrestructuring domains
Manually create new trustsManually create new trustsMigrate complex trustsMigrate complex trusts
The trust is external, The trust is external, non-transitive, and one-waynon-transitive, and one-wayNo migration options, just migrateNo migration options, just migrate
Windows NT 4.0Windows NT 4.0
Migrating Service AccountsMigrating Service Accounts
Identify service accountsIdentify service accountsMigrate service accountsMigrate service accountsUpdate the services to log on Update the services to log on using the migrated accountsusing the migrated accounts
Domain1Domain1
Domain3Domain3
Domain2Domain2
Windows NT 4.0Windows NT 4.0
Windows Server Windows Server 2003 Domain2003 Domain
Service AccountsService Accounts
service1service1
service2service2
service3service3
service1service1
service2service2
service3service3
Migrating Computer AccountsMigrating Computer Accounts
Computer accounts include workstations Computer accounts include workstations and member serversand member serversWorkstations and member servers each Workstations and member servers each have their own local SAM databasehave their own local SAM databaseAccess granting accounts move Access granting accounts move automatically with computer accountsautomatically with computer accounts
Domain1Domain1
Domain3Domain3
Domain2Domain2
Windows Server Windows Server 2003 Domain2003 Domain
Computer AccountsComputer AccountsSAM DBsSAM DBsWindows NT 4.0Windows NT 4.0
Migrating Local User ProfilesMigrating Local User Profiles
For workstations For workstations runningrunning
Windows NT 4.0Windows NT 4.0Windows 2000Windows 2000Windows XPWindows XP
Domain1Domain1
Domain3Domain3
Domain2Domain2
Windows Server Windows Server 2003 Domain2003 Domain
User ProfilesUser Profiles
User ProfilesUser Profiles
Windows NT 4.0Windows NT 4.0
Profile Migration OptionsProfile Migration OptionsOn this wizard pageOn this wizard page Do thisDo this
Translate ObjectsTranslate Objects
Security Translation Options Security Translation Options (1)(1)
Security Translation Options Security Translation Options (2) (2)
Specify the type of objects for which you want Specify the type of objects for which you want ADMT to translate security ADMT to translate security
Select Select Previously migrated objectsPreviously migrated objects to retrieve to retrieve previously migrated objects for security translationpreviously migrated objects for security translationSelect Select Other objects specified in a fileOther objects specified in a file to retrieve to retrieveobjects that are specified in a file objects that are specified in a file
Select Select ReplaceReplace to exchange the SID for the to exchange the SID for the account in the source domain with the SID for theaccount in the source domain with the SID for theaccount in the target domainaccount in the target domainSelect Select AddAdd to include both the old SID and the to include both the old SID and thenew SID in the profile list registry key on thenew SID in the profile list registry key on theclient computer running Windows NT 4.0client computer running Windows NT 4.0Select Select RemoveRemove to delete the SID for the account to delete the SID for the account in the source domainin the source domain
Migrating Shared Local GroupsMigrating Shared Local Groups
To ensure resource access after migrationTo ensure resource access after migrationMigrate local groups to Windows Server 2003Migrate local groups to Windows Server 2003Upgrade the domain controllerUpgrade the domain controllerMove it to the same domainMove it to the same domain
-or--or-Upgrade all domain controllers in the resource domain to Upgrade all domain controllers in the resource domain to Windows Server 2003Windows Server 2003Raise the domain functional levelRaise the domain functional levelChange the group type to universal groupsChange the group type to universal groups
Domain1Domain1
Domain3Domain3
Domain2Domain2
Windows NT 4.0Windows NT 4.0Shared Local Shared Local
GroupsGroups
Windows Server Windows Server 2003 Domain2003 Domain
Windows Server Windows Server 2003 Domain2003 Domain
Reconfigure Shared Reconfigure Shared Resource PermissionsResource Permissions
SID-History attribute maintains SID-History attribute maintains resource accessresource access
Reconfigure to use new security Reconfigure to use new security identifiersidentifiers
Clear the SID-History attributeClear the SID-History attribute
Decrease the size of access tokensDecrease the size of access tokens
Decrease logon timeDecrease logon time
Increase environment performanceIncrease environment performance
Maintain DNS Service Maintain DNS Service During RestructureDuring Restructure
Match Active Directory domains to Match Active Directory domains to DNS domainsDNS domains
