Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

Windows NT 4.0

advertisement 
Windows Server 2003
La migrazione da Windows NT 4.0
a Windows Server 2003
Relatore: Corrado.Cappucci@pipeline.it
MCSE - MCT
Upgrading Domains
The Domain Upgrade Process
A domain upgrade:
 Upgrades a PDC to Windows Server 2003 and Active Directory
 Maintains existing users, groups, computers, and applications
1
2
3
Prevent domain controller overload
4
Install Active Directory
5
Verify domain controller operations
6
Upgrade Windows NT 4.0 BDCs
Upgrade the PDC to Windows Server 2003
Install and configure DNS
Effects of a Domain Upgrade on Groups
Forest and domain
functional levels
Windows NT 4.0
(original domain)
Windows 2000 Mixed
(allows multiple operating
systems)
Windows 2000 Native
(allows multiple operating
systems)
Windows Server 2003
Interim
Windows Server 2003
Local
Global
Domain
Local
Universal
Effects of a Domain Upgrade on Trust
Relationships
Windows NT 4.0 Domains
Upgrade
2 One-Way
Non-Transitive
Trust
Acct1
Windows Server 2003 Domains
Acct2
One-Way
Non-Transitive
Trust
One-Way
Non-Transitive
Trust
2-Way
Transitive
Trust
2-Way
Transitive
Trust
Res1
Forest
Root
Acct1
Res1
To protect resource security:
1
Audit memberships in all administrative groups
2
Review DACLs for important resources
2-Way
Transitive
Trust
Acct2
Implications of Upgrading a PDC
What happens during a PDC upgrade?
The forest functional level can be set at either:
 Windows 2000 mixed
 Windows Server 2003 interim
Security level permissions are set at either:
 Permissions compatible with pre-Windows 2000
 Permissions compatible only with Windows 2000 or
Windows Server 2003
The upgraded PDC holds the PDC emulator operations
master role
How to Upgrade a Windows NT 4.0 PDC
To upgrade a PDC:
1
Select Upgrade for the
installation type
2
Configure partitions as NTFS
3
Verify that you are using a
static IP address
4
Configure DNS client settings
5
Install Active Directory
Best practice to add additional
domain controllers:
1
Add a newly installed domain
controller
2
Transfer operations master
roles
3
Reformat disk on upgraded
domain controller and
perform a clean installation
4
Transfer back any operations
master roles
Process minimizes adverse effects
from any corrupted data on the PDC
prior to upgrade
How to Verify Domain Controller Operations
At this point a complete recovery is still possible without any data loss
To verify Active Directory is functional:
1
2
3
Verify trust relationships
4
Verify successful logon
Verify new user accounts can be created
Verify new user object replication
Diagnostic tools:
Use dcdiag.exe to verify the Active Directory service
Use Repadmin.exe/showreps to verify the parent domain
Use nltest.exe/bdc_query:domainname to verify the BDC
replication status
How to Develop a Recovery Plan for a Domain
Upgrade
Recovery plan:
Details steps to roll back
directory services migration
Rollback strategy:
A plan to return production environment
to the state before changes
To ensure that a domain can be rolled back:
Add a BDC to any domain that contains only a single domain controller
Document configuration of services and applications
Back up all services and applications to tape
Synchronize all BDCs with PDC
Take a fully synchronized BDC offline before upgrades are performed
Periodically start protected BDC while still in Windows 2000 mixed domain
Recovery tasks:
Remove all computers running Windows Server 2003
Promote the offline BDC to a PDC
How to Prevent the Domain Controller from
Overloading
Overload occurs when too many client computers request
authentication from too few domain controllers
1
On the domain controller to be upgraded, browse to
HKEY_LOCAL_MACHINE\SYSTEM\ CurrentControlSet\Services\
Netlogon\Parameters
2
Add the REG_DWORD entry NT4Emulator with the value 1
3
Repeat the procedure on each domain controller
4
After additional domain controllers have been added, set the
value of the NT4Emulator registry key to 0, or delete the key
How to Neutralize Windows NT 4.0 Domain
Controller Emulation
The Active Directory installation will fail if the domain controller is
configured to prevent domain controller overload
1
On the client computer, browse to HKEY_LOCAL_MACHINE\
SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
2
Change the DWORD value
3
Use NeutralizeNT4Emulator for the new entry name
4
Double-click the new entry name
5
In the Edit DWORD Value dialog box, type 1
6
Click Registry, and then click Exit
How to Add Additional Domain Controllers
Add additional domain controllers for fault tolerance
and load balancing
Options:
Add new servers running Windows Server 2003 to the domain and
then install Active Directory
Take a Windows NT 4.0 BDC offline, reformat hard disk, then install
Windows Server 2003 and Active Directory
Upgrade a Windows NT 4.0 BDC to Windows Server 2003
Process for upgrading a Windows NT 4.0 BDC:
1
Upgrade operating system to Windows Server 2003
2
Run the Active Directory Installation Wizard
How to Complete the Upgrade
To complete the domain upgrade:
1
Reconfigure the DNS service
2
Add Windows NT 4.0 BDCs to the domain if necessary
3
Eliminate anonymous connections to domain controllers
4
Raise domain and forest functional levels
5
Move users and computers to an OU
Related documents
THINGS TO CONSIDER WHEN CHOOSING A SOFTWARE PACKAGE
THINGS TO CONSIDER WHEN CHOOSING A SOFTWARE PACKAGE
If you are requesting an upgrade for existing equipment (hardware
If you are requesting an upgrade for existing equipment (hardware
Equipment and Laboratory Infrastructure Renovation Awards (5-20-10)
Equipment and Laboratory Infrastructure Renovation Awards (5-20-10)
Preoperative Information - Cornerstone Animal Hospital
Preoperative Information - Cornerstone Animal Hospital
Download
advertisement