1 / 42

Integration and Migration: Making the Move to Windows Server 2003

Integration and Migration: Making the Move to Windows Server 2003 . Michael Leworthy Windows Server Product Manager Microsoft Australia. Agenda. Client Integration with Windows Server 2003 Update on Functional Levels Windows NT 4.0 to Windows Server 2003 upgrade

charisse
Download Presentation

Integration and Migration: Making the Move to Windows Server 2003

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Integration and Migration: Making the Move to Windows Server 2003 Michael Leworthy Windows Server Product Manager Microsoft Australia

  2. Agenda • Client Integration with Windows Server 2003 • Update on Functional Levels • Windows NT 4.0 to Windows Server 2003 upgrade • Windows 2000 Server to Windows Server 2003 upgrade • Domain restructuring with ADMT v2

  3. Clients And Windows Server 2003 • Security improvements change behavior of Windows Server 2003 Domain Controllers • SMB signing and secure channel encryption enforced • Adjustments needed for older clients • Windows NT 4.0 SP4 and higher, Windows 2000, Windows XP clients work without adjustments • Win95 and Windows NT4 pre-SP4 require changes; either • Disable enforcement of SMB signing and secure channel encryption • Install DS Client and/or Service Pack • Fully documented in the Windows Server 2003 Deployment Kit

  4. Update on Functional Levels • Functional Levels • Domain Functional Levels • Forest Functional Levels • Features without Dependencies • Best Practices For Functional Levels • Raising Domain Functional Level • What Happens with Functional Level Upgrades • Upgrading the PDC • Forest switch to Windows Server 2003 Functional Level

  5. Functional Levels • Required in order to introduce non-backward-compatible features • Admin manually advances functional level when all DCs in forest/domain are upgraded • Level only increases – no going back • Legacy DCs blocked from joining/starting

  6. Functional Levels • Available functional levels • Windows Server 2003 forest functionality • Windows Server 2003 interim forest functionality • Allows mixed-mode domains (NT4 BDCs), but no Windows 2000 DCs • Windows Server 2003 domain functionality

  7. Domain Functional Levels

  8. Domain Functional Levels

  9. Forest Functional Levels

  10. Forest Functional Levels

  11. Features without Dependencies • Application partitions • Universal Group Caching • Install from Media • No-GC-Full-Sync for PAS schema extensions • SID History migration delegation • Concurrent LDAP binds • Manual trigger of online defrag • DNS in application partitions • Single instance store

  12. Forest switch to Windows Server 2003 Functional Level • Domain controllers switch to new replication pause values • Windows 2000: registry values • 5 minutes / 30 seconds • Windows 2003: new default values if registry keys are not set • 30 secs / 5 secs • At forest functional switch • DCs delete registry values if values are Windows 2000 defaults • Automatically switch to 30 secs / 5 secs

  13. Best Practices For Functional Levels • Windows NT 4 Upgrade • Motivation to move to Windows Server 2003 interim level • Linked-value-replication (large group support) • Improved KCC/ISTG • Set Windows Server 2003 interim forest level • Once all NT 4 BDCs are upgraded, advance forest to Windows Server 2003 functional level • This automatically advances all domains to Windows Server 2003 functional level

  14. Best Practices For Functional Levels • Windows 2000 Upgrade • Do nothing until all DCs are running Windows Server 2003 • Make sure that no mixed mode domain is left in the forest • Advance forest level to Windows Server 2003 functional level • This automatically advances all domains to Windows Server 2003 functional level

  15. Windows NT 4 to Windows Server 2003 upgrade • Upgrading from Windows NT 4 • Demo: Upgrading the Windows NT 4 PDC

  16. Upgrading from Windows NT4 (Step by Step) • Inventory clients for compatibility with default security settings • Either install software (dsclient, SP) or relax settings • Inventory domain controllers in domain • Hot fixes • Recommended: SP6a • DC hardware: Disk space, CPU, memory • DC health including replication and lmrelp file replication service

  17. Upgrading from Windows NT4 (Step by Step) • Check for services running as local system on all member servers and workstations • Re-configure service to use user account, or • Upgrade server to Windows 2000 Server or Windows Server 2003, or • Use “Enable downlevel access” in dcpromo • Services which require “Enable downlevel access” include Windows NT 4.0 RAS

  18. Upgrading from Windows NT4 (Step by Step) • Configure lmrepl export server • This will be the last domain controller to be upgraded • If lmrepl service runs on PDC, either • Select one BDC to be new lmrepl export server, or • Move lmrepl to server that will be upgraded as the last DC • Secure one BDC • Sync with PDC • Take back-up tape and test restore • Take BDC off-line and keep in storage

  19. Upgrading from Windows NT4(Step by Step) • Upgrade PDC • PDC will not be able to perform PDC role while upgrade and dcpromo run • No changes possible (no new users, groups, group membership changes) • Clients and workstations will not be able to change passwords • Trusts might fail • Plan for the change freeze / downtime • Configure security settings

