|
|
Many operating system upgrades of the past can best be described as nightmares. Microsoft has provided solid upgrading solutions, especially for those migrating from early versions of Windows NT. Chapter 3 discusses Windows Server 2003 in both mixed mode and native mode environments, but a further review in the context of Active Directory services is appropriate here.
Active Directory services is designed with backward compatibility as its cornerstone. Thus, a layer of code in Windows Server 2003 fully emulates the directory services of Windows NT 3.51 and 4.0. In fact, Active Directory is designed to operate either in a native Windows Server 2003 environment or in a mixed enterprise with Windows NT.
Migration can take one of two forms: a rapid and systematic upgrade of Windows NT to Windows 2000, or coexistence of Windows Server 2003 and Windows NT for an undefined period. In the first instance, the existing Primary Domain Controller should be the first server upgraded as a Windows .NET Active Directory domain controller. User and group accounts are automatically loaded into the Active Directory during the installation process. Backup Domain Controllers are then upgraded to Windows Server 2003 with Active Directory services, and copies of the Active Directory are then automatically promoted as peer domain controllers.
NOTE
An improved Active Directory Migration Tool (ADMT 2) is used primarily to migrate from Windows NT4 to Windows 2000/Windows Server 2003 or to restructure Windows 2000/Windows Server 2003 deployments. With ADMT, an administrator moves objects between domains in the same or different forests. ADMT supports common migration tasks including moving users, groups, and computers. Also, a new scripting interface was added. ADMT can now be driven from any language and supports COM interfaces such as Visual Basic Script, Visual Basic, and Visual C++. This facility is available from a download called the Domain Migration Cookbook at http://www.microsoft.com.
NOTE
Group information is migrated only from Windows NT domain controllers to Windows 2000 or Windows Server 2003. Group policy, security, and other data that was created in a workgroup environment will remain local and is not migrated. The local security database remains separate from the Active Directory.
Once the first Windows Server 2003 Active Directory domain controller is in place, the enterprise can start taking advantage of greater functionality. This is true even if the Windows NT BDCs are maintained for some protracted period. BDCs and associated Windows NT workstations will operate in the same manner as before. In environments where BDCs exist downstream, the same PDC/BDC relationship will continue to function. The older installations will immediately gain the added value of the Global Catalog to improve object resolution. At the same time, the Active Directory domain controller will still act as a peer with other Windows Server 2003 domain controllers. Over time, the older BDCs may be upgraded as needed and become peer domain controllers.
In either case, client systems can be added easily. The Windows NT Workstation is upgraded simply by installing Windows XP Professional. Windows 95/98 clients can take advantage of Active Directory awareness by installing a downloadable patch from Microsoft's Web site. This will permit downlevel clients to use Kerberos security and to fully support applications that recognize Active Directory.
For organizations with a heavy investment in Exchange Server, it will be good news that this popular groupware suite will also use the Windows Server 2003 Active Directory, eliminating the need to maintain two sets of user accounts and other data.
 |
|
|
| Top |