Establish DNS in the Windows Server 2003 domainEstablish DNS in the Windows Server 2003 domainMake it primary for all AD domainsMake it primary for all AD domainsPromote the DNS server to a Promote the DNS server to a Windows Server 2003 DCWindows Server 2003 DCChange DNS zones to AD integratedChange DNS zones to AD integrated
Create new DNS domains to host SRV recordsCreate new DNS domains to host SRV recordsInstall DNS in the Windows Server 2003 domainInstall DNS in the Windows Server 2003 domainIntegrate it with existing DNS servers Integrate it with existing DNS servers Move reverse lookup zonesMove reverse lookup zones
Upgrade And Restructure Upgrade And Restructure MigrationMigration
Restructure After UpgradeRestructure After Upgrade
U P G R A D EU P G R A D EDomain1Domain1
Domain3Domain3
Domain2Domain2
R E S T R U C T U R ER E S T R U C T U R E
Windows Server Windows Server 2003 Domain2003 Domain
Windows Server Windows Server 2003 Domain2003 Domain
Windows NT 4.0Windows NT 4.0
Migrate System PoliciesMigrate System Policies
Effects of a domain upgradeEffects of a domain upgrade
Group Policy is applied if a Group Policy is applied if a Windows Server 2003 domain Windows Server 2003 domain controller authenticates client controller authenticates client computers running computers running Windows Server 2003 Windows Server 2003 System policies are applied if aSystem policies are applied if aWindows NT 4.0 domain controller Windows NT 4.0 domain controller authenticates client computers authenticates client computers running running Windows Server 2003Windows Server 2003System policies are applied if a System policies are applied if a user account or a computer user account or a computer account is located in a account is located in a Windows NT 4.0 domainWindows NT 4.0 domainGroup Policy is applied if a user Group Policy is applied if a user account or a computer account is account or a computer account is located in a located in a Windows Server 2003 domainWindows Server 2003 domain
Effects of a domain restructureEffects of a domain restructure
System policies from the System policies from the source domain are not source domain are not automatically processed by automatically processed by migrated client computersmigrated client computersSystem policies are applied if a System policies are applied if a user account or a computer user account or a computer account is located in a account is located in a Windows NT 4.0 domainWindows NT 4.0 domainGroup Policy is applied if a Group Policy is applied if a user account or a computer user account or a computer account is located in a account is located in a Windows Server 2003 domainWindows Server 2003 domain
Migrate Logon ScriptsMigrate Logon Scripts
Effects of a domain upgradeEffects of a domain upgrade
User-based logon scripts User-based logon scripts stored in the NETLOGON stored in the NETLOGON shared folder are not shared folder are not affected affected Client computers running Client computers running Windows Server 2003 run Windows Server 2003 run any user-based logon any user-based logon scripts and any script scripts and any script assigned to the user assigned to the user account or computer account or computer account by using Group account by using Group Policy if user-based logon Policy if user-based logon scripts are stored in the scripts are stored in the NETLOGON shared folderNETLOGON shared folder
Effects of a domain restructureEffects of a domain restructure
Logon scripts continue to Logon scripts continue to process for cloned and process for cloned and moved user accounts if moved user accounts if the logon scripts are the logon scripts are migrated to the target migrated to the target domain domain Logon scripts that are not Logon scripts that are not migrated will not process migrated will not process for accounts that have for accounts that have been cloned or moved to a been cloned or moved to a new domainnew domain
Microsoft OTG Microsoft OTG Consolidated 32 NT4.0 Print Servers to 16 Consolidated 32 NT4.0 Print Servers to 16 Windows 2000 Print Servers then reduced to 4 Windows 2000 Print Servers then reduced to 4 servers running Windows Server 2003servers running Windows Server 2003
Reduced administration time by 50 percentReduced administration time by 50 percent
Higher performance and I/O throughput provides Higher performance and I/O throughput provides higher service levels at peak timeshigher service levels at peak times
Print Server ConsolidationPrint Server ConsolidationCustomer Customer
ExperienceExperience
“Now that we’re running Windows Server 2003, the group who administers our print queues can maintain and monitor in about half the time,”
Tomas Vetrovsky, Lead Program Manager of the Microsoft OTG.
GE medical SystemsGE medical Systems
Consolidated 70 autonomous NT4 domain to 4 Consolidated 70 autonomous NT4 domain to 4 Windows Server 2003 domains with Active Directory Windows Server 2003 domains with Active Directory forest infrastructure.forest infrastructure.
