When setting out to perform the restructure of a domain, you must consider a number of planning issues prior to the actual migration. This lesson identifies some of these issues and begins the process of planning the pristine environment.
After this lesson, you will be able to
Estimated lesson time: 30 minutes
Figure 8.1 shows a sample flowchart of a restructure process.
Figure 8.1 Flowchart of the restructure process
The entire restructure depends on the design phase. Prior to any migration taking place, you'll need to have a comprehensive document detailing the site, domain, and OU structure of your pristine environment. The document should also include in-depth information on the following:
This list isn't exhaustive. The MCSE Training Kit—Microsoft Windows 2000 Active Directory Services covers planning and building your Active Directory in greater depth.
Chapter 5 covered issues that might affect the order of migration of domains. From a restructure perspective, you'll need to know the order of migration for your existing domains and where each of the Windows NT objects will be relocated. In an upgrade, you're more likely to tackle the largest accounts domain first. In a restructure, you're advised instead to begin with the smallest accounts domain. Should any problems occur, you can then modify how you handle the larger accounts domains.
One final point when planning and building your pristine environment: decide beforehand whether a domain in the pilot pristine environment will become your forest root, or whether you'll be scrapping it after the pilot and starting over with your newfound experience. If you're planning for this domain to become the root of your Active Directory forest, you'll need to plan and protect your schema from Active Directory pollution (attributes being filled with unnecessary information). This can occur if, after your first trial migration, you decide that an attribute isn't required either for legal or other reasons, yet it remains in the Active Directory until you remove it.
TIP
A method to protect against problems such as Active Directory pollution is to create an image copy of each server prior to each domain restructure performed. You can then quickly and efficiently reset your pristine environment at any time.
To install a server version of Windows 2000, you will need a machine that meets its minimum hardware requirements as listed in "Getting Started." Active Directory will install only onto a partition formatted with NTFS, so a suitable drive must be set up during installation. If you have proprietary hardware, you'll need to obtain the associated drivers to work with a Windows 2000 installation.
A server version of Windows 2000 can be installed by booting the target system from the Windows 2000 CD-ROM or by preparing a set of boot floppies. Further details on the Windows 2000 deployment process can be obtained from the MCSE Training Kit—Microsoft Windows 2000 Server. An evaluation copy of Microsoft Windows 2000 Advanced Server is included with this book.
Once you've installed a server version of Windows 2000, the next step is to install Active Directory. The first machine in a network to have Active Directory installed on it will become the root of the forest. It will also create a site called Default-First-Site-Name. You can rename this to reflect the nature of the actual site and then create and populate other sites as appropriate.
As discussed in Lesson 3, "Assessing DNS," of Chapter 4, DNS is the TCP/IP service that performs the mapping of host names to IP addresses. To review, it's possible that you will already have DNS servers on your network, which might not be based on Windows NT. To support Active Directory, these DNS servers must support the following:
The DNS server that is provided with Windows 2000 is suitable and has the extra benefit that it integrates the DNS zone storage into Active Directory. This integration enables it to perform zone replication without the need for a DNS replication topology. Windows 2000 DNS has the additional advantage that it can implement security on the DNS data.
DNS Namespaces
The first Windows 2000 system that you install must be the root of the name-space to be created. If you want to migrate users into domains that exist below the root of the namespace, you must create a placeholder domain first and then install other servers in domains below the root domain. The issue of DNS servers and namespace support should have been addressed as one of the aspects of migration planning.
The Windows 2000 OU hierarchy is one of the deliverables of the Active Directory design process. As part of the creation of the pristine environment, the hierarchy that was designed for it must be implemented so that users and resources can be migrated into it.
You've seen that a key component of the migration is a pristine environment. This environment will serve as the basis of the migration and the destination of the migrated objects during a restructure. In this practice, you'll totally rebuild both your servers. A pristine environment will be created on PC1. This pristine environment will be a forest root domain named trainkit.microsoft.com and have a fully qualified domain name of trainkit1.trainkit.microsoft.com and a host name of TRAINKIT1. On PC2, you'll create a Windows NT PDC called MIGRATE1 in a domain named MIGRATE.
You will be reformatting both of your existing systems; however, if you have a sufficiently large hard disk and are able to work with multiple operating systems, you might want to try installing a second copy of Windows 2000 on PC1. Unfortunately, with PC2, you can't install Windows NT on a system booting from version 5 of NTFS, the version used by Windows 2000. Even though Windows 2000 NTFS version 5 is supported via the new Ntfs.sys driver in Windows NT Service Pack 4 and higher, Windows NT Setup doesn't recognize it. When you convert to Active Directory, your NTFS file system is automatically upgraded to NTFS version 5.
To install Windows 2000 on PC1
You can use Windows 2000 Setup to reformat your hard disk if you want.
To install Active Directory
Figure 8.2 Windows 2000 Configure Your Server screen
The next screen will ask whether you want to proceed and install Active Directory, DHCP, and DNS.
You can type your own Internet name if you want to adapt this practice for your company; however, all the illustrations and references in the book will be using trainkit.microsoft.com.
The next two boxes will automatically update and display the Active Directory domain name, trainkit.microsoft.com, and the downlevel or NetBIOS version of the domain name, trainkit, as shown in Figure 8.3.
Figure 8.3 Selecting the Active Directory and NetBIOS domain names
In a few moments, the Windows Components Wizard starts and proceeds to install files.
Then the Configuring Active Directory page appears and shows the progress of the Active Directory installation, as shown in Figure 8.4.
Figure 8.4 Configuring Active Directory page
Depending on the speed of your machine, it might take a while for this task to complete. When the installation is complete, the system will restart.
Figure 8.5 Setting the IP address and subnet mask
To switch the trainkit.microsoft.com domain to native mode
A message box will appear telling you that you are now running in native mode.
To create an OU to hold the objects to be migrated
You should see the default containers for your domain.
Figure 8.6 Creating a new OU
This OU structure will be used by the practices in Chapter 9, "Restructure Tools."
Figure 8.7 OU structure for trainkit.microsoft.com domain
Figure 8.8 OU hierarchy as displayed in Active Directory Users And Computers
To complete the pristine environment setup
This completes the creation of a pristine Windows 2000 forest on PC1. You'll use this pristine forest to perform an inter-forest and an intra-forest restructure migration in Chapter 9. In a working environment you would also have created several OU structures, assigned GPOs, created users and groups, and migrated logon scripts and other planned activities.
Throughout Chapter 9, you will come across a variety of scripts, some of which do the same task. Please try to use or adapt whichever seems appropriate for your environment. All of them are useful for rebuilding and recreating test systems.
In this lesson, you learned that when planning a pristine environment, you need to consider the following: the roles that need to be identified for the domain controllers, whether the pristine environment will become the root domain, the issue of Active Directory pollution, and the importance of DNS. You also created and configured the pristine environment, including creating a hierarchy of OUs into which resources and users can be migrated.