From NT Domain to Server 2003 Active Directory: Page 2


You Can't Detect What You Can't See: Illuminating the Entire Kill Chain

On-Demand Webinar

(Page 2 of 3)


Yes, thinking. There are three ways to upgrade from NT to Server 2003 AD and while it's a lot easier to back up in an AD deployment than it used to be, you really don't want to start down the wrong path. You'll end up wasting man-days, not man-hours, if you do.

Your three choices are: 1) upgrade; 2) restructure and 3) upgrade and restructure. With an upgrade you basically keep the exact same structure you're already using but now you have AD at the top so you can better run the whole show. This, as you might guess, is also the easiest path that takes the least amount of time, has the lowest risks and requires the fewest resources. It also presumes that instead of adding a new Server 2003 server you're just converting at least one of your existing NT servers to Server 2003.

Your existing structure showing its age? You want better overall server uptime? In that case, you'll want to restructure your network. And, if you want to retain your existing domain structure, but add new Server 2003 machines and implement AD's features now rather than later, you'll want to do both with an upgrade and a restructure.

But, before charging out there, you also need to consider practical constraints. Even a mere upgrade of a small business network will take up a weekend. Do you have that weekend? Do you have the budget to pay for people to work that weekend? Do you have working backup servers in place so your company can keep going even if your upgrade doesn't?

And, let's not forget that, if you're going to bring your application servers to Server 2003 over as well you have to ask yourself if your applications still work? After all Server 2003 may be a killer file and Web server, but it has amazingly few applications that will run on it today.

Only make the move, once you know you really want to do it and you have the resources to do it right.

Down and Dirty

OK, now you know what you're doing and you're ready to go? Your next step is to head over to the Microsoft site and grab a copy of Active Directory Migration Tool 2.0. It's not just a great tool, it's a must have tool, for NT domain administrators on the AD move. I'd no more try an upgrade without it than I would face the day without brushing my teeth.

You'll also want to read Microsoft's white paper, Migrating Windows NT Server 4.0 Domains to Windows Server 2003 Active Directory before making a move.

Once armed with tools and information, you'll want to start with your PDC. What's that your PDC can't handle Server 2003? Then, in that case, start with a BDC, then upgrade it to a PDC and downgrade the old NT PDC to a BDC. After that, you can upgrade all the other BDCs. Or, if you want, you can decommission them as BDCs, and either leave them as NT servers or install Server 2003 on them and in ether case make them ordinary member servers.

You'll also, if you haven't before, need to install Domain Name Service (DNS) on at least one of your servers. Active Directory needs DBS to resolve AD domain, site, and service names to IP addresses. You can use NT, W2K or Server 2003 DNS, but for best results I like to run Server 2003 AD and DNS on the same machine.

Along the way you're also going to be creating Containers that will hold your NT user, computer and groups. These objects are named Users, Computers, and Builtin. No, Builtin isn't just a funny name for groups. NT 4 built-in local groups, like Administrators and Server Operators User accounts go into the Builtin container. Local and network groups that you've set up in NT 4, the jocks from accounting' for instance, are placed in the Users folder.

As you upgrade your PDC, you're likely to want to set it as the first domain in a new Server 2003 forest. If that's the case, and if you're upgrading from NT to Server 2003 it almost certainly will be, you should set your forest functional level to "Windows interim" aka Windows 2000's Mixed level. Don't worry about looking for the menu choice to do it, you'll be prompted for it during the upgrade. It gives you all Windows 2000 level forest functionality and also includes improved replication capabilities and speed.

Page 3: Using Server 2003 AD

Page 2 of 3

Previous Page
1 2 3
Next Page

0 Comments (click to add your comment)
Comment and Contribute


(Maximum characters: 1200). You have characters left.



IT Management Daily
Don't miss an article. Subscribe to our newsletter below.

By submitting your information, you agree that datamation.com may send you Datamation offers via email, phone and text message, as well as email offers about other products and services that Datamation believes may be of interest to you. Datamation will process your information in accordance with the Quinstreet Privacy Policy.