Effective central management of 40,000 users through Effective central management of 40,000 users through the implementation of enterprise-wide standards and the implementation of enterprise-wide standards and policiespolicies
Distribute and roll out updates and patches faster, Distribute and roll out updates and patches faster,
with less overheadwith less overhead. . 20% reduction in the number of servers20% reduction in the number of servers
Domain Server ConsolidationDomain Server Consolidation
“With Windows Server 2003, we’re building a more automated, robust system that is more secure, stable, and manageable”
Ron Brahm Global Infrastructure Program Manager.
Customer Customer ExperienceExperience
Call To ActionCall To Action
1.1. Make the move to Windows Server 2003 Make the move to Windows Server 2003 – Do More with Less– Do More with Less
2.2. Evaluate Windows Server 2003 and see Evaluate Windows Server 2003 and see the benefits it can provide in your the benefits it can provide in your enterpriseenterprise
3.3. Contact Microsoft and its Partners and Contact Microsoft and its Partners and leverage them to assist in your leverage them to assist in your deployment and migration projectsdeployment and migration projects
More InformationMore Information
Windows Server 2003 Website at Windows Server 2003 Website at Microsoft.comMicrosoft.com
www.microsoft.com/windowsserver2003www.microsoft.com/windowsserver2003
Top 10 Reasons to move to Top 10 Reasons to move to Windows Server 2003Windows Server 2003
www.microsoft.com/windowsserver2003/technolowww.microsoft.com/windowsserver2003/technologies/securitygies/security
Top 10 Features of Windows Server 2003 for Top 10 Features of Windows Server 2003 for Organizations Upgrading from Organizations Upgrading from Windows NT Server 4.0Windows NT Server 4.0
www.microsoft.com/windowsserver2003/evaluatiowww.microsoft.com/windowsserver2003/evaluation/whyupgrade/top10nt.mspxn/whyupgrade/top10nt.mspx
Microsoft Press InformationMicrosoft Press Information
Introducing Microsoft Windows Server 2003Introducing Microsoft Windows Server 2003(0-7356-1245-5) (0-7356-1245-5) Available nowAvailable now
Migrating from Microsoft Windows NT Server Migrating from Microsoft Windows NT Server 4.0 to Microsoft Windows Server 2003 (0-4.0 to Microsoft Windows Server 2003 (0-7356-1940-9) 7356-1940-9) June 2003June 2003
MCSE Official Curriculum and CoursesMCSE Official Curriculum and Courses
MCSA/MCSE Self-Paced Training Kit (Exam 70-292/70-296): MCSA/MCSE Self-Paced Training Kit (Exam 70-292/70-296): Managing, Maintaining, Planning, and Implementing a Managing, Maintaining, Planning, and Implementing a Microsoft Windows Server 2003 Environment for MCSAs and Microsoft Windows Server 2003 Environment for MCSAs and MCSEs Certified on Microsoft Windows 2000 (ISBN TBD) MCSEs Certified on Microsoft Windows 2000 (ISBN TBD) Q4CY03Q4CY03
Available Today:Available Today:
Course 2270Course 2270: Updating Support Skills from Microsoft Windows : Updating Support Skills from Microsoft Windows NT 4.0 to the Microsoft Windows Server 2003 Family (Beta)NT 4.0 to the Microsoft Windows Server 2003 Family (Beta)Course 2283Course 2283: Migrating from Microsoft Windows NT 4.0 to : Migrating from Microsoft Windows NT 4.0 to Microsoft Windows Sever 2003 (Beta)Microsoft Windows Sever 2003 (Beta)
Available Soon:Available Soon:
Course 2208Course 2208: Updating Support Skills from Microsoft Windows : Updating Support Skills from Microsoft Windows NT 4.0 to Microsoft Windows Server 2003 NT 4.0 to Microsoft Windows Server 2003 (August)(August)Workshop 2209Workshop 2209: Updating Systems Administrator Skills from : Updating Systems Administrator Skills from Microsoft Windows 2000 to Microsoft Windows Server 2003 Microsoft Windows 2000 to Microsoft Windows Server 2003 (May)(May)Workshop 2210Workshop 2210: Updating Systems Engineer Skills from : Updating Systems Engineer Skills from Microsoft Windows 2000 to Microsoft Windows Server 2003 Microsoft Windows 2000 to Microsoft Windows Server 2003 (June)(June)
Do More With LessDo More With Less
© 2003 Microsoft Corporation. All rights reserved.© 2003 Microsoft Corporation. All rights reserved.This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.
top related