Lesson 4: Assessing Directory Replicator Service and RRAS

This lesson examines the Routing and Remote Access Service (RRAS) and the Directory Replicator Service in Windows NT to plan for their migration and the new functionality in the Windows 2000 migrated environment.

After this lesson, you will be able to

  • Assess the requirements of RRAS and directory replication support in Windows 2000.

Estimated lesson time: 10 minutes

Directory Replicator Service

The Windows NT Directory Replicator service uses the LAN Manager Replication Service to ensure consistency of logon scripts, system policies, and other data required by domain controllers (such as SMS files if SMS is installed). In this scenario, a server is designated as the export server while others are designated as import computers. By default, information is contained in the %systemroot%\System32\Repl folder. In contrast, the Windows 2000 File Replication Service (FRS) uses multiple-master replication in that every domain controller maintains a Sysvol folder, and a change to one domain controller's folder will replicate to all the domain controllers.

Remember to take inventory of which Windows NT systems have been designated as export servers, which are import servers, and the location of users' profiles, logon scripts, and policies. Depending on the size and type of migration, you might also need to plan for parallel operation of the Windows 2000 File Replication Service and the Windows NT LAN Manager Replication Service. You can automate a fix to help the two services work together by using the Lbridge.cmd script file contained in the Microsoft Windows 2000 Server Resource Kit. Lbridge.cmd is discussed in more depth in Chapter 6, "Performing an Upgrade."

Because of the incompatibility of Windows 2000 FRS and Windows NT replication services, wherever possible, you should try to migrate the Windows NT import computers prior to the export server. Migrate the export server only after the last import computer has been migrated to Windows 2000 to ensure that all Windows NT import computers will continue to receive updates via the Directory Replicator service.

Routing and Remote Access Service

During migration, users might have trouble dialing in to their RRAS server while the network is running in mixed mode. Wherever possible, try to migrate all your routing and remote access services at once; otherwise, you might find sporadic instances in which users can't log on to the domain via RRAS. This is because Windows NT RAS (Remote Access Service) and RRAS use the LocalSystem account to determine a user's dial-in settings, such as whether they have dial-in permission and which call-back settings have been enabled.

The initial dial-in connection uses the LocalSystem account and so it initially connects to a Windows NT system using NULL credentials, meaning that the RAS service itself doesn't require a user name or password, although the user logging on will require their own logon user name and password. Null credentials are not supported in Windows 2000 Active Directory. The only way to ensure that users can log on in a mixed environment is to do one of the following:

  • Place RAS on a Windows NT backup domain controller, which will authenticate users by accessing its local SAM database.
  • Relax Windows 2000 Active Directory security by allowing the Everyone group permission to read user object attributes. Note that this is the built-in Everyone group and not the Authenticated Users group. The Everyone group includes anonymous users who don't have an account in Active Directory. It's also a potential security hazard because it affects other areas and should be considered during the migration planning stage.

Lesson Summary

In this lesson, you learned the importance of analyzing your Directory Replicator service, why the export server should be the last one to be migrated, and how the command called Lbridge.cmd can allow Windows 2000 File Replication Service and Windows NT's Directory Replicator service to coexist. This lesson also stressed the importance of migrating Windows NT RRAS as soon as possible. Finally you learned when migrating Windows NT RRAS to Windows 2000, it might be necessary to weaken security during the migration unless you move all RAS services to a backup domain controller and migrate the BDC last.

MCSE Training Kit (Exam 70-222. Migrating from Microsoft Windows NT 4. 0 to Microsoft Windows 2000)
MCSE Training Kit (Exam 70-222): Migrating from Microsoft Windows NT 4.0 to Microsoft Windows 2000 (MCSE Training Kits)
ISBN: 0735612390
EAN: 2147483647
Year: 2001
Pages: 126

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net