This is the last of the series of columns on migrating to Windows 2000 (Win2K). This week, we'll talk about phase 3—the implementation phase. During phase 3, your Help desk and other IT staff will be busier than your network architects, especially if you plan to upgrade your workstations to Windows 2000 Professional (Win2K Pro). Your entire migration team will have to work together during this phase. No matter how carefully you plan your migration, you can't ignore Murphy's Law—anything that can go wrong, probably will.
Creating the Root Domain
Before you get started with the implementation, synchronize one Windows NT 4.0 BDC with the PDC, and then take this BDC offline as a precautionary measure. If something goes wrong, you can promote this BDC to PDC and restore your NT 4.0 domain structure. Now you're ready to create your Win2K root domain.
Installing the first Win2K domain controller—either from an upgrade or a fresh install—will create the root of the new Win2K domain in the first tree of a new forest. Although Microsoft has published several documents about upgrading NT 4.0 servers to Win2K, I don't recommend upgrading existing NT servers. Instead of deleting the existing OS or formatting the drive before installing Windows 2000 Server (Win2K Server), use Win2K's setup program to delete all existing partitions. Then, let the setup program create the new partitions and format them with NTFS. Because several tools are available for migrating users, computers, and groups to Win2K, it's a good idea to avoid a direct upgrade from NT to Win2K and start with a clean slate. You don't want to take years of NT headaches with you to the next millennium.
Upgrading BDCs and Member Servers
Your next step is to upgrade your BDCs to Win2K. Again, you will want to avoid upgrading existing NT BDCs directly to Win2K. If, for example, you have only one BDC in a domain and you want that machine to become the new Win2K domain controller, you can install another machine as a temporary BDC in that domain for fault tolerance, wipe out the existing BDC, and do a fresh Win2K install. This new domain controller will obtain a copy of the Active Directory (AD) from your first domain controller. If you have several BDCs in a domain, life is easier—simply do a clean install on them, one at a time.
Once you have upgraded all your BDCs to Win2K, you can switch from a mixed mode to a native mode to take advantage of some additional AD features. You can upgrade member servers and workstations in any order. In fact, you can even upgrade them before you upgrade your domain controllers, but I recommend upgrading them afterwards.
The success or failure of your migration has a lot to do with user perception. You can have a great migration plan, but if the users—especially those in management—feel lost or confused when you begin implementing, you won't get credit for all the hard work you've done.
A solution is to move departments one at a time to the Win2K network, which will give you the opportunity to spend focused time with individual end users. You'll need to train users to use AD and new services such as DFS and Terminal Services. And be sure to leave time for configuration conflicts or other glitches that you might have overlooked.
If you're upgrading your workstations to Win2K Pro, you need to approach them as you did your servers—do fresh installs. The following table shows Microsoft's estimates of how much time you can save, in minutes, with various deployment methods:
For more information, see Deployment Cost Savings with MS Windows 2000 Professional on Microsoft's Web site at http://technet.microsoft.com/ cdonline/Content/Complete/boes/ win2kpro/technote/deplsav.htm.
You should pay close attention to security during the implementation phase. Test your security as you establish your new infrastructure, move machines and services, and upgrade workstations. Once everything is in place, revisit your security policies. At this stage, depending on the size and complexity of your network, you might consider hiring outside network security specialists.
Just when you think you're done migrating your network to Win2K, you'll be ready to take on the next version of Windows. One thing I find rather amusing is that with each new version, we're told how bad the previous version was, and that the new version overcomes all the limitations of the previous version. SAM was supposed to be the greatest thing, and now we ridicule SAM. NTFS 4.0 was the most secure file system, and now we make fun of its lack of encryption. The NT 4.0 domain models were supposedly terrific, and now Microsoft tells us what a big joke that domain structure was. You can bet all the tea in China that it won't be long before we're laughing at AD, dynamic DNS, and Win2K's limitations.