1 / 31

Getting off NT4…

Getting off NT4…. Raj Natarajan National Technology Specialist. What this Session Covers. Upgrade / Migration by Workload Domain / Directory File & Print Infrastructure Services App Server. Prerequisite Knowledge. Windows NT Server 4.0 administration Windows Server 2003 administration

christinehines
Télécharger la présentation

Getting off NT4…

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Getting off NT4… Raj Natarajan National Technology Specialist

  2. What this Session Covers • Upgrade / Migration by Workload • Domain / Directory • File & Print • Infrastructure Services • App Server

  3. Prerequisite Knowledge • Windows NT Server 4.0 administration • Windows Server 2003 administration • Virtual PC 2004 or Virtual Server 2005 • & the ability to develop an Operating System! (NOT)

  4. Preparing to Upgrade OS • In all cases, first step should be ‘winnt32.exe /checkupgradeonly’ • This provides a detailed report of what will and will not work with Windows Server 2003. • Exportable list of what needs to be fixed and what to do about it. • If internet connection is present, Winnt32.Exe can query Microsoft for any important changes since the installation media was prepared.

  5. Forest / Domain / Tree considerations • Forest is the Security boundary • Number of domains should match password complexity requirements • Extranet – Use another forest, not another domain • Tree – Political / Organisational considerations around namespace • If upgrading legacy NT4 domains • Create Empty Forest Root or Upgrade largest Accounts Domain to Root Domain in Forest • Upgrade other Domains as Child Domains in existing forest • Once upgrade is complete, consider domain consolidation via Intra-forest migration; ADMTv2 is your friend 

  6. Windows NT 4.0 Domain Upgrade Preparation • Know your domain • Visio Network Discovery or similar tools can be leveraged for network inventory. • If Domain Name System (DNS) infrastructure exists, create a delegation for the first PDC to host the Active Directory zone. • LMRepl should be configured on Windows NT 4.0 domain controllers. • The LMRepl export server should be the last server upgraded.

  7. Domain Upgrade Strategies • Windows NT 4.0 Domain Upgrade • Similar to process for upgrade to Windows 2000 • In-place or Migrate • Different Approaches for Simplifying Domain Structure • Single domain strategy • Empty forest root strategy

  8. Single Domain Forest Strategy • Largest Windows NT 4.0 account domain is upgraded to Windows Server 2003 forest root • Select Windows 2003 interim forest mode during DCPromo. • Let DCPromo configure DNS • DCPromo will read the delegation and prompt to install DNS locally. • Forest and domain zones will be created automatically. • Continue upgrading or retiring backup domain controllers (BDCs) until all domain controllers run Windows Server 2003

  9. Multi-Domain Strategy • Establish forest with empty root domain with a new Windows Server 2003 • Advance domain to Windows 2003 functionality level using Domain.msc • Advance forest to Windows 2003 interim functionality level • No UI offered in clean install • Use ADSIEdit.msc or LDP.exe • Create delegation in DNS for first PDC to be upgraded

  10. Multi-Domain Strategy (2) • Upgrade Windows NT 4.0 PDC and DCPromo to create child domain of the empty root • Domain will be automatically set to Windows 2003 Interim Mode • DCPromo will notice the delegation and prompt to install DNS • DNS will create default application partition • When all BDCs are upgraded, advance domain to Windows 2003 functionality

  11. Migrating with ADMTv2 • Two Types of Domain Migration • Interforest: Objects are cloned across domain and forest boundaries • Intraforest: LDAP_Move operation after which the source object no longer exists • By definition, all Windows NT to Active Directory migrations are Interforest.

  12. Domain Migration with ADMTv2 • Objects migrated include: • Users • Groups • Computers • Profiles • Network resources • Access control lists • Security identifiers • Domain controllers cannot be migrated.

