Lesson 2: Upgrading to Windows 2000 Server

Previous page
Table of content
Next page

The process for upgrading existing servers from Windows NT Server to Windows 2000 Server is mostly automated. During the upgrade, Windows 2000 Setup migrates the old operating system settings, requiring little administrator input during the process. This lesson discusses upgrading to the Windows 2000 Server operating system, upgrading Windows NT domains, and consolidating domains.

After this lesson, you will be able to

  • Upgrade a Windows NT computer to Windows 2000 Server

Estimated lesson time: 30 minutes

Upgrading to Windows 2000 Server

There is only one basic process for upgrading a member server. Once you begin the installation process, the Setup wizard guides you through the upgrade. When prompted, select the Upgrade To Windows 2000 option. During the final stages of installation, Windows 2000 Server Setup gathers information, using preexisting settings from the previous operating system.

There are several reasons to choose to upgrade, assuming that your previous operating system is a version that allows upgrading. Configuration is simpler; your existing users, settings, groups, rights, and permissions are retained; and files and applications do not need to be recopied to the disk after installation. (As with any major changes to the hard disk, however, you should plan on backing up the disk before running Setup.)

If you want to upgrade and then use the same applications as you did with your old operating system, review the Windows 2000 Compatibility Guide at http://www.microsoft.com and read the Read1st.txt file and the Relnotes.doc file (in the root directory of the Windows 2000 Server installation CD-ROM). You can also install the Windows 2000 Support Tools, which are located in the \Support\Tools directory of the Windows 2000 Server installation CD-ROM. The Support Tools include the Windows 2000 Server Resource Kit Deployment Planning Guide. Review the "Testing Applications for Compatibility with Microsoft Windows 2000" chapter for information about using your old applications.

When you upgrade, you must consider whether to convert the file system on any FAT16 or FAT32 partitions that you might have to the NTFS file system. It is possible to install Windows 2000 Server and also allow the computer to sometimes run another operating system by setting up the computer as a dual-boot system. Using dual booting, however, presents complexities because of file system issues.

Upgrading Servers

Windows 2000 Server supports upgrades from Windows NT 3.51 Server, Windows NT Server 4.0, and earlier versions of Windows 2000 Server. If a computer is running versions of Windows NT older than Windows NT 3.51, upgrade to Windows NT Server 4.0 before upgrading to Windows 2000 Server.

NOTE

Windows 2000 supports all service packs for Windows NT 3.51 and Windows NT 4.0. The upgrade of installed applications varies with the system.

Upgrade Methods

The easiest way to upgrade Windows NT Server is to insert the Windows 2000 Server installation CD-ROM into the computer's CD-ROM drive. You can also run Winnt32 from the CD-ROM.

Setup cannot upgrade the operating system from the boot floppies or from booting the CD-ROM. Winnt32 or Autorun must be used to upgrade Windows NT Server. You can also upgrade your system by running Winnt32.exe over the network.

Finding Windows NT Installations to Upgrade

To find Windows NT Server installations on the system, the C:\Boot.ini file is examined on x86-based systems.

NOTE

Windows 2000 does not support RISC-based systems.

The Setup program attempts to access the partition indicated by the Advanced RISC Computing (ARC) path in <active partition>:\Boot.ini for each installation it finds. The active partition is usually C:, so references to the drive containing Boot.ini will be C:. If Setup can access the partition, it then examines the root directory by searching for the following items:

  • Directories. The Setup program searches for System32, System32\Drivers, and System32\Config subfolders.
  • Files. Under the System32 subfolders, Setup searches for Ntoskrnl.exe and Ntdll.dll.

After searching for directories and files, Setup attempts to load portions of the registry to determine whether an attempt to upgrade this installation has failed. Setup also determines the type of the current Windows NT installation and finds the edition (Server or Workstation), version number of the Windows NT installation (either 3.1, 3.5, 3.51, or 4.0), and build number.

The system's current version and build number must be less than or equal to the version number to which the system will be upgraded. Also, the edition of the installation must be Server. Therefore, the Windows 2000 Server upgrade process upgrades only Windows NT Server 3.51 and Windows NT Server 4.0 systems.

Once each installation in C:\Boot.ini has been found and each entry has met the above criteria for version, build, and edition, Setup presents a menu that lists the installations on the system that can be upgraded.

If a Windows NT Server installation does not appear in the list of possible installations to upgrade, it probably did not meet one of the above criteria. At this point, you can press F3 to exit from the upgrade and still boot into any version of Windows NT installed on the system to ensure that the installation meets the criteria.

