Windows Server 2003 La migrazione da Windows NT 4.0 a Windows Server 2003 Relatore: MCSE - MCT
Maintaining Network Operations During a Migration
Network Components Impacted by Migration Name resolution Remote access DHCP Work station environment not configured Name resolution Remote access DHCP Work station environment not configured Network services issues Compatibility with Windows Server 2003 Compatibility with Active Directory Compatibility with Windows Server 2003 Compatibility with Active Directory Application issues Internet Information Server Internet Information Server SQL Server SQL Server Exchange Server Exchange Server Authentication Active Directory replication Authentication Active Directory replication Network performance issues Domain controller Domain controller
The Effects of Migration on DNS Effects of Active Directory: DNS infrastructure must support Active Directory Domain controller must point to DNS servers that support Active Directory DNS infrastructure must support Active Directory Domain controller must point to DNS servers that support Active Directory Effects of a domain upgrade: Enables the configuration of zones to accept SRV records DNS zones hosted on a Windows Server 2003 domain controller can also be configured as Active Directory Integrated zones Enables the configuration of zones to accept SRV records DNS zones hosted on a Windows Server 2003 domain controller can also be configured as Active Directory Integrated zones Effects of a domain restructure: Primary zones must be on a system that supports Active Directory DNS must provide support for SRV resource records Primary zones must be on a system that supports Active Directory DNS must provide support for SRV resource records
How to Ensure Reliable DNS Service During a Domain Restructure To match Active Directory domains to DNS domains: Establish a DNS server in the target Windows Server 2003 domain 1 1 Promote a DNS server to a domain controller in the target domain 1 1 Configure a DNS server as the primary DNS server for Active Directory 2 2 Change any primary DNS zones to Active Directory-integrated zones 2 2 To match Active Directory domains to DNS domains: Install a DNS server in the target Windows Server 2003 domain 1 1 Move reverse lookup zones to a DNS server running Windows Server Integrate the new DNS server with the existing DNS servers 2 2 To ensure ongoing DNS name resolution on a DNS server running Windows Server 2003:
The Effects of Migration on WINS Effects of a domain upgrade: Does not affect: NetBIOS resolution WINS servers WINS fails during the first restart of the newly upgraded computer WINS functions properly after the computer’s database is automatically converted to a new version of the Jet database Does not affect: NetBIOS resolution WINS servers WINS fails during the first restart of the newly upgraded computer WINS functions properly after the computer’s database is automatically converted to a new version of the Jet database Effects of a domain restructure: NetBIOS client computers in source domain can connect to resources in target forest Migrated client computers can find resources in the source environment until the source WINS can be decommissioned NetBIOS client computers in source domain can connect to resources in target forest Migrated client computers can find resources in the source environment until the source WINS can be decommissioned
WINS in the Windows Server 2003 Environment During a Migration Maintain WINS when: Applications on the network cannot function without using NetBIOS Ensure that the migration deployment plan includes : A plan to determine the need for NetBIOS name resolution services Plans to deploy a server running WINS within the target domain, if necessary A plan to determine the need for NetBIOS name resolution services Plans to deploy a server running WINS within the target domain, if necessary
How to Maintain WINS for a Domain Restructure Determine if WINS is required 1 1 Plan to decommission the WINS servers 3 3 Integrate the WINS topology 2 2
The Effects of Migration on DHCP Effects of a domain upgrade: Dynamically assigned IP addresses are not distributed The DHCP server database is automatically upgraded You must authorize the DHCP server after installing Active Directory Dynamically assigned IP addresses are not distributed The DHCP server database is automatically upgraded You must authorize the DHCP server after installing Active Directory Effects of a domain restructure: DHCP services can be maintained in the existing source domain DHCP services can be moved to the target domain DHCP services can be maintained in the existing source domain DHCP services can be moved to the target domain
How to Ensure DHCP Operations in a Windows Server 2003-Based Environment Migrate DHCP services to the target domain early in the process 1 1 Provide backup DHCP services during an upgrade 3 3 Define a process to authorize the server running DHCP after an upgrade 4 4 Determine all scope options that must be configured 2 2
