Domain Migration Considerations

This section takes you through the important planning and preparation activities you must undertake for any migration. Your own planning process will determine the exact steps, but the following sections highlight areas you need to consider.

Upgrade Decisions

Consider the following questions when determining how to upgrade your domains:

• Is upgrade appropriate for you?

  You will probably answer "yes" if some or all of the following conditions are true:

  • You are happy with your current domain structure.
  • You are happy with much of your domain structure and can carry out a two-phase migration: upgrade to Windows 2000, then restructure to fix any problems.
  • You feel you can manage the migration without impacting your production environment.
• In what order do you need to upgrade?

  The answer depends on whether you are referring to order of upgrade of domain controllers or order of upgrade of domains:

• In what order do you need to upgrade domain controllers?

  Within a domain, the order of upgrade is straightforward. You need to upgrade the PDC first, but be aware of possible complications, such as the use of LAN Manager Replication Service in the domain to be upgraded, with the PDC hosting the export directory. In this case you need to change the export directory host before upgrading the PDC. For more information on LAN Manager Replication, see "LAN Manager Replication Service Process" later in this chapter.

• In what order do you need to upgrade domains?

  You will experience easier administration and delegation if you upgrade your account domains first. You then need to upgrade your resource domains.

• In what order do you need to upgrade servers and clients?

  You can upgrade servers and clients at any time. This does not depend on a Windows 2000 infrastructure.

• When do you need to switch the domain to native mode?

  You need to switch the domain to native mode as soon as possible to have access to full Windows 2000 functionality, such as better directory scalability, universal and domain local groups, and group nesting.

Note

You cannot switch the domain to native mode until all the domain controllers have been upgraded.

Restructure Decisions

Consider the following questions when determining whether and how to restructure your domains:

• Do you need to restructure?

  You will probably answer "yes" if some or all of the following conditions are true:

  • You are happy with much of your domain structure and can carry out a two-phase migration: upgrade to Windows 2000, then restructure to fix any problems.
  • You are unhappy with your current domain structure.
  • You feel you cannot manage the migration without impacting your production environment.
• When do you need to restructure?

  The answer depends on the reason you are restructuring.

  • If you can solve your migration requirements by doing a two-phase migration, then you need to restructure after upgrade.
  • If you feel your domain structure cannot be salvaged (for example, if you decide you need to redesign your directory services infrastructure to take advantage of the enhanced capabilities of Active Directory), you need to restructure at the beginning of the migration process.
  • If you feel you cannot avoid impacting your production environment, you need to restructure at the beginning of the migration process.

Note

It is recommended that you restructure after completing the upgrade but before using features such as application deployment or the new Group Policy. If you restructure after some of these features have been used, it can create more difficulties than if the restructure had taken place at the beginning of the migration process.

Application Compatibility

After you have decided how you will perform the overall domain migration, it is important to determine whether your business applications are compatible with Windows 2000. This step is critical to the success of your deployment and must be done before you decide how and when to migrate your application servers. After you have identified your strategic applications, be sure to include them in your test plan. All strategic applications must be tested before beginning the migration process. For more information about migrating application servers, see "Upgrading and Installing Member Servers" in this book.

Some important questions you need to ask about your applications include the following:

• Will the application run on Windows 2000?

  If the answer is "no," this might have implications for your upgrade plans.

• Does the application need to run on a BDC?

  If the answer is "yes," and the application will not run on Windows 2000, it will be difficult to switch the upgraded domain to native mode.

• Do you have contacts with your application software vendors?

  If you experience problems running the application on Windows 2000, you need to be aware of how the application vendor plans to provide support for Windows 2000.

• If the application was internally developed, do you have plans to develop a Windows 2000 version?

  If the application cannot run on Windows 2000, you need to be aware of any plans to provide Windows 2000 support.

• What operating systems do you have deployed on your clients and servers?

  The answer to this has implications for your migration path. Certain software upgrade paths to Windows 2000 are not supported (for example, from Windows NT 3.5).

Note

You might not want to maintain Windows NT 3.51 servers in your resource domains, because Windows NT 3.51 does not support universal or domain local group membership. Windows NT 3.51 does not recognize the SIDhistory capability for user accounts that move between Windows 2000 domains.

Knowing the answers to these questions will help you formulate a test plan covering the important test cases. It will also help you develop a project risk assessment that spells out the implications of various applications not functioning correctly, including any proposed mitigation.

For more information about testing your business applications, see "Testing Applications for Compatibility with Windows 2000" in this book.

Note

Some application services designed for Windows NT, such as Windows NT Routing and Remote Access Service (RRAS), assume unauthenticated access to user account information. The default security permissions of Active Directory do not allow unauthenticated access to account information. The Active Directory Installation Wizard gives you the option of configuring Active Directory security for compatibility by granting additional permissions. If you feel that loosening the security of Active Directory to allow the use of RRAS servers would compromise your security policy, you need to upgrade these servers first.

If you are using LAN Manager Replication Service to replicate scripts within the domain, then you need to upgrade the server hosting the export directory last.

Interoperability Requirements

The next step is to consider the extent to which your Windows 2000 system needs to interoperate with both Windows legacy systems and non-Microsoft operating systems. If you plan to maintain a heterogeneous environment that includes network operating systems other than Windows 2000, you need to determine which legacy applications and services must be retained or upgraded to maintain acceptable functionality across all platforms.

Interoperability considerations have two aspects:

• What are the interoperability requirements with respect to operating in a heterogeneous environment?

  This encompasses the degree to which the migrated environment needs to interoperate with other operating systems and network services.

  Important considerations might include:

  • The need to maintain pre–Windows 2000 clients, which means that you have to plan to maintain services such as Windows Internet Name Service (WINS) to support name resolution.
  • The need to maintain pre–Windows 2000 domains, which means that you need to maintain and manage explicit trusts.
  • The need to interoperate with non-Microsoft operating systems, such as UNIX. This could be a reason for rapid migration to enable widespread use of the Kerberos authentication.
• What are the interoperability requirements with respect to the source environment? (Where you are migrating from?)

  Managing a transitional environment can be a complex task and needs careful planning, as described in the following sections.

Disk Storage Requirements for Active Directory Objects

Early in your migration planning, it is important to consider how much disk space you will need to store the objects required by Active Directory. The total disk space required depends on the size of your Windows 2000 forest. For information about designing this forest, see "Designing the Active Directory Structure" in this book.

Table 10.3 shows the disk space requirement for each type of Active Directory object.

Table 10.3 Disk Space Required for Active Directory Objects

© 1985-2000 Microsoft Corporation. All rights reserved.