Determining Domain Migration Strategies

Previous Topic Next Topic

Domain Migration Considerations

This section takes you through the important planning and preparation activities you must undertake for any migration. Your own planning process will determine the exact steps, but the following sections highlight areas you need to consider.

Upgrade Decisions

Consider the following questions when determining how to upgrade your domains:


note-icon

Note

You cannot switch the domain to native mode until all the domain controllers have been upgraded.

Restructure Decisions

Consider the following questions when determining whether and how to restructure your domains:


note-icon

Note

It is recommended that you restructure after completing the upgrade but before using features such as application deployment or the new Group Policy. If you restructure after some of these features have been used, it can create more difficulties than if the restructure had taken place at the beginning of the migration process.

Application Compatibility

After you have decided how you will perform the overall domain migration, it is important to determine whether your business applications are compatible with Windows 2000. This step is critical to the success of your deployment and must be done before you decide how and when to migrate your application servers. After you have identified your strategic applications, be sure to include them in your test plan. All strategic applications must be tested before beginning the migration process. For more information about migrating application servers, see "Upgrading and Installing Member Servers" in this book.

Some important questions you need to ask about your applications include the following:


note-icon

Note

You might not want to maintain Windows NT 3.51 servers in your resource domains, because Windows NT 3.51 does not support universal or domain local group membership. Windows NT 3.51 does not recognize the SIDhistory capability for user accounts that move between Windows 2000 domains.

Knowing the answers to these questions will help you formulate a test plan covering the important test cases. It will also help you develop a project risk assessment that spells out the implications of various applications not functioning correctly, including any proposed mitigation.

For more information about testing your business applications, see "Testing Applications for Compatibility with Windows 2000" in this book.


note-icon

Note

Some application services designed for Windows NT, such as Windows NT Routing and Remote Access Service (RRAS), assume unauthenticated access to user account information. The default security permissions of Active Directory do not allow unauthenticated access to account information. The Active Directory Installation Wizard gives you the option of configuring Active Directory security for compatibility by granting additional permissions. If you feel that loosening the security of Active Directory to allow the use of RRAS servers would compromise your security policy, you need to upgrade these servers first.

If you are using LAN Manager Replication Service to replicate scripts within the domain, then you need to upgrade the server hosting the export directory last.

Interoperability Requirements

The next step is to consider the extent to which your Windows 2000 system needs to interoperate with both Windows legacy systems and non-Microsoft operating systems. If you plan to maintain a heterogeneous environment that includes network operating systems other than Windows 2000, you need to determine which legacy applications and services must be retained or upgraded to maintain acceptable functionality across all platforms.

Interoperability considerations have two aspects:

Disk Storage Requirements for Active Directory Objects

Early in your migration planning, it is important to consider how much disk space you will need to store the objects required by Active Directory. The total disk space required depends on the size of your Windows 2000 forest. For information about designing this forest, see "Designing the Active Directory Structure" in this book.

Table 10.3 shows the disk space requirement for each type of Active Directory object.

Table 10.3 Disk Space Required for Active Directory Objects

Object Disk Space Required (bytes)
User object 3.6K
Organizational unit (OU) object 1.1K
Attribute (10 bytes) 100
Public key certificate (X.509 v3 certificate issued by Windows 2000 Certificate Services) 1.7K

© 1985-2000 Microsoft Corporation. All rights reserved.