310 likes | 335 Views
Getting off NT4…. Raj Natarajan National Technology Specialist. What this Session Covers. Upgrade / Migration by Workload Domain / Directory File & Print Infrastructure Services App Server. Prerequisite Knowledge. Windows NT Server 4.0 administration Windows Server 2003 administration
E N D
Getting off NT4… Raj Natarajan National Technology Specialist
What this Session Covers • Upgrade / Migration by Workload • Domain / Directory • File & Print • Infrastructure Services • App Server
Prerequisite Knowledge • Windows NT Server 4.0 administration • Windows Server 2003 administration • Virtual PC 2004 or Virtual Server 2005 • & the ability to develop an Operating System! (NOT)
Preparing to Upgrade OS • In all cases, first step should be ‘winnt32.exe /checkupgradeonly’ • This provides a detailed report of what will and will not work with Windows Server 2003. • Exportable list of what needs to be fixed and what to do about it. • If internet connection is present, Winnt32.Exe can query Microsoft for any important changes since the installation media was prepared.
Forest / Domain / Tree considerations • Forest is the Security boundary • Number of domains should match password complexity requirements • Extranet – Use another forest, not another domain • Tree – Political / Organisational considerations around namespace • If upgrading legacy NT4 domains • Create Empty Forest Root or Upgrade largest Accounts Domain to Root Domain in Forest • Upgrade other Domains as Child Domains in existing forest • Once upgrade is complete, consider domain consolidation via Intra-forest migration; ADMTv2 is your friend
Windows NT 4.0 Domain Upgrade Preparation • Know your domain • Visio Network Discovery or similar tools can be leveraged for network inventory. • If Domain Name System (DNS) infrastructure exists, create a delegation for the first PDC to host the Active Directory zone. • LMRepl should be configured on Windows NT 4.0 domain controllers. • The LMRepl export server should be the last server upgraded.
Domain Upgrade Strategies • Windows NT 4.0 Domain Upgrade • Similar to process for upgrade to Windows 2000 • In-place or Migrate • Different Approaches for Simplifying Domain Structure • Single domain strategy • Empty forest root strategy
Single Domain Forest Strategy • Largest Windows NT 4.0 account domain is upgraded to Windows Server 2003 forest root • Select Windows 2003 interim forest mode during DCPromo. • Let DCPromo configure DNS • DCPromo will read the delegation and prompt to install DNS locally. • Forest and domain zones will be created automatically. • Continue upgrading or retiring backup domain controllers (BDCs) until all domain controllers run Windows Server 2003
Multi-Domain Strategy • Establish forest with empty root domain with a new Windows Server 2003 • Advance domain to Windows 2003 functionality level using Domain.msc • Advance forest to Windows 2003 interim functionality level • No UI offered in clean install • Use ADSIEdit.msc or LDP.exe • Create delegation in DNS for first PDC to be upgraded
Multi-Domain Strategy (2) • Upgrade Windows NT 4.0 PDC and DCPromo to create child domain of the empty root • Domain will be automatically set to Windows 2003 Interim Mode • DCPromo will notice the delegation and prompt to install DNS • DNS will create default application partition • When all BDCs are upgraded, advance domain to Windows 2003 functionality
Migrating with ADMTv2 • Two Types of Domain Migration • Interforest: Objects are cloned across domain and forest boundaries • Intraforest: LDAP_Move operation after which the source object no longer exists • By definition, all Windows NT to Active Directory migrations are Interforest.
Domain Migration with ADMTv2 • Objects migrated include: • Users • Groups • Computers • Profiles • Network resources • Access control lists • Security identifiers • Domain controllers cannot be migrated.
Maintaining Access with ADMTv2 • Windows 2000 introduced the sIDHistory attribute on Users and Groups in native mode domains. • When Users and Groups are migrated, sIDHistory can be populated with their security identifiers from the source domain. • sIDHistory provides a temporary method of maintaining access to resources during migration. • This should not be considered a permanent solution for access to resources.
ADMTv2 Improvements • Interforest Password Migration • More Robust Computer Migration Agents • Group Migration Optimised for Speed • Internal sID Database Allows Source Domains to be Retired • Migration Tasks Can be Delegated Rather than Requiring Domain Administrator Credentials • inetOrgPerson Support • Post-Migration User Renaming
ADMTv2 Improvements (2) • Scripting and Command Line Interfaces • Customisable Attribute Exclusion Lists • Enhanced Logging • Account Transition Options • Improved Reporting Wizard • Security Translation and SID Mapping Files • Available for free from www.microsoft.com
File/Print/Other • File Server Migration Toolkit • Printer Migration Scripts • DNS/DHCP/WINS easy cut-over • RAS/RADIUS/VPN • IIS – Compatibility Mode?
Application Servers • Now that takes care of the Domain, Directory, & Core Infrastructure Servers, what about my App servers? • Standard IT Answer – It Depends! • Evaluate what you really need! • Virtual Server? • Application Compatibility Mode • Common Issues in Application Compatibility • Application Compatibility Toolkit
Evaluate what really needs to stay • Legacy Apps • Apps replaced by new apps with similar functionality • Servers untouched in a corner • Cobwebs in the power supply!
Status Quo • Identify Risks • Put in Mitigation (migration) plans • Reduce Hardware risk by Virtualising • Virtualise only where applicable • Don’t virtualise because you can
Virtual Server 2005Pros and Cons of Migration • Pros • Extends the life of the LOB application • Re-organisation or consolidation • Hardware Risk Mitigation • Cons • No more stable • Similar Security Model • Does not extend Windows NT Server 4.0 support http://www.microsoft.com/technet/community/events/vpc/tnt1-97.mspx
Virtual Machine: Windows NT Server 4.0 Server Windows 2003 Server Virtual Server 2005Virtualisation Scenario Overview Physical Server: Windows NT Server 4.0 Server
Application Compatibility ModeApplication Compatibility Mode Options
Common Compatibility Issues on Windows XP • OS Version Number • Hard-coding paths to Special Folders • Temp • Profiles • Documents & Settings • My Documents • Running under non-Administrator Accounts • Installation Failures • Registry Changes • Applications with Platform-Specific drivers • Common in Anti-Virus, Backup and Partitioning software • Low-level drivers, 9x drivers, File System Filters, etc.
Windows Server 2003 Changes • The new DLL search order: • Application folder. • System32. • System (16-bit system folder). • Windows. • Current working directory. • Previous Windows platforms had current working directory before System32! • No Visual Basic 5.0 Runtime • IIS Not Installed by Default • Default Permissions & Services Changed
If you want to fix your application • Application Compatibility Toolkit v3.0 • Provide tools & knowledge for development • Testing infrastructure • Application verifier for new apps • Application analyser tool (inventory) Newsgroup – microsoft.public.win32.programmer.tools
Session Summary • Active Directory migration is simple with a little planning • More mature tools available to move core Infrastructure services • Application Compatibility Mode can help push back costly upgrades • Virtual Server (and VSMT) can allow you to continue using legacy LOB applications under their original environments
For More Information… • Visit TechNet at www.microsoft.com/technet • Infrastructure Special Interest Group – Register at TechNet Lounge • http://www.microsoft.com/australia/technet • FREE: Active Directory Jigsaw and Migration Roadmap Posters