This lesson examines the Routing and Remote Access Service (RRAS) and the Directory Replicator Service in Windows NT to plan for their migration and the new functionality in the Windows 2000 migrated environment.
After this lesson, you will be able to
Estimated lesson time: 10 minutes
The Windows NT Directory Replicator service uses the LAN Manager Replication Service to ensure consistency of logon scripts, system policies, and other data required by domain controllers (such as SMS files if SMS is installed). In this scenario, a server is designated as the export server while others are designated as import computers. By default, information is contained in the %systemroot%\System32\Repl folder. In contrast, the Windows 2000 File Replication Service (FRS) uses multiple-master replication in that every domain controller maintains a Sysvol folder, and a change to one domain controller's folder will replicate to all the domain controllers.
Remember to take inventory of which Windows NT systems have been designated as export servers, which are import servers, and the location of users' profiles, logon scripts, and policies. Depending on the size and type of migration, you might also need to plan for parallel operation of the Windows 2000 File Replication Service and the Windows NT LAN Manager Replication Service. You can automate a fix to help the two services work together by using the Lbridge.cmd script file contained in the Microsoft Windows 2000 Server Resource Kit. Lbridge.cmd is discussed in more depth in Chapter 6, "Performing an Upgrade."
Because of the incompatibility of Windows 2000 FRS and Windows NT replication services, wherever possible, you should try to migrate the Windows NT import computers prior to the export server. Migrate the export server only after the last import computer has been migrated to Windows 2000 to ensure that all Windows NT import computers will continue to receive updates via the Directory Replicator service.
During migration, users might have trouble dialing in to their RRAS server while the network is running in mixed mode. Wherever possible, try to migrate all your routing and remote access services at once; otherwise, you might find sporadic instances in which users can't log on to the domain via RRAS. This is because Windows NT RAS (Remote Access Service) and RRAS use the LocalSystem account to determine a user's dial-in settings, such as whether they have dial-in permission and which call-back settings have been enabled.
The initial dial-in connection uses the LocalSystem account and so it initially connects to a Windows NT system using NULL credentials, meaning that the RAS service itself doesn't require a user name or password, although the user logging on will require their own logon user name and password. Null credentials are not supported in Windows 2000 Active Directory. The only way to ensure that users can log on in a mixed environment is to do one of the following:
In this lesson, you learned the importance of analyzing your Directory Replicator service, why the export server should be the last one to be migrated, and how the command called Lbridge.cmd can allow Windows 2000 File Replication Service and Windows NT's Directory Replicator service to coexist. This lesson also stressed the importance of migrating Windows NT RRAS as soon as possible. Finally you learned when migrating Windows NT RRAS to Windows 2000, it might be necessary to weaken security during the migration unless you move all RAS services to a backup domain controller and migrate the BDC last.