NOTE

If there are multiple C:\Boot.ini entries that point to the same Windows NT installation, the installation is listed in the upgrade selection menu only once.

Upgrading a Windows NT Domain

A critical task in upgrading your network to Windows 2000 Server is upgrading the Windows NT Server domain. Domains are an important feature of both Windows NT Server and Windows 2000 Server. A domain is a grouping of accounts and network resources under a single domain name and security boundary. It is necessary to have one or more domains if you want to use domain-based user accounts and other domain security features in Windows 2000 Server. (This was true for Windows NT Server as well.)

With Windows 2000, servers can play one of three roles in relation to domains. Servers can be domain controllers, which contain matching copies of the user accounts and other Active Directory services data in a given domain. They can also be member servers, which belong to a domain but do not contain a copy of Active Directory services data. Third, servers can be standalone servers, which do not belong to a domain but belong to a workgroup. A domain must have at least one domain controller, and it should generally have multiple domain controllers, each one backing up the user accounts and other Active Directory services data for the others and helping provide logon support to users.

You should plan the roles that your servers will play within domains in Windows 2000 before running Setup; however, if adjustments are necessary to these roles, they can still be made after setup.

There are several important points to remember about upgrading an existing Windows NT domain to Windows 2000 domain:

  • You must use the NTFS file system on domain controllers.
  • Any servers that have any partition formatted with FAT16 or FAT32 will lack local security. On FAT16 or FAT32 partitions, shared folders can be protected only with permissions set on the directories, not on individual files, and there is no access protection against local access to the partition.
  • When upgrading the domain controllers in a Windows NT domain to Windows 2000, you must upgrade the primary domain controllers (PDCs) first.

The roles of the servers in a domain are named somewhat differently in Windows 2000 Server compared to Windows NT Server. With Windows NT Server, the possible roles were PDC (limited to one per domain), backup domain controller (BDC), member server, or standalone server. Windows 2000 has only one kind of domain controller (without a "primary" or "backup" designation) and also includes the roles of member server and standalone server. Table 8.11 shows what server roles Windows 2000 Setup assigns when you upgrade.

Table 8.11 Comparison of Server Roles

Role in Windows NT domain Role in Windows 2000 domain
Primary domain controller Domain controller
Backup domain controller Your choice of domain controller or member server
Member server Your choice of member server or standalone server
Standalone server Your choice of member server (if a Windows 2000 domain exists) or standalone server

Upgrading a Windows NT domain takes place over the following five stages:

  1. Planning for a Windows NT domain upgrade
  2. Preparing for a Windows NT domain upgrade
  3. Upgrading the PDC
  4. Upgrading the BDCs
  5. Upgrading member servers

Planning for a Windows NT Domain Upgrade

The following are the main considerations when planning a Windows 2000 upgrade :

  • DNS domain name organization. Develop DNS structure for the root domain of an enterprise tree or multiple trees in a forest of disjointed DNS domain names. Once the root DNS domain is created, other subdomains can be added to build the tree. For example, microsoft.com is a root domain, and dev.microsoft.com and mktg.microsoft.com are subdomains.
  • Name space organization within large account domains. Determine how to use organizational units to structure the employees and project resources.
  • Domain consolidation. Rebalance administration and control of centrally managed and distributed network services by merging resource domains into a smaller number of Windows 2000 domains.
  • New computer accounts added for long-term organization. Determine the location of computer accounts in Windows 2000 organizational units. This is an important part of deploying Windows 2000 computer security policies.
  • Deployment of advanced technologies. Deploy new advanced technologies such as PKI security for smart card logon and remote access authentication or IP security for secure data transfer over private intranet and public Internet communications.

NOTE

For more information, see the Windows 2000 Support Tools' Deployment and Planning Guide. The installation program for this guide and other support tools is located in the \Support\Tools directory on the Windows 2000 Server installation CD-ROM.

Preparing for a Windows NT Domain Upgrade

Whenever you make any major changes to the contents of the hard disks on your servers, you should back up the hard disks before upgrading any of them. Before upgrading, you should also consider disconnecting the network cable of a BDC in your existing Windows NT network. After upgrading your PDC to Windows 2000 Server, this disconnected system is available for promotion to a Windows NT PDC if needed. (In the course of an uneventful upgrade, you would not promote the Windows NT BDC to PDC, but instead continue the upgrade process, eventually reconnecting the disconnected server and upgrading it.)

