MIGRATING TO WINDOWS SERVER 2003 & ACTIVE DIRECTORY: 3 COMMON SCENARIOS
By Mike Leptuck, Technology Consultant
Like it or not, Microsoft with their Windows 2003 Server and Active Directory products is
now the de facto provider of enterprise Directory Services in the IT world of today. From a
small practice running Microsoft Small Business Server 2003 for their one server and five PC
clients to large healthcare systems spanning multiple states with tens of thousands of users
and end computing devices, there’s no denying the scalability and relative stability of
Windows 2003 and Active Directory (AD).
For companies who have yet to jump on the Windows 2003 AD bandwagon, the relative ease of
moving to this platform (there are now many very efficient and effective tools to help plan
and execute the migration process), the relative maturity of the 2003 Server environment, and
the ubiquitous nature of Windows 2003 support from application vendors makes this move almost
compulsory.
There are typically three main migration/upgrade paths to Windows 2003 AD. Each has its own
varying degrees of planning, potential pitfalls, and relative ease. I’ll briefly
describe each of these three scenarios.
The first scenario I’ll touch upon is migrating from a Windows NT 4.0 domain
environment to Windows 2003 and AD. Some of the more obvious reasons for migrating away from
NT 4.0 are the fact this product is no longer officially supported by Microsoft
(as of 12/31/2004), lack of scalability to accommodate large enterprise environments, lack of
easy centralized management of resources, and reliance on a non-standard and antiquated
communication methodology between servers and clients (WINS).
There are two options when moving from NT 4.0 to 2003 AD, upgrade and migration. An upgrade
entails taking the existing domain structure (users, groups, computer objects, servers, etc.)
and upgrading them in-place as-is into an AD forest. Of course, if you have abandoned or
corrupt accounts in your old NT 4.0 domain, you are simply importing these into your brand new
pristine AD environment, so extensive preparation and housekeeping is in order BEFORE the
upgrade takes place. Upgrades are usually only a realistic option for smaller network
configurations.
A migration from NT 4.0 to AD typically involves constructing the new forest/domain
structure in parallel to the existing 4.0 domain(s) and using Microsoft’s Active
Directory Migration Toolkit (ADMT) to do most of the ’heavy lifting’. Migrations
are ideally suited for when you wish to collapse multiple NT 4.0 domains into one unified
enterprise forest. Migrations also allow a great deal of flexibility in reconfiguration of
users, machines, and resources within the new forest structure. Properly provisioned and
implemented AD domains can easily compartmentalize management roles and tasks, and allows the
enterprise-level administrators to safely delegate administrative tasks to subordinate
administrators by location, department, role, and so on.
The second common migration path to 2003 AD is a simple upgrade from an existing Windows
2000 AD infrastructure. While this scenario is becoming more and more common, there is a lot
less vital impetus to make this move today. Migrating to 2003 AD from 2000 AD typically will
not provide marked changes or improvements to the general user populace, but there are
significant changes on the administration and management side of the directory itself. These
changes allow for a get deal of latitude in re-design of the domains within the forest, and
also provide tools to greatly help forest-to-forest administration, things not available in a
Windows 2000 AD infrastructure. Realistically, no migration tools or interfaces are required;
simply the introduction of Windows 2003 Domain Controllers into the existing 2000 AD forest
and then some additional AD housekeeping and conversion are sufficient to affect this upgrade.
Finally, the third common migration path is a scenario involving a move from Novell’s
eDirectory (once known as NetWare Directory Services or NDS) to a Windows-based directory
environment. While seemingly not too long ago, Novell and their NetWare product were the
standard for delivering Directory Services and a File and Print provider platform in one
package, the company’s focus has long since moved away from this arena into many smaller
ancillary networking and Directory Services products and solutions. A migration of this
nature is typically the most involved and involves implementing a ‘connector’ or
interface between the two disparate Directory Services for transfer and synchronization of the
relevant data.
For many years Microsoft was very lax in providing robust migration tools to support a
NetWare to Windows migration, but with the introduction of the Microsoft Directory
Synchronization Service (MSDSS) and Microsoft File Migration Utility several years ago, they
have provided administrators with very powerful tools with which to first migrate objects such
as users and groups from NDS into AD, then migrate files and data from the NetWare File System
(NFS) to the NT File System (NTFS), and finally, these tools allow the administrator to
migrate access rights associated with these files from NDS (in which they are stored in
NetWare), to the NTFS file system (where they are stored in the Windows World).
Needless to say, this brief overview of migrating to Windows 2003 and Active Directory
barely scratches the surface of what is involved in planning and facilitating such a project.
If you’d like to hear more about what is involved with such a move and how Vitalize
Consulting Solutions Inc. can make this migration happen for your enterprise, please contact
me at mleptuck@getvitalized.com.