The process for upgrading existing servers from Windows NT Server to Windows 2000 Server is mostly automated. During the upgrade, Windows 2000 Setup migrates the old operating system settings, requiring little administrator input during the process. This lesson discusses upgrading to the Windows 2000 Server operating system, upgrading Windows NT domains, and consolidating domains.
After this lesson, you will be able to
Estimated lesson time: 30 minutes
There is only one basic process for upgrading a member server. Once you begin the installation process, the Setup wizard guides you through the upgrade. When prompted, select the Upgrade To Windows 2000 option. During the final stages of installation, Windows 2000 Server Setup gathers information, using preexisting settings from the previous operating system.
There are several reasons to choose to upgrade, assuming that your previous operating system is a version that allows upgrading. Configuration is simpler; your existing users, settings, groups, rights, and permissions are retained; and files and applications do not need to be recopied to the disk after installation. (As with any major changes to the hard disk, however, you should plan on backing up the disk before running Setup.)
If you want to upgrade and then use the same applications as you did with your old operating system, review the Windows 2000 Compatibility Guide at http://www.microsoft.com and read the Read1st.txt file and the Relnotes.doc file (in the root directory of the Windows 2000 Server installation CD-ROM). You can also install the Windows 2000 Support Tools, which are located in the \Support\Tools directory of the Windows 2000 Server installation CD-ROM. The Support Tools include the Windows 2000 Server Resource Kit Deployment Planning Guide. Review the "Testing Applications for Compatibility with Microsoft Windows 2000" chapter for information about using your old applications.
When you upgrade, you must consider whether to convert the file system on any FAT16 or FAT32 partitions that you might have to the NTFS file system. It is possible to install Windows 2000 Server and also allow the computer to sometimes run another operating system by setting up the computer as a dual-boot system. Using dual booting, however, presents complexities because of file system issues.
Windows 2000 Server supports upgrades from Windows NT 3.51 Server, Windows NT Server 4.0, and earlier versions of Windows 2000 Server. If a computer is running versions of Windows NT older than Windows NT 3.51, upgrade to Windows NT Server 4.0 before upgrading to Windows 2000 Server.
NOTE
Windows 2000 supports all service packs for Windows NT 3.51 and Windows NT 4.0. The upgrade of installed applications varies with the system.
The easiest way to upgrade Windows NT Server is to insert the Windows 2000 Server installation CD-ROM into the computer's CD-ROM drive. You can also run Winnt32 from the CD-ROM.
Setup cannot upgrade the operating system from the boot floppies or from booting the CD-ROM. Winnt32 or Autorun must be used to upgrade Windows NT Server. You can also upgrade your system by running Winnt32.exe over the network.
To find Windows NT Server installations on the system, the C:\Boot.ini file is examined on x86-based systems.
NOTE
Windows 2000 does not support RISC-based systems.
The Setup program attempts to access the partition indicated by the Advanced RISC Computing (ARC) path in <active partition>:\Boot.ini for each installation it finds. The active partition is usually C:, so references to the drive containing Boot.ini will be C:. If Setup can access the partition, it then examines the root directory by searching for the following items:
After searching for directories and files, Setup attempts to load portions of the registry to determine whether an attempt to upgrade this installation has failed. Setup also determines the type of the current Windows NT installation and finds the edition (Server or Workstation), version number of the Windows NT installation (either 3.1, 3.5, 3.51, or 4.0), and build number.
The system's current version and build number must be less than or equal to the version number to which the system will be upgraded. Also, the edition of the installation must be Server. Therefore, the Windows 2000 Server upgrade process upgrades only Windows NT Server 3.51 and Windows NT Server 4.0 systems.
Once each installation in C:\Boot.ini has been found and each entry has met the above criteria for version, build, and edition, Setup presents a menu that lists the installations on the system that can be upgraded.
If a Windows NT Server installation does not appear in the list of possible installations to upgrade, it probably did not meet one of the above criteria. At this point, you can press F3 to exit from the upgrade and still boot into any version of Windows NT installed on the system to ensure that the installation meets the criteria.
NOTE
If there are multiple C:\Boot.ini entries that point to the same Windows NT installation, the installation is listed in the upgrade selection menu only once.
A critical task in upgrading your network to Windows 2000 Server is upgrading the Windows NT Server domain. Domains are an important feature of both Windows NT Server and Windows 2000 Server. A domain is a grouping of accounts and network resources under a single domain name and security boundary. It is necessary to have one or more domains if you want to use domain-based user accounts and other domain security features in Windows 2000 Server. (This was true for Windows NT Server as well.)