  13. Maintaining Access with ADMTv2 • Windows 2000 introduced the sIDHistory attribute on Users and Groups in native mode domains. • When Users and Groups are migrated, sIDHistory can be populated with their security identifiers from the source domain. • sIDHistory provides a temporary method of maintaining access to resources during migration. • This should not be considered a permanent solution for access to resources.

  14. ADMTv2 Improvements • Interforest Password Migration • More Robust Computer Migration Agents • Group Migration Optimised for Speed • Internal sID Database Allows Source Domains to be Retired • Migration Tasks Can be Delegated Rather than Requiring Domain Administrator Credentials • inetOrgPerson Support • Post-Migration User Renaming

  15. ADMTv2 Improvements (2) • Scripting and Command Line Interfaces • Customisable Attribute Exclusion Lists • Enhanced Logging • Account Transition Options • Improved Reporting Wizard • Security Translation and SID Mapping Files • Available for free from www.microsoft.com

  16. Active Directory Migration Tool

  17. File/Print/Other • File Server Migration Toolkit • Printer Migration Scripts • DNS/DHCP/WINS easy cut-over • RAS/RADIUS/VPN • IIS – Compatibility Mode?

  18. Application Servers • Now that takes care of the Domain, Directory, & Core Infrastructure Servers, what about my App servers? • Standard IT Answer – It Depends! • Evaluate what you really need! • Virtual Server? • Application Compatibility Mode • Common Issues in Application Compatibility • Application Compatibility Toolkit

  19. Evaluate what really needs to stay • Legacy Apps • Apps replaced by new apps with similar functionality • Servers untouched in a corner • Cobwebs in the power supply!

  20. Status Quo • Identify Risks • Put in Mitigation (migration) plans • Reduce Hardware risk by Virtualising • Virtualise only where applicable • Don’t virtualise because you can

  21. Virtual Server 2005Pros and Cons of Migration • Pros • Extends the life of the LOB application • Re-organisation or consolidation • Hardware Risk Mitigation • Cons • No more stable • Similar Security Model • Does not extend Windows NT Server 4.0 support http://www.microsoft.com/technet/community/events/vpc/tnt1-97.mspx

  22. Virtual Machine: Windows NT Server 4.0 Server Windows 2003 Server Virtual Server 2005Virtualisation Scenario Overview Physical Server: Windows NT Server 4.0 Server

  23. Virtual Server Migration Toolkit

  24. Application Compatibility ModeApplication Compatibility Mode Options

  25. Common Compatibility Issues on Windows XP • OS Version Number • Hard-coding paths to Special Folders • Temp • Profiles • Documents & Settings • My Documents • Running under non-Administrator Accounts • Installation Failures • Registry Changes • Applications with Platform-Specific drivers • Common in Anti-Virus, Backup and Partitioning software • Low-level drivers, 9x drivers, File System Filters, etc.

  26. Windows XP Compatibility Issues

  27. Windows Server 2003 Changes • The new DLL search order: • Application folder. • System32. • System (16-bit system folder). • Windows. • Current working directory. • Previous Windows platforms had current working directory before System32! • No Visual Basic 5.0 Runtime • IIS Not Installed by Default • Default Permissions & Services Changed

  28. If you want to fix your application • Application Compatibility Toolkit v3.0 • Provide tools & knowledge for development • Testing infrastructure • Application verifier for new apps • Application analyser tool (inventory) Newsgroup – microsoft.public.win32.programmer.tools

  29. Application Analyser

  30. Session Summary • Active Directory migration is simple with a little planning • More mature tools available to move core Infrastructure services • Application Compatibility Mode can help push back costly upgrades • Virtual Server (and VSMT) can allow you to continue using legacy LOB applications under their original environments

  31. For More Information… • Visit TechNet at www.microsoft.com/technet • Infrastructure Special Interest Group – Register at TechNet Lounge • http://www.microsoft.com/australia/technet • FREE: Active Directory Jigsaw and Migration Roadmap Posters

More Related