In addition, for any computer that will be a domain controller in the Windows 2000 domain, you should make sure there is plenty of room on the disk, beyond the space needed for the operating system itself. When the user accounts database is upgraded to the format used by Windows 2000 Server, it can expand significantly.

Preparing to Upgrade the Domain Controller

Before upgrading a domain controller, there are a number of tasks that must be completed:

  • Disable WINS by using the Services option in Control Panel in Windows NT Server 4.0 so that the WINS database can be converted during the upgrade process.
  • Disable DHCP by using the Services option in Control Panel in Windows NT Server 4.0 so that the DHCP database can be converted during the upgrade.
  • Set up a test environment by creating test user accounts so that you can test the upgrade once it is complete. Create users and groups that are consistent with your implementation of Windows NT Server 4.0.

Table 8.12 lists items you might want to include in a test environment and explains how to implement them.

Table 8.12 Items to Include During Testing

Item Implementation
User and Group policies Include both user and group policies that are easy to verify after the upgrade. For example, remove the Run command from the Start menu.
User profiles Set up individual user profiles for the test users that are obvious and easy to verify, such as different background wallpaper.
Logon scripts Use logon script commands that are easy to verify after the upgrade, such as mapping network drives with the net use command.

NOTE

It is always a good idea to test any upgrade in a lab environment before implementing it in a production environment. To that end you may remove a BDC from the network and promote it to be a PDC in a private network. Then you can upgrade the PDC to Windows 2000 Server. If that is successful, you can bring that computer back to the production environment.

Upgrading the Primary Domain Controller

The first domain controller to be upgraded in a Windows NT domain must be the PDC. As you upgrade this server, you are given the choices of creating a new domain or a child domain and of creating a new forest or a domain tree in an existing forest. For upgrading a domain of three to five servers, create a new domain and a new forest. You should also define the domain name space to set up the top-level name space for the organization. Other domains can be added to the tree as child domains.

During the upgrade, you can choose the location of three important files: the database containing user accounts and other Active Directory data, the log file, and the system volume file (SYSVOL). The database and the log file can be on any type of partition (FAT16, FAT32, or NTFS); the previous SAM database can expand significantly from the size it had with Windows NT Server, so you should allow plenty of room for it. (Initially, the log file will take up very little space.) The system volume file must be on an NTFS partition.

After the first server is upgraded to a Windows 2000 domain controller, it will be fully backward compatible. This means that in a multiple-server environment the domain controller appears as a Windows 2000 domain controller to Windows 2000 servers and clients but emulates a Windows NT 4.0 PDC to other servers and clients.

Upgrading the Backup Domain Controllers

After upgrading your PDC and ensuring that it is functioning to your satisfaction, you next upgrade any BDCs. (If possible, it is best to begin the next upgrades soon after the PDC upgrade, rather than allowing a long delay.) Be sure that the first server upgraded (the former PDC) is running and available on the network when you upgrade other domain controllers. This server is used as a template for the other domain controllers to copy as they are upgraded.

Upgrade the BDCs one at a time, and ensure that each is backed up before upgrading. Start and test each server on the network to ensure that it is functioning to your satisfaction before upgrading another BDC.

When you have completely upgraded all servers to Windows 2000 domain controllers, you can change the domain from Mixed mode (where Windows NT domain controllers can exist in the domain) to Native mode (where only Windows 2000 domain controllers can exist in the domain). You cannot revert to Mixed mode after changing to Native mode, so it is important that you think carefully about changing the domain. Figure 8.2 shows the transition from a Windows NT domain to a Windows 2000 Native mode domain.

Figure 8.2 Transition from Windows NT domain to Windows 2000 Native mode domain

Mixed Mode

Mixed mode refers to a domain that contains both Windows 2000 and Windows NT 3.51/4.0 domain controllers. In Mixed mode the PDC is upgraded to Windows 2000 Server and one or more BDCs remain at version Windows NT Server 3.51/4.0. The Windows 2000 domain controller that was the PDC uses the Active Directory store to save objects. It is still fully backward compatible because it exposes the data as a native NT 4 domain flat store to down-level computers.

The PDC appears as a Windows 2000 domain controller to other Windows 2000 computers, and as a Windows NT 3.51/4.0 domain controller to computers that are not yet upgraded.

The domain still uses a single master replication with a Windows 2000 PDC; it is recognized as the domain master by the Windows NT Server 3.51/4.0 BDCs.