With Windows 2000, servers can play one of three roles in relation to domains. Servers can be domain controllers, which contain matching copies of the user accounts and other Active Directory services data in a given domain. They can also be member servers, which belong to a domain but do not contain a copy of Active Directory services data. Third, servers can be standalone servers, which do not belong to a domain but belong to a workgroup. A domain must have at least one domain controller, and it should generally have multiple domain controllers, each one backing up the user accounts and other Active Directory services data for the others and helping provide logon support to users.
You should plan the roles that your servers will play within domains in Windows 2000 before running Setup; however, if adjustments are necessary to these roles, they can still be made after setup.
There are several important points to remember about upgrading an existing Windows NT domain to Windows 2000 domain:
The roles of the servers in a domain are named somewhat differently in Windows 2000 Server compared to Windows NT Server. With Windows NT Server, the possible roles were PDC (limited to one per domain), backup domain controller (BDC), member server, or standalone server. Windows 2000 has only one kind of domain controller (without a "primary" or "backup" designation) and also includes the roles of member server and standalone server. Table 8.11 shows what server roles Windows 2000 Setup assigns when you upgrade.
Table 8.11 Comparison of Server Roles
Role in Windows NT domain | Role in Windows 2000 domain |
---|---|
Primary domain controller | Domain controller |
Backup domain controller | Your choice of domain controller or member server |
Member server | Your choice of member server or standalone server |
Standalone server | Your choice of member server (if a Windows 2000 domain exists) or standalone server |
Upgrading a Windows NT domain takes place over the following five stages:
The following are the main considerations when planning a Windows 2000 upgrade :
NOTE
For more information, see the Windows 2000 Support Tools' Deployment and Planning Guide. The installation program for this guide and other support tools is located in the \Support\Tools directory on the Windows 2000 Server installation CD-ROM.
Whenever you make any major changes to the contents of the hard disks on your servers, you should back up the hard disks before upgrading any of them. Before upgrading, you should also consider disconnecting the network cable of a BDC in your existing Windows NT network. After upgrading your PDC to Windows 2000 Server, this disconnected system is available for promotion to a Windows NT PDC if needed. (In the course of an uneventful upgrade, you would not promote the Windows NT BDC to PDC, but instead continue the upgrade process, eventually reconnecting the disconnected server and upgrading it.)
In addition, for any computer that will be a domain controller in the Windows 2000 domain, you should make sure there is plenty of room on the disk, beyond the space needed for the operating system itself. When the user accounts database is upgraded to the format used by Windows 2000 Server, it can expand significantly.
Before upgrading a domain controller, there are a number of tasks that must be completed:
Table 8.12 lists items you might want to include in a test environment and explains how to implement them.
Table 8.12 Items to Include During Testing
Item | Implementation |
---|---|
User and Group policies | Include both user and group policies that are easy to verify after the upgrade. For example, remove the Run command from the Start menu. |
User profiles | Set up individual user profiles for the test users that are obvious and easy to verify, such as different background wallpaper. |
Logon scripts | Use logon script commands that are easy to verify after the upgrade, such as mapping network drives with the net use command. |
NOTE
It is always a good idea to test any upgrade in a lab environment before implementing it in a production environment. To that end you may remove a BDC from the network and promote it to be a PDC in a private network. Then you can upgrade the PDC to Windows 2000 Server. If that is successful, you can bring that computer back to the production environment.
The first domain controller to be upgraded in a Windows NT domain must be the PDC. As you upgrade this server, you are given the choices of creating a new domain or a child domain and of creating a new forest or a domain tree in an existing forest. For upgrading a domain of three to five servers, create a new domain and a new forest. You should also define the domain name space to set up the top-level name space for the organization. Other domains can be added to the tree as child domains.
During the upgrade, you can choose the location of three important files: the database containing user accounts and other Active Directory data, the log file, and the system volume file (SYSVOL). The database and the log file can be on any type of partition (FAT16, FAT32, or NTFS); the previous SAM database can expand significantly from the size it had with Windows NT Server, so you should allow plenty of room for it. (Initially, the log file will take up very little space.) The system volume file must be on an NTFS partition.
After the first server is upgraded to a Windows 2000 domain controller, it will be fully backward compatible. This means that in a multiple-server environment the domain controller appears as a Windows 2000 domain controller to Windows 2000 servers and clients but emulates a Windows NT 4.0 PDC to other servers and clients.
After upgrading your PDC and ensuring that it is functioning to your satisfaction, you next upgrade any BDCs. (If possible, it is best to begin the next upgrades soon after the PDC upgrade, rather than allowing a long delay.) Be sure that the first server upgraded (the former PDC) is running and available on the network when you upgrade other domain controllers. This server is used as a template for the other domain controllers to copy as they are upgraded.
Upgrade the BDCs one at a time, and ensure that each is backed up before upgrading. Start and test each server on the network to ensure that it is functioning to your satisfaction before upgrading another BDC.
When you have completely upgraded all servers to Windows 2000 domain controllers, you can change the domain from Mixed mode (where Windows NT domain controllers can exist in the domain) to Native mode (where only Windows 2000 domain controllers can exist in the domain). You cannot revert to Mixed mode after changing to Native mode, so it is important that you think carefully about changing the domain. Figure 8.2 shows the transition from a Windows NT domain to a Windows 2000 Native mode domain.
Figure 8.2 Transition from Windows NT domain to Windows 2000 Native mode domain
Mixed mode refers to a domain that contains both Windows 2000 and Windows NT 3.51/4.0 domain controllers. In Mixed mode the PDC is upgraded to Windows 2000 Server and one or more BDCs remain at version Windows NT Server 3.51/4.0. The Windows 2000 domain controller that was the PDC uses the Active Directory store to save objects. It is still fully backward compatible because it exposes the data as a native NT 4 domain flat store to down-level computers.
The PDC appears as a Windows 2000 domain controller to other Windows 2000 computers, and as a Windows NT 3.51/4.0 domain controller to computers that are not yet upgraded.
The domain still uses a single master replication with a Windows 2000 PDC; it is recognized as the domain master by the Windows NT Server 3.51/4.0 BDCs.
In Mixed mode the domain is limited by the functionality of the Windows NT 4.0 domain controllers. The limitations on Windows 2000 operating in Mixed mode include the following:
Mixed mode is the default mode and is generally an interim step in the implementation of Windows 2000.
Once all domain controllers in a domain are upgraded, the domain can be moved from Mixed mode to Native mode. In Native mode all clients make use of Windows 2000 transitive trust. This means that a user can connect to any resource in the enterprise. Native mode also allows group nesting.
NOTE
Moving to Native mode is a one-way move; once in Native mode, it is not possible to move the domain back to Mixed mode.
Upgrade the NT 4 member servers to Windows 2000. Member servers in the domain can be upgraded in any order.
Domain consolidation is a planning process for organizing domain resources to take advantage of new advanced features of the Windows 2000 Active Directory services. Domain reconfiguration is optional; it is not a requirement for installing Windows 2000. Domain reconfiguration can take place over time as individual computers are upgraded and moved to different domains. Reconfiguration is also a fairly intensive and time-consuming administrator operation, as computers are moved to new domains and access control is verified or updated as needed.
There are two general ways to consolidate domains:
One advantage of domain consolidation is that the number of master account domains can be reduced because each domain can be scaled to handle a much larger number of user, group, and computer accounts. Combining master account domains can reduce the number of server computers and interdomain trust accounts. However, moving users from one domain to another requires the creation of a new temporary password for the user account in the new domain. User passwords are not preserved when a user account is moved from one domain to another, although the security identifier (SID) for the user is.
Another advantage to domain consolidation is that the number of resource domains can be reduced by moving servers from many small domains into a combined resource domain. The domain controllers of the resource domains become member servers in the larger combined domain. This reduces the number of interdomain trust relationships between resource domains and account domains, saving system resources on domain controllers. Domain consolidation also makes it easier to redeploy server computers from one project or department to another.
Windows 2000 includes the following features that enable domain reconfiguration:
The upgrade from Windows NT Server to Windows 2000 Server is, for the most part, an automated process. The easiest way to upgrade Windows NT Server is to use the Windows 2000 Server installation CD-ROM in the computer's CD-ROM drive. The Setup wizard then guides you through the upgrade. An important aspect of upgrading to Windows 2000 is upgrading the domain, which involves a number of stages. First you must plan how you will upgrade the domain. This includes determining a domain name organization and deploying new technologies. Next you must prepare for that upgrade by completing such tasks as backing up files and disconnecting network cables. In addition, you must prepare to upgrade the domain controllers. The next step in upgrading the domain is to upgrade the PDC. This is followed by upgrading the BDCs and the member servers. When you have completed these steps, you should consider consolidating your domain to take advantage of the new advanced features of the Windows 2000 Active Directory services.