  20. Upgrading from Windows NT4(Step by Step) • Verify success • Verify down-level replication works • Verify that users can be added and passwords can be changed • Install and configure lmbridge • Windows Server 2003 has no more lmrepl service; it uses sysvol replication (frs) • Copy all logon scripts and other files from lmrepl export server to PDC emulator • Configure lmbridge to copy files from PDC emulator to lmrepl export server • Change files on PDC only

  21. Upgrading from Windows NT4(Step by Step) • Continue upgrading BDCs • Once all DCs are Windows Server 2003 • If this was the last domain to join the forest and all DCs in the forest are Windows Server 2003, switch to Windows 2003 forest functional level • In multi-domain forests, don’t worry about single domain modes, wait until last domain is upgraded

  22. Upgrading The Windows NT 4.0 PDC

  23. Windows 2000 to Windows Server 2003 upgrade • Upgrading from Windows 2000 • Issues with Schema Extensions • Domain Naming Master • Domain Upgrade And DNS • Introducing The First Windows Server 2003 Domain Controller In Forest • Upgrading from Windows 2000 Step by Step

  24. Upgrading From Windows 2000 • Easy and seamless upgrade process • No restructuring necessary • No forest, domain, OU or replication planning necessary • No user / workstation / profile migration

  25. Upgrading From Windows 2000 • Windows Server 2003 DCs fully compatible with Windows 2000 DCs • Windows Server 2003 DCs can interoperate in Windows 2000 forest / domain in any role • New DC (dcpromo) • Upgrade of existing DC • Preparing forest and domains are separate step from introducing the first Windows Server 2003 DC

  26. Issues with Schema Extensions • Exchange 2000 schema present • Exchange 2000 schema extensions define three non-RFC conform attributes (houseIdentifier, secretary and labeledURl) • If Exchange 2000 schema extensions are applied before Windows 2000 InetOrgKit or Windows Server 2003 schema, attributes with mangled names are created • See KB article Q325379

  27. Issues with Schema Extensions • Services For Unix version 2.0 • SFU 2.0 NIS component defines a uid attribute which clashes with the correct interpretation in Windows Server 2003 schema • Adprep cannot extend the schema unless a QFE is applied • See KB article Q293783

  28. Introducing The First Windows Server 2003 Domain Controller In Forest • Once adprep has run, Windows Server 2003 Domain Controllers can join the forest • Two methods • Upgrade existing domain controller • Install Windows Server 2003 as member server and run dcpromo • Can choose any domain to hold the first Windows Server 2003 DC

  29. Introducing The First Windows Server 2003 Domain Controller In Forest • Upgrade of PDC emulator performs special operations • Creates group for Terminal Service, internal groups • Role transfer to Windows Server 2003 DC triggers same operations • Best practice • Install Windows Server 2003 as member server and promote to Domain Controller • Upgrade PDC to Windows Server 2003 early in the process • Or transfer PDC emulator role to Windows Server 2003 DC, even if temporarily only

  30. Upgrading from Windows 2000(Step by Step) • Inventory clients for compatibility with default security settings • Either install software (dsclient, SP) or relax settings • Apply schema fixes for Exchange and SFU if needed

  31. Upgrading from Windows 2000(Step by Step) • Inventory domain controllers in forest • Hot fixes • Recommended: SP3 • If not at SP3 please review hotfix and updates required: Q331161 has details • Disk space • DC health including AD replication • Run adprep /forestprep • In each domain, run adprep /domainprep

  32. Upgrading from Windows 2000(Step by Step) • Install Windows Server 2003 member server in forest root domain or any other domain of your choice • Promote member server to DC – monitor • Move Domain Naming Master role to Windows Server 2003 DC

  33. Upgrading from Windows 2000(Step by Step) • Upgrade existing Windows 2000 domain controllers • In each domain • Upgrade PDC emulator as soon as possible (or transfer PDC emulator role to Windows Server 2003 DC) • Once all DNS servers are running Windows Server 2003, move domain DNS data into application partition • Verify that DNM is still running on Windows 2003 DC

  34. Upgrading from Windows 2000(Step by Step) • When all DCs are upgraded • Switch forest to Windows Server 2003 functional level

  35. Domain restructuring with ADMT V-2 • Migrating To Windows Server 2003 • Restructure Activities • Active Directory Migration Tool Version 2.0

  36. Migrating To Windows Server 2003 • Most migrations from Windows NT 4.0 to Active Directory are a mix of in-place upgrades and restructuring • See “Best Practice Active Directory Design for Managing Windows Networks” for more information • http://www.microsoft.com/windows2000/techinfo/planning/activedirectory/bpaddsgn.asp

  37. Restructure Activities

  38. Active Directory Migration Tool Version 2.0 • Password migration • Windows NT 4.0 to Active Directory • Forest to forest • Scripting support • Command line support • Can also be used to migrate to Windows 2000 Active Directory

  39. ADMT

  40. Summary • Windows NT 4 to Windows Server 2003 upgrade very similar to Windows NT 4 to Windows 2000 upgrade • Windows 2000 Server to Windows Server 2003 upgrade is easy and requires no additional design planning • ADMT v2 makes restructuring easier

  41. Do More With Less

  42. © 2003 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

More Related