Best Practices for Maintaining and Managing Coexistence

Previous page
Table of content
Next page

For most migration scenarios, it is unrealistic to think that the migration can be completed in a single upgrade. When this occurs, providing coexistence and functionality between Windows NT domains and Active Directory domains become a major component of the domain migration.

Because Windows Server 2003 is fully integrated with Windows NT security, networking and logon services, coexistence can be supported for a period of time with relative ease of management.

Understanding the migration time frame and logistics of how objects will be moved can better assist you in planning for domain coexistence. Knowing the key elements of the migration and implementing them into the migration plan can provide domain users a reliable level of service during the migration and avoid lengthy network disruptions.

Consolidating Network Services

One major benefit to implementing coexistence with Windows Server 2003 is its compatibility with Windows NT domain services. When managing and maintaining coexistence, you can plan to migrate domain services such as Dynamic Host Configuration Protocol (DHCP), Domain Name Service (DNS), and Windows Internet Naming Services (WINS) to Windows Server 2003 as a first step. By migrating these services up front, the ability to take advantage of the features and performance of Windows Server 2003 even when providing functionality of these services to a Windows NT 4.0 domain is greatly enhanced.

Because Windows Server 2003 provides increased performance and availability, migrating and consolidating network services to the new Active Directory domain can actually improve domain performance and client server response. Also, moving these domain services and consolidating to Windows Server 2003 will effectively eliminate Windows NT 4.0 domain servers and provide an increased level of reliability to clients still residing on the Windows NT 4.0 domain.

Using SID History to Maintain Access to Resources

As users are migrated to the new target domain, maintaining and managing coexistence to ensure uninterrupted access to user resources can be difficult. Backward compatibility to objects such as Windows NT 4.0 file shares and network resources not yet migrated can be accomplished by leveraging and implementing features available in the Active Directory Migration Tool.

With the Windows Server 2003 Active Directory Migration Tool, network administrators can now migrate user accounts while also migrating users' Windows NT 4.0 Secure Identifier (SID) information to maintain access to resources still residing in the source domain.

In Windows NT 4.0, all users, computers, and groups are associated with a unique domain SID. Windows NT 4.0 domains grant access to domain resources based on a user's SID information stored in the Access Control List (ACLs). These can be viewed as permissions pages for principles such a file shares and domain resources. These user SIDs can be appended to the new Active Directory Account using the Active Directory Migration Tool. This enables users to maintain privileged access to resources still residing in the Windows NT 4.0 domain.

Migrating SID History

By choosing the option to migrate SID history, all account information of the domain user object in Windows NT 4.0 is migrated to the new account in Windows Server 2003 Active Directory domain. To migrate user SID history along with the domain user account, select Migrate User SIDs to Target Domain when using the Active Directory Migration Tool to migrate accounts as shown in Figure 14.5.

Figure 14.5. ADMT user SID history option page.

graphics/14fig05.jpg

To migrate Windows NT 4.0 account SID history, select the Migrate SID History check box on the user migration options page of the Active Directory User Migration Wizard.

Additional Tools for Managing Coexistence

There are many tools and third-party utilities to assist your organization when migrating to Windows Server 2003. One of the most common and effective tools is the Microsoft Active Directory Connector (ADC). The ADC allows organizations to synchronize Windows Server 2003 and Active Directory with the Microsoft Exchange Server directories. The ADC can be implemented and used to support coexistence between mail systems and active directory while user's accounts are being migrated.

For More Information

More information on the Active Directory Connector, directory synchronization, and additional tools can be found at www.microsoft.com/windowsserver2003/upgrading/nt4/tooldocs/default.mspx.



Previous page
Table of content
Next page
Microsoft Windows Server 2003 Insider Solutions
Microsoft Windows Server 2003 Insider Solutions
ISBN: 0672326094
EAN: 2147483647
Year: 2003
Pages: 325
Authors: Rand Morimoto, Andrew Abbate, Eric Kovach, Ed Roberts
BUY ON AMAZON
The .NET Developers Guide to Directory Services Programming
Data Structures and Algorithms in Java
An Introduction to Design Patterns in C++ with Qt 4
Information Dashboard Design: The Effective Visual Communication of Data
Sap Bw: a Step By Step Guide for Bw 2.0
Microsoft Visual Basic .NET Programmers Cookbook (Pro-Developer)
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy