Migrating Network Services

During a migration from the source to target Windows 2003 domain, one decision you must make is when it is best to migrate domain-based service and when is it best to create new ones. Often failure to move these services correctly can cause connectivity issues between client systems and the domain resulting in failed logons . The following sections provide you with the information available to cleanly and easily move these services to avoid disruption in client server communications when migrating.

One benefit of the integration between Windows 2000 and Windows 2003 is the ability to migrate services between operating systems.

When upgrading domains, you can migrate network services to new Windows 2003 domain controllers. This section focuses on the three components of Windows 2000:

• Dynamic Host configuration Protocol (DHCP)

• Domain Name System (DNS)

• Group Policy Objects

Each of the following sections provide insight and best practices on when to migrate these services and the basic steps for moving the service and components to Windows 2003.

Migrating Domain Name Systems Services

When addressing DNS there are two key areas to consider. First, what is the best method to cutover services from Windows 2000 to Windows 2003. You can decide which method to use depending on whether the cutover is used for a migration to a new Windows 2003 domain or the existing Windows 2000 domain is being upgraded.

When upgrading, you can use the built-in functionality of Active Directory Intergraded DNS Zones to establish DNS services on new Windows 2003 servers. When a domain controller is promoted to a domain controller, DNS can be installed as an Active Directory Integrated zone. This will dynamically replicate all zone information to the DNS server.

After replication of the zone is complete, you can then modify the DHCP Scope to implement the new DNS server into the domain.

When migrating to a new domain, DNS in the source domain can be configured to forward DNS lookup to the new DNS server in the target domain. Reverse lookup zones can be created for each to enable efficient DNS reverse lookups as well.

To configure DNS forwarding, open the DNS manager in the Windows 2000 domain and perform the following steps:

1. Select the forward lookup zone for the domain being migrated .

2. Sect the server where the forward lookup zone will be added. Right-click the selection and choose Properties.

3. Add the TCP/IP addresses of the Windows 2003 DNS server in the Forwarder Properties dialog box and click OK when complete.

To configure the reverse lookup, add the domain to the reverse lookup zone on both the source domain and target domain DNS Servers. This will enable reverse lookup for both domains.

Migrating DHCP to Windows 2003

When existing Windows 2000 DHCP services are in place, you can migrate DHCP server configurations and databases from Windows 2000 to a new Windows 2003 domain controller. By migrating, you are free from the time required to configure services and ensure the scope is correct and identical before being moved. Also, client lease information is preserved, enabling a transparent migration of DHCP in the client environment.

To migrate the existing Windows 2000 DHCP services, use the DHCPExim.exe and Netsh.exe utilities located on the Windows Resource Kit. Begin by downloading the resources kit from Microsoft at http://www.microsoft.com/downloads.

Install the Windows 2003 Resource Kit and migrate the DHCP services by performing the following steps:

1. Open a command prompt by choosing Start, Run and typing command in the dialog box. Select OK to open the command dialog.

2. Export the DHCP server information by running the command DHCPExim.exe.

3. From the DHCPEXIM Export to File dialog box enter the name and location where the information will be exported. Confirm the location shown in the dialog box and select OK to continue.

4. From the Export dialog, select the DHCP scope to be exported. This selection will migrate all DHCP settings for the scopes.

5. Select the Disable the Elected Scopes on the Local Machine Before Export To option. This will disable the scopes being migrated to avoid any conflicts when the scope is imported to Windows 2003.

6. At the This Operation Has Completed Successfully dialog box, select OK to complete the export operation.

7. Move the exported file to the new Windows 2003 server where the DHCP service will be migrated.

8. Begin the migration to the new Windows 2003 server by installing the DHCP service using the Add/Remove Programs tool in the server Control Panel.

9. Open a command prompt on the Windows 2003 server by choosing Start, Run and typing command in the dialog box. Select OK to open the command dialog.

10. From the command prompt, enter the import command using the Netsh command: Netsh DHCP Server Import (Path to Export File) all.

The command will import the DHCP information and scope configuration to the new Windows 2003 server.

Migrating GPOs

Unlike migrating from Windows NT, one major area often not considered to be migrated is Windows 2000 Group Policies or GPOs. Using the Windows 2003 Group Policy Management Console, you can use the copy function to move previously configured GPOs from Windows 2000 domains to Windows 2003 domains.

Using the copy functionality of the GPMC, GPOs can easily be copied or dragged to the desired new domain. To migrate GPOs using the Group Policy Management Console, download and install the GPMC.msi installation package from Microsoft at http://www.microsoft.com/downloads.

Once installed, open the Group Policy Manager and add the forest and domain to the GPMC to copy GPOs from the source domain to the new Windows 2003 destination domain as shown in Figure 15.3.

Begin migrating Windows 2000 GPOs by adding a forest trust between the source and target locations. If no forest trust will be used, you can leverage the Stored User Name and Password utility for authentication to the source domain along the GPMCs.

Open the GPMC on the Windows 2003 domain controller and add the forest and domain for the Windows 2000 source domain where the existing GPO will be copied from. Select the GPO object and drag it to the target Windows 2003 domain.