Determining Domain Migration Strategies |
The primary focus of this chapter is the initial migration from Windows NT to Windows 2000. Some of the restructuring methods described later in this chapter might prove useful during the post-migration period.
Though you might have a number of reasons for restructuring your domains, a major reason would be to take full advantage of Windows 2000 features. These features allow you to make better use of your domains to reflect the requirements of your organization. Some key benefits you gain by restructuring your domains include:
Greater Scalability. You might have designed your previous Windows NT domain structure around the size limitations of the SAM accounts database, leading you to implement a master or multiple-master domain model. With the vastly improved scalability of Active Directory, which scales to millions of user accounts or groups, you could restructure your current Windows NT domains into fewer, larger Windows 2000 domains.
Delegation of Administration. In your current model you might have implemented resource domains to allow administrative responsibility to be delegated. Windows 2000 OUs can contain any type of security principal, and administration can be delegated as you require. In many instances, converting resource domains into OUs is more appropriate for delegating administration.
Finer Granularity of Administration. To allow finer granularity of administrative responsibility, perhaps as a result of corporate acquisition, your domain structure could be connected by a complex mesh of trusts. You might consider implementing some of these domains as OUs to simplify administration, or you might redesign your domain model to benefit from fewer explicit trusts.
Note that the examples described in the next section do not require you to have completed an upgrade, though some of the restructuring methods might require that you have already upgraded a BDC in the domain you plan to restructure.