What Is a Null Session? Windows NT 4.0 Domain Controller Windows Server 2003 Domain Controller Null credentials Windows NT 4.0 Services running under the system account use connections that do not include a user name, password, or domain name RAS Server Null credentials Null credentials accepted Null credentials not accepted
The Effects of a Migration on RAS Effects of a domain upgrade: RAS and RRAS servers running Windows NT 4.0 use null sessions RAS authorization in a mixed environment: Contacts a BDC to determine user dial-in properties Authorizes dial-in users by accessing its local SAM database Has pre-Windows 2000 compatible access mode enabled for Active Directory RAS and RRAS servers running Windows NT 4.0 use null sessions RAS authorization in a mixed environment: Contacts a BDC to determine user dial-in properties Authorizes dial-in users by accessing its local SAM database Has pre-Windows 2000 compatible access mode enabled for Active Directory Effects of a domain restructure: RAS and RRAS servers running Windows NT 4.0 use null sessions Dial-in users may be denied access RAS and RRAS servers running Windows NT 4.0 use null sessions Dial-in users may be denied access
How to Ensure Null Sessions During a Migration To configure Active Directory to allow access for the Pre-Windows 2000 Compatible Access group, do one of the following: Set the Active Directory permissions to be compatible with server products earlier than Windows or- Add the Everyone and Anonymous Logon groups to the Pre-Windows 2000 Compatible Access built-in group
How to Ensure RAS Sessions During a Migration Enable compatible access permission in Active Directory Migrate all RAS and RRAS servers running Windows NT 4.0 Determine how to migrate remote access servers in the Windows NT 4.0-based domains Eliminate anonymous connections to domain controllers Identify any additional Remote Access Policy settings
The Purpose of LAN Manager Replication Service and FRS LAN Manager Replication Service NETLOGON Shared Folder NETLOGON Shared Folder Windows NT 4.0 Windows Server 2003 SYSVOL Replication FRS Logon Scripts System Policies
The Effects of Migration on Logon Scripts Effects of a domain upgrade: Logon scripts stored in the NETLOGON shared folder are not affected Client computers run logon scripts assigned to the user account or computer account Logon scripts stored in the NETLOGON shared folder are not affected Client computers run logon scripts assigned to the user account or computer account Effects of a domain restructure: Logon scripts continue to process for copied and moved user accounts if the logon scripts are migrated to the target domain Logon scripts that are not migrated will not process for accounts that have been copied or moved to a new domain Logon scripts continue to process for copied and moved user accounts if the logon scripts are migrated to the target domain Logon scripts that are not migrated will not process for accounts that have been copied or moved to a new domain
How to Migrate Logon Scripts to Group Policy Windows NT 4.0 logon scripts must be migrated to the NETLOGON shared folder Bridging ensures contents of NETLOGON shared folder are identical in both source and target domains Logon scripts can be converted to Group Policy Identify all of the logon scripts in the NETLOGON shared folder 1 1 Determine where to apply Group Policy scripts in Active Directory 3 3 Determine if logon scripts can be removed from the network 2 2
How to Maintain Applications Identify the applications that you need to test 1 1 Resolve application compatibility problems 3 3 Deploy or distribute applications and solutions 4 4 Identify application compatibility problems 2 2 Leave incompatible applications on a member server running Windows NT
How to Plan for Authentication Traffic During a Migration Network servers used during authentication: DHCP server, DNS server, domain controller, global catalog server To optimize authentication in an upgraded domain: Deploy all sites and subnets defined in the Active Directory design Place a domain controller in each site where Active Directory- aware clients will be deployed Place a global catalog server at remote sites Provide WINS servers for legacy clients not running DS Client software Deploy all sites and subnets defined in the Active Directory design Place a domain controller in each site where Active Directory- aware clients will be deployed Place a global catalog server at remote sites Provide WINS servers for legacy clients not running DS Client software
How to Plan for Migration-Related Replication Traffic Migration-related replication traffic is controlled by scheduling and configuring replication between sites Create sites, subnets, and site links after installing the first domain controller in the forest All subsequent upgraded domain controllers are automatically placed in the appropriate sites based on their IP addresses