Lesson 3: Windows 2000 Sites and Migration | MCSE Training Kit (Exam 70-222): Migrating from Microsoft Windows NT 4.0 to Microsoft Windows 2000 (MCSE Training Kits)

In this lesson you will examine the concept of a Windows 2000 site and the limitations that Windows 2000 sites can help resolve in comparison to a Windows NT environment.

After this lesson, you will be able to

Understand how a Windows 2000 site can cure inherent problems in a Windows NT domain.
Plan for sites in the migration.

Estimated lesson time: 15 minutes

Windows NT 4.0 Logon and Replication Problems

One of the problems with single domains in Windows NT 4.0 is that objects are replicated through a master-slave replication of PDC objects to BDCs. Consequently, if you have a single domain spread across WAN links, any new object would have to be created on the PDC no matter where the object itself is located. The object would then be automatically replicated across the WAN no matter how much bandwidth that consumes. There's no way to control this apart from changing some registry entries such as the replication governer on the BDCs or by segmenting the enterprise into separate domains.

Another problem with a single domain in Windows NT 4.0 is that you can't control whether a client will log on to the nearest domain controller. For example, a client in the United Kingdom might sometimes be authenticated by a domain controller located in the United States, even when there is a closer BDC in the United Kingdom. Such authentication uses expensive WAN links rather than authenticating via the domain controllers physically closest to the client. To address this problem, Microsoft released a tool in Windows NT Service Pack 4 called Setprfdc, which allows you to create a file that directs the client to log on to domain controllers in a specified order. If the first one in the list isn't available, the client will try the second, and so on. However, manually setting and updating this file can be laborious.

Active Directory Sites

Windows 2000 provides the following ways to mitigate and control the issues raised above:

All Windows 2000 domain controllers in a given domain are peers and automatically replicate information among themselves by a process known as multimaster replication. Multimaster replication ensures that the management of user accounts can continue even if some domain controllers fail.
Because Windows 2000 domains are more concerned with the logical arrangement of resources, Windows 2000 provides the new mechanism of sites.

A site is a set of Windows 2000 machines joined together by local area network connections known as well-connected links. Sites let you map the physical topology of your network onto the logical arrangement of your Active Directory design. By using the Active Directory Sites And Services administrative tool, you can configure Windows 2000 to make the best use of LAN and WAN connections for authentication and replication. To do this, a cost is assigned to the link between two sites where the domain controllers have been placed. The cost mechanism allows clients to identify the closest domain controllers rather than being authenticated across an expensive WAN link, and it also allows you to schedule replication across slow WAN links.

Site Design

An Active Directory site should have a set of well-connected domain controllers. When considering an Active Directory design, be sure that any additional traffic produced by the migration process won't severely affect the production environment. In cases where the network infrastructure is operating at close to capacity, be sure to plan migration such that additional loading is minimized. You can do this by first upgrading to higher bandwidth links or by isolating the segment of the network that's under construction from the main WAN.

The Site Design and the Current Environment

You must validate the site design against the current environment. Begin this effort by considering the existing network topology in depth, and then move to considerations such as the following:

Upgrade traffic. When the Active Directory servers are deployed, they'll generate additional network traffic as they perform replication. Further traffic will be produced as objects are migrated from one domain to another. You should carefully consider the cost of the links between sites and the timing of replication traffic to ensure that key business applications remain available during the upgrade.
Site-aware applications. If you plan to use site-aware applications such as the Windows 2000 Server distributed file system (Dfs) or Microsoft Exchange Server 2000, you should incorporate the requirements of these applications into your network specifications and site design.
Provision of domain controllers. During the upgrade, you might need additional domain controllers to provide fault tolerance. These will be placed in particular sites and will add to the replication traffic. Their deployment and their role in replication and user authentication must be planned as part of the upgrade process.

Site Design and Migration Goals

You must also consider your site design in light of your migration goals. The design and the goals might be mutually incompatible. For example, you might have a migration goal that requires 100 percent availability of user logon. If the site design provides for only a single Windows 2000 domain controller in each site, this goal can't be met. As another example, if the network connections between sites can't support a large volume of replication traffic, you won't be able to make information widely available within a particular time frame.

Lesson Summary

In this lesson, you learned what sites are and how they address the limitations of the Windows NT architecture. You also learned how to use sites to optimize replication and authentication traffic, and how other factors such as extra network traffic could affect a site plan.