If you believed Microsoft a few years back, Active Directory was the answer to all your network users and system resources universal directory prayers. Ha!
Upgrading from NT domains to W2K Active Directory (AD) was as scary a job as a network administrator could ever want to avoid. It was a horror show of a job that cost many LAN managers their jobs and took many companies over a year to complete. And, even once it had been done, you were still stuck with such unlikely, but annoying, problems as being unable to delete schemas if you had made a mistake in implementing your original design or you simply wanted to clean up directory clutter.
Is it any wonder then that many companies stuck to NT? Managing a large set of NT domains may have been messy, but at least it worked. Besides, under NT, adding a Samba server or Backup Domain Controller (BDC) was a piece of cake. And, if you had W2K Servers, you added them to the domain via the "Server Manager" on your NT Primary Domain Controller (PDC) and then joined the new server to the domain. No fuss, no muss.
Today, though, Server 2003 had made AD a lot more friendly, a lot more useful, a lot faster, and last, but far from least, it's a lot easier to upgrade to from NT domains.But, First the Prep Work
Easier isn't necessarily the same thing as simple. Before you even think about upgrading your domain structure, you need to know exactly what's what on your network. Think you know? I doubt it.
Unless you've been tracking your network's evolution religiously, I suspect you'll find unknown servers and BDCs on your network running everything from early models of Samba to NT4 SP3 not to mention some oddball trust relationships and Security Accounts Manager (SAM) records.
Besides, even if you know exactly what's what, you'll want to spend some time deleting duplicate and unused user, group and computer accounts. You'll also want to consolidate group accounts that duplicate the same permissions. Take the time to do some spring cleaning of your network, it will help not only with AD, but with removing security threats from your network.
You must also check your current NT server operating system patch level. You shouldn't even think about upgrading if your machines aren't running at least NT4 SP4. The latest shipping version of Samba, 2.2.8a, will also run with Server 2003 as a server, but I'd be wary of using Samba systems as BDCs until there's been a lot more time spent running Samba and Server 2003 on the same networks.
Once you have a handle on that and you've cleaned up any unneeded SAM accounts, demoted any Samba servers from PDC or BDC to server status, cleaned up security, and all that fun stuff, you'll finally be ready to start thinking about your upgrade.
Page 2: Thinking!?