In Mixed mode the domain is limited by the functionality of the Windows NT 4.0 domain controllers. The limitations on Windows 2000 operating in Mixed mode include the following:

  • No group nesting is available.
  • Non-Windows 2000 clients cannot benefit from transitive trust; they are limited to the limitations of pre-Windows 2000 trust relationships for access to resources.

Mixed mode is the default mode and is generally an interim step in the implementation of Windows 2000.

Native Mode

Once all domain controllers in a domain are upgraded, the domain can be moved from Mixed mode to Native mode. In Native mode all clients make use of Windows 2000 transitive trust. This means that a user can connect to any resource in the enterprise. Native mode also allows group nesting.

NOTE

Moving to Native mode is a one-way move; once in Native mode, it is not possible to move the domain back to Mixed mode.

Upgrading Member Servers

Upgrade the NT 4 member servers to Windows 2000. Member servers in the domain can be upgraded in any order.

Domain Consolidation

Domain consolidation is a planning process for organizing domain resources to take advantage of new advanced features of the Windows 2000 Active Directory services. Domain reconfiguration is optional; it is not a requirement for installing Windows 2000. Domain reconfiguration can take place over time as individual computers are upgraded and moved to different domains. Reconfiguration is also a fairly intensive and time-consuming administrator operation, as computers are moved to new domains and access control is verified or updated as needed.

There are two general ways to consolidate domains:

  • Move user accounts from one domain to another to form a single larger domain.
  • Move server computers from one resource domain into the organizational unit of another domain.

One advantage of domain consolidation is that the number of master account domains can be reduced because each domain can be scaled to handle a much larger number of user, group, and computer accounts. Combining master account domains can reduce the number of server computers and interdomain trust accounts. However, moving users from one domain to another requires the creation of a new temporary password for the user account in the new domain. User passwords are not preserved when a user account is moved from one domain to another, although the security identifier (SID) for the user is.

Another advantage to domain consolidation is that the number of resource domains can be reduced by moving servers from many small domains into a combined resource domain. The domain controllers of the resource domains become member servers in the larger combined domain. This reduces the number of interdomain trust relationships between resource domains and account domains, saving system resources on domain controllers. Domain consolidation also makes it easier to redeploy server computers from one project or department to another.

Windows 2000 includes the following features that enable domain reconfiguration:

  • Users and groups can be moved across domain boundaries and preserve security identity. The SID history is kept with the user account, and access tokens will contain both the new and the old SID to preserve access rights.
  • Domain controllers can be demoted to a member server and moved to another domain.
  • Security policies can be defined centrally and applied to many systems. These policies can grow in scope and change over time. They are used to deploy new technology, such as public key security and IP security. As new computers join a domain, they can automatically pick up the security policy in effect for the new domain.
  • Computers can be moved to different domains by using remote administration tools.
  • Access rights can be updated to reflect changes in an organization's structure or philosophy.

Lesson Summary

The upgrade from Windows NT Server to Windows 2000 Server is, for the most part, an automated process. The easiest way to upgrade Windows NT Server is to use the Windows 2000 Server installation CD-ROM in the computer's CD-ROM drive. The Setup wizard then guides you through the upgrade. An important aspect of upgrading to Windows 2000 is upgrading the domain, which involves a number of stages. First you must plan how you will upgrade the domain. This includes determining a domain name organization and deploying new technologies. Next you must prepare for that upgrade by completing such tasks as backing up files and disconnecting network cables. In addition, you must prepare to upgrade the domain controllers. The next step in upgrading the domain is to upgrade the PDC. This is followed by upgrading the BDCs and the member servers. When you have completed these steps, you should consider consolidating your domain to take advantage of the new advanced features of the Windows 2000 Active Directory services.


Previous page
Table of content
Next page
MCSE Training Kit(c) Microsoft Windows 2000 Accelerated 2000
MCSE Training Kit(c) Microsoft Windows 2000 Accelerated 2000
ISBN: N/A
EAN: N/A
Year: 2004
Pages: 244
BUY ON AMAZON
Crystal Reports 9 on Oracle (Database Professionals)
Professional Java Native Interfaces with SWT/JFace (Programmer to Programmer)
The Java Tutorial: A Short Course on the Basics, 4th Edition
Microsoft WSH and VBScript Programming for the Absolute Beginner
Oracle SQL*Plus: The Definitive Guide (Definitive Guides)
Python Programming for the Absolute Beginner, 3rd Edition
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy