Getting Ready to Upgrade

   

If any domain controllers in your environment are running Windows NT version 4.0, you must complete the process for upgrading from Windows NT 4.0 to Windows Server 2003. For information about upgrading from Windows NT 4.0 to Windows Server 2003, see Chapter 16 , "Upgrading from Windows NT 4.0."

To successfully upgrade Windows 2000 domains to Windows Server 2003, you must be familiar with Active Directory domain and forest functional levels. You can initiate an upgrade from Windows 2000 to Windows Server 2003 in one of two ways:

  • By upgrading an existing Windows 2000 “based domain controller to Windows Server 2003.

  • By using the Active Directory Installation Wizard to install Active Directory on a Windows .NET “based member server.

Active Directory Preparation Tool

To prepare the Windows 2000 domain for the upgrade to Windows Server 2003, you must use the Active Directory Preparation tool (ADPrep.exe). After the upgrade, you can take advantage of application directory partitions. You can run ADPrep.exe only from a command line.

ADPrep.exe prepares the forest and the domain for an Active Directory upgrade by performing a collection of operations prior to installation of the first Windows Server 2003 domain controller. ADPrep.exe is located on the Microsoft Windows .NET Server operating system CD. ADPrep.exe copies the files 409.csv and dcpromo.csv from the installation CD or from a network installation point to the local computer to prepare the Active Directory forest and domain.

The ADPrep.exe tool merges your current schema with new schema information that the tool provides, preserving previous schema modifications in your environment. You must successfully run adprep /forestprep in a forest before you can prepare the domain by using adprep /domainprep . Run adprep /forestprep on the schema operations master. Within each domain in which you plan to install a Windows .NET domain controller, you must successfully run adprep /domainprep on the infrastructure operations master before you upgrade the first domain controller or join a Windows .NET member server or stand-alone server as an additional domain controller. To prepare your Active Directory forest and domain for the upgrade to Windows Server 2003, ADPrep.exe performs the following tasks :

  • Updates the Active Directory Schema

  • Improves default security descriptors

  • Upgrades display specifiers

  • Adjusts access control lists on Active Directory objects and on files in the Sysvol shared folder to allow domain controller access

    In versions of Windows earlier than Windows Server 2003, including the Everyone security identifier (SID) in an ACL or group membership allows authenticated users, guest users, and anyone with an anonymous logon to gain access to many resources. Windows 2000 domain controllers also use anonymous access to gain control of some Active Directory objects and files. In Windows Server 2003, the Everyone SID no longer allows access to anonymous users, thus restricting domain controller access to particular objects. ADPrep.exe adjusts the ACLs on these objects so that domain controllers can still access them.

  • Creates new objects that are used by applications such as COM+ and Windows Management Instrumentation (WMI)

  • Creates new containers in Active Directory that are used to verify that the preparation was successful

Each time it runs, ADPrep.exe creates a log file that can help you troubleshoot errors. The log file documents each step of the forest preparation process. Each ADPrep log file is located in a subfolder within the %SystemRoot%\system32\debug\adprep directory. Each subfolder is stamped with the date and time when ADPrep was run.

When you are upgrading a Windows 2000 domain controller to Windows Server 2003, Winnt32.exe verifies that the forest and domain have been prepared. If you have not prepared the forest and the domain in which the new domain controller will be a member, Winnt32.exe fails, the upgrade terminates, and you are notified that you must run ADPrep.exe. You cannot upgrade Windows 2000 domain controllers to Windows .NET before running ADPrep.exe.

Application Directory Partitions

If at least one domain controller in your forest is running Windows Server 2003, you can take advantage of application directory partitions, which provide storage for nondomain, application-specific data that can be replicated to any arbitrary set of domain controllers. (See Chapter 3 , "Active Directory.")

In Windows Server 2003, application directory partitions can be used to store Domain Name System (DNS) data. If the person who initializes the Active Directory installation is a member of the Enterprise Admin group, DNS-specific application directory partitions are created automatically on all existing DNS servers during the Active Directory installation. If application directory partition creation fails during the installation, the DNS service will attempt to create the partitions again when the computer is restarted after Active Directory is installed. You must be a member of the Enterprise Admin group to create DNS-specific application directory partitions.

During the Active Directory installation, two DNS-specific application directory partitions are created: a forestwide application directory partition named ForestDnsZones and a domainwide partition named DomainDnsZones for each domain in the forest. After upgrading all domain controllers in a domain to Windows Server 2003, you can specify the replication scope for each existing Active Directory “integrated zone by moving the zone into the newly created application directory partition. Moving Active Directory “integrated DNS zones into application directory partitions has the following benefits:

  • Active Directory “integrated DNS can be used forestwide because the forestwide application directory partition can replicate outside the domain. You do not have to use conventional DNS zone transfer to replicate the zone file information to DNS servers outside the domain.

  • Domainwide replication can be targeted to minimize replication traffic. Administrators can specify which of the domain controllers that are running the DNS service receive the DNS zone data.

  • Forestwide replication can be targeted to minimize replication traffic because DNS information is no longer replicated to the global catalog.

For more information about using application directory partitions for DNS information, see "Use DNS Application Directory Partitions" later in this chapter.

Supported Upgrade Paths

To determine whether you can upgrade your computers to Windows Server 2003 or must perform a clean operating system installation, you must first identify the versions of Windows 2000 that are running in your environment. Table 17-1 lists the Windows 2000 platforms, indicating platforms that can be upgraded directly to each edition of Windows Server 2003.

Table 17-1. Supported Upgrade Paths to Windows Server 2003

Platform

Upgrade to Windows Server 2003, Standard Edition

Upgrade to Windows Server 2003, Enterprise Edition

Upgrade to Windows Server 2003, Datacenter Edition

Windows 2000 Professional

No

No

No

Windows 2000 Server

Yes

Yes

No

Windows 2000 Advanced Server

No

Yes

No

Windows 2000 Datacenter Server

No

No

Yes

Hardware Requirements

Review and document the existing hardware configuration and operating system of each computer that you plan to upgrade. Use this information to identify the computers that you can upgrade to Windows Server 2003 and the computers that you must decommission or return to member server status. The recommended minimum hardware requirements for a member server running Windows Server 2003, Standard Edition, are as follows :

  • 550-MHz processor

  • 256 MB of memory

  • 1.5 GB of free disk space

On domain controllers, allow more available disk space to support the Active Directory database and log files. Use the following guidelines to determine how much disk space to allot for your Active Directory installation:

  • On the drive that will contain the Active Directory database template, NTDS.dit, provide available space equal to 10 percent of your existing database size , or at least 250 MB.

  • On the drive containing the Active Directory ESENT transaction log files, provide at least 50 MB of available space.

Tip

For optimum performance, store the Active Directory database, Active Directory log files, and Windows .NET operating system on separate physical hard disks.


Test Tools and Logs

It's important to develop a plan for testing your upgrade procedures throughout the upgrade process. Be sure to test the state of your existing domain controllers before beginning your upgrade to ensure that they are functioning properly and throughout the upgrade process to verify that Active Directory replication is consistent and functioning properly. Table 17-2 lists the tools and logs that you can use to verify that your upgrade procedures are successful.

Table 17-2. Tools and Logs Used to Test Upgrade Procedures  

Tool/Log File

Description

Location

Repadmin.exe

Checks replication consistency and monitors both inbound and outbound replication partners. Displays replication status of inbound replication partners and directory partitions.

Windows Server 2003 CD-ROM in the \Support\Tools directory

Dcdiag.exe

Diagnoses the state of domain controllers in a forest or enterprise; tests for successful Active Directory connectivity and functionality; returns the results as passed or failed.

Windows Server 2003 CD-ROM in the \Support\Tools directory

Netdiag.exe

Diagnoses networking and connectivity problems by performing a series of tests to determine the state of your network client and whether it is functional.

Windows Server 2003 CD-ROM in the \Support\Tools directory

Nltest.exe

Queries and checks the status of trusts and can forcibly shut down domain controllers.

Windows Server 2003 CD-ROM in the \Support\Tools directory

Dnscmd.exe

Diagnoses DNS registration and zone issues by allowing an administrator to view the properties of DNS servers, zones, and resource records.

Windows Server 2003 CD-ROM in the \Support\Tools directory

Adprep log

Provides a detailed progress report of the forest and domain preparation process.

%SystemRoot%\system32\ debug\adprep directory

DcpromoUI.log

Provides a detailed progress report of the Active Directory installation. Includes information regarding replication and services as well as applicable error messages.

%SystemRoot%\debug directory

ADSIEdit.exe

A Microsoft Management Console (MMC) snap-in that acts as a low-level editor for Active Directory and allows you to view, add, delete, and move objects and attributes within the directory.

Windows Server 2003 CD-ROM in the \Support\Tools directory


   
Top


Introducing Microsoft Windows Server 2003
Introducing Microsoft Windows Server(TM) 2003
ISBN: 0735615705
EAN: 2147483647
Year: 2005
Pages: 153

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net