Presentation is loading. Please wait.

Presentation is loading. Please wait.

Getting off NT4… Raj Natarajan National Technology Specialist.

Similar presentations


Presentation on theme: "Getting off NT4… Raj Natarajan National Technology Specialist."— Presentation transcript:

1 Getting off NT4… Raj Natarajan National Technology Specialist

2 What this Session Covers Upgrade / Migration by Workload – Domain / Directory – File & Print – Infrastructure Services – App Server

3 Prerequisite Knowledge Windows NT Server 4.0 administration Windows Server 2003 administration Virtual PC 2004 or Virtual Server 2005 & the ability to develop an Operating System! (NOT)

4 Preparing to Upgrade OS In all cases, first step should be ‘winnt32.exe /checkupgradeonly’ – This provides a detailed report of what will and will not work with Windows Server 2003. – Exportable list of what needs to be fixed and what to do about it. – If internet connection is present, Winnt32.Exe can query Microsoft for any important changes since the installation media was prepared.

5 Forest / Domain / Tree considerations Forest is the Security boundary Number of domains should match password complexity requirements Extranet – Use another forest, not another domain Tree – Political / Organisational considerations around namespace If upgrading legacy NT4 domains – Create Empty Forest Root or Upgrade largest Accounts Domain to Root Domain in Forest – Upgrade other Domains as Child Domains in existing forest – Once upgrade is complete, consider domain consolidation via Intra-forest migration; ADMTv2 is your friend

6 Windows NT 4.0 Domain Upgrade Preparation Know your domain – Visio Network Discovery or similar tools can be leveraged for network inventory. – If Domain Name System (DNS) infrastructure exists, create a delegation for the first PDC to host the Active Directory zone. – LMRepl should be configured on Windows NT 4.0 domain controllers. – The LMRepl export server should be the last server upgraded.

7 Domain Upgrade Strategies Windows NT 4.0 Domain Upgrade – Similar to process for upgrade to Windows 2000 – In-place or Migrate Different Approaches for Simplifying Domain Structure – Single domain strategy – Empty forest root strategy

8 Single Domain Forest Strategy Largest Windows NT 4.0 account domain is upgraded to Windows Server 2003 forest root – Select Windows 2003 interim forest mode during DCPromo. Let DCPromo configure DNS – DCPromo will read the delegation and prompt to install DNS locally. – Forest and domain zones will be created automatically. Continue upgrading or retiring backup domain controllers (BDCs) until all domain controllers run Windows Server 2003

9 Multi-Domain Strategy Establish forest with empty root domain with a new Windows Server 2003 Advance domain to Windows 2003 functionality level using Domain.msc Advance forest to Windows 2003 interim functionality level – No UI offered in clean install – Use ADSIEdit.msc or LDP.exe Create delegation in DNS for first PDC to be upgraded

10 Multi-Domain Strategy (2) Upgrade Windows NT 4.0 PDC and DCPromo to create child domain of the empty root – Domain will be automatically set to Windows 2003 Interim Mode – DCPromo will notice the delegation and prompt to install DNS – DNS will create default application partition – When all BDCs are upgraded, advance domain to Windows 2003 functionality

11 Migrating with ADMTv2 Two Types of Domain Migration – Interforest: Objects are cloned across domain and forest boundaries – Intraforest: LDAP_Move operation after which the source object no longer exists By definition, all Windows NT to Active Directory migrations are Interforest.

12 Domain Migration with ADMTv2 Objects migrated include: – Users – Groups – Computers – Profiles – Network resources – Access control lists – Security identifiers Domain controllers cannot be migrated.

13 Maintaining Access with ADMTv2 Windows 2000 introduced the sIDHistory attribute on Users and Groups in native mode domains. When Users and Groups are migrated, sIDHistory can be populated with their security identifiers from the source domain. sIDHistory provides a temporary method of maintaining access to resources during migration. This should not be considered a permanent solution for access to resources.

14 ADMTv2 Improvements Interforest Password Migration More Robust Computer Migration Agents Group Migration Optimised for Speed Internal sID Database Allows Source Domains to be Retired Migration Tasks Can be Delegated Rather than Requiring Domain Administrator Credentials inetOrgPerson Support Post-Migration User Renaming

15 ADMTv2 Improvements (2) Scripting and Command Line Interfaces Customisable Attribute Exclusion Lists Enhanced Logging Account Transition Options Improved Reporting Wizard Security Translation and SID Mapping Files Available for free from www.microsoft.comwww.microsoft.com

16 Active Directory Migration Tool

17 File/Print/Other File Server Migration Toolkit Printer Migration Scripts DNS/DHCP/WINS easy cut-over RAS/RADIUS/VPN IIS – Compatibility Mode?

18 Application Servers Now that takes care of the Domain, Directory, & Core Infrastructure Servers, what about my App servers? – Standard IT Answer – It Depends! – Evaluate what you really need! – Virtual Server? – Application Compatibility Mode Common Issues in Application Compatibility – Application Compatibility Toolkit

19 Evaluate what really needs to stay Legacy Apps Apps replaced by new apps with similar functionality Servers untouched in a corner Cobwebs in the power supply!

20 Status Quo Identify Risks Put in Mitigation (migration) plans Reduce Hardware risk by Virtualising – Virtualise only where applicable – Don’t virtualise because you can

21 Virtual Server 2005 Pros and Cons of Migration Pros – Extends the life of the LOB application – Re-organisation or consolidation – Hardware Risk Mitigation Cons – No more stable – Similar Security Model – Does not extend Windows NT Server 4.0 support http://www.microsoft.com/technet/community/ events/vpc/tnt1-97.mspx

22 Virtual Server 2005 Virtualisation Scenario Overview Physical Server: Windows NT Server 4.0 Server Windows 2003 Server Virtual Machine: Windows NT Server 4.0 Server

23 Virtual Server Migration Toolkit

24 Application Compatibility Mode Application Compatibility Mode Options

25 Common Compatibility Issues on Windows XP OS Version Number Hard-coding paths to Special Folders – Temp – Profiles – Documents & Settings – My Documents Running under non-Administrator Accounts Installation Failures Registry Changes Applications with Platform-Specific drivers – Common in Anti-Virus, Backup and Partitioning software – Low-level drivers, 9x drivers, File System Filters, etc.

26 Windows XP Compatibility Issues

27 Windows Server 2003 Changes The new DLL search order: – Application folder. – System32. – System (16-bit system folder). – Windows. – Current working directory. – Previous Windows platforms had current working directory before System32! No Visual Basic 5.0 Runtime IIS Not Installed by Default Default Permissions & Services Changed

28 If you want to fix your application Application Compatibility Toolkit v3.0 – Provide tools & knowledge for development – Testing infrastructure Application verifier for new apps Application analyser tool (inventory) Newsgroup – microsoft.public.win32.programmer.tools

29 Application Analyser

30 Session Summary Active Directory migration is simple with a little planning More mature tools available to move core Infrastructure services Application Compatibility Mode can help push back costly upgrades Virtual Server (and VSMT) can allow you to continue using legacy LOB applications under their original environments

31 For More Information… Visit TechNet at www.microsoft.com/technet Infrastructure Special Interest Group – Register at TechNet Lounge – http://www.microsoft.com/australia/technet http://www.microsoft.com/australia/technet FREE: Active Directory Jigsaw and Migration Roadmap Posters


Download ppt "Getting off NT4… Raj Natarajan National Technology Specialist."

Similar presentations


Ads by Google