Upgrade Issues

Migrating your network from Windows NT 4.0 to Windows 2000 can seem daunting and, as one reader put it, overwhelming. Proper planning and testing can help you avoid many of the potential pitfalls, but you'll likely run into a few bumps in the road despite your due diligence. This week’s column is the first in an occasional series that I'll devote to the different issues you need to address to ensure that your upgrade goes well and that your network continues to operate smoothly.

Authorize DHCP
When you upgrade an NT 4.0 DHCP server to Win2K Server and make it a member of a Win2K domain, that server will be temporarily unable to issue any new IP leases. Active Directory (AD) requires that a member of the Enterprise Administrators group authorize all DHCP servers to decrease the likelihood that someone will set up a DHCP server that could hand out incorrect IP configuration information.

To authorize a DHCP server, open the Microsoft Management Console (MMC) DHCP snap-in, right-click DHCP, chose Manage Authorized Servers, and enter the IP address of the DHCP server that you want to authorize. The authorization process takes a few minutes, so don't expect the server to start issuing IP addresses right away. When the DHCP server authorization process is complete, the arrow on the DHCP snap-in's server icon will turn from red to green to indicate that the server can start assigning IP addresses.

A related issue that you'll encounter during the upgrade process is that your DHCP servers will stop responding to lease requests. This problem occurs because Win2K uses a newer version of the Joint Engine Technology (JET) database, and the system must stop the DHCP service to upgrade the database.

LAN Manager Replication
NT 4.0 uses the NT LAN Manager (NTLM) Replication service to ensure that logon scripts and system policies are available on any PDC or BDC that authenticates a logon request. Win2K doesn’t support this service but instead relies on the File Replication Service (FRS) and a share system volume called SYSVOL. The domain controller (DC) promotion process creates this shared system volume on every Win2K DC. Using FRS, Win2K replicates any change that occurs in a DC’s SYSVOL to the SYSVOL shares on all the other DCs in the domain using. SYSVOL is where Win2K stores logon, logoff, startup, and shutdown scripts, as well as Group Policy settings.

FRS and SYSVOL work well if all your DCs run Win2K, and NTLM Replication works well if you have only NT 4.0 DCs. But of course, you're probably not going to upgrade all your BDCs to Win2K overnight. Rather, you'll likely implement a period of Win2K-NT 4.0 coexistence. To ensure that clients continue to receive appropriate logon scripts and system policies during this coexistence, you need to create a bridge between the Win2K SYSVOL and the NT 4.0 export server's export directory. The simplest way to create such a connection is to use a batch file that copies the contents of the Win2K SYSVOL Netlogon share to the NT 4.0 export server's scripts folder, which is in the export directory. The Microsoft Windows 2000 Resource Kit contains a batch file called lbridge.cmd that you can modify to use in your environment.

One final note that relates to NTLAN Replication: Before you begin the upgrade process, make sure that your PDC isn't serving as your export server. The PDC must be the first DC you upgrade, so you must first designate a BDC as the export server or you will in effect break your replication.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.