# 0RGXOH#5=#&KRRVLQJ#D#0LJUDWLRQ#3DWK#WR#:LQGRZV#5333#$FWLYH#'LUHFWRU\# # LLL#,QVWUXFWRU#1RWHV# This module introduces students to the different ways in which they can accomplish migrati
Trang 1Windows 2000 Active Directory
Trang 2Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property
2000 Microsoft Corporation All rights reserved
Microsoft, MS, Windows, Windows NT, Active Directory, and Windows 2000 are either registered trademarks or trademarks of Microsoft Corporation in the U.S.A and/or other countries The names of companies, products, people, characters, and/or data mentioned herein are fictitious and are in no way intended to represent any real individual, company, product, or event, unless otherwise noted
Other product and company names mentioned herein may be the trademarks of their respective owners
Project Lead/Instructional Designer: Sangeeta Garg (NIIT (USA) Inc.) Lead Program Manager: Angie Fultz
Instructional Designer: Robert Deupree (S&T OnSite) Subject Matter Expert: Brian Komar (3947018 Manitoba Inc) Technical Contributors: John Pritchard, Greg Parsons, David Cross, Rodney Fournier, Tony de
Freitas, Christoph Felix, Shaun Hayes, Megan Camp, Richard Maring, Glenn Pittaway, Anne Hopkins, Bob Heath, Jeff Newfeld, Jim Glynn, Paul Thompson (Mission Critical Software, Inc.), David Stern, Lyle Curry, Steve Tate, Bill Wade (Wadeware LLC)
Testing Leads: Sid Benavente, Keith Cotton Testing Developer: Greg Stemp (S&T Onsite) Testers: Testing Testing 123
Instructional Design Consultants: Susan Greenberg, Paul Howard Instructional Design Contributor: Kathleen Norton
Graphic Artist: Kirsten Larson (S&T OnSite) Editing Manager: Lynette Skinner
Editors: Marilyn McCune (Sole Proprietor), Wendy Cleary (S&T OnSite), Jane Ellen Combelic
(S&T OnSite)
Copy Editor: Shawn Jackson (S&T Consulting) Online Program Manager: Debbi Conger Online Publications Manager: Arlo Emerson (Aditi) Online Support: Eric Brandt (S&T Onsite)
Multimedia Development: Kelly Renner (Entex) Testing Leads: Sid Benavente, Keith Cotton Testing Developer: Greg Stemp (S&T OnSite) Courseware Testing: Data Dimensions, Inc
Production Support: Lori Walker (S&T Consulting) Manufacturing Manager: Rick Terek (S&T Onsite) Manufacturing Support: Laura King (S&T Onsite) Lead Product Manager, Development Services: Bo Galford Lead Product Managers: Dean Murray, Ken Rosen Group Product Manager: Robert Stewart
Trang 3# 0RGXOH#5=#&KRRVLQJ#D#0LJUDWLRQ#3DWK#WR#:LQGRZV#5333#$FWLYH#'LUHFWRU\# # LLL#
,QVWUXFWRU#1RWHV#
This module introduces students to the different ways in which they can accomplish migration to Microsoft® Windows® 2000, the considerations for choosing one path over another, and the decision points that they can use to determine an appropriate path for an enterprise, based on the current network structure and migration goals of the enterprise
There is no lab for this module
At the end of this module, students will be able to:
„#Identify the components of the existing Microsoft Windows NT® version 4.0 domain structure that need to be documented prior to migration
„#Identify the areas of their current network environments that need to be documented and gather information about the current computing environment
„#Identify and prioritize their migration goals
„#Examine their organization's Active Directory™ directory service design
„#Examine the different ways in which organizations can choose to migrate to the Active Directory infrastructure
0DWHULDOV#DQG#3UHSDUDWLRQ#
This section provides you with the materials and preparation tasks that are needed to teach this module
5HTXLUHG#0DWHULDOV#
To teach this module, you need the following materials:
„#Microsoft PowerPoint® file 2010A_02.ppt
„#Module 2, “Choosing a Migration Path to Windows 2000 Active Directory” 3UHSDUDWLRQ#7DVNV#
To prepare for this module, you should:
„#Read all of the materials for this module
„#Read the white paper, “Planning Migration from Microsoft Windows NT to Microsoft Windows 2000,” on the Student Materials compact disc
„#Read chapter 10 of the Windows 2000 Server Deployment Planning Guide,
“Determining Domain Migration Strategies”, on the Student Materials compact disc
„#Read Appendix A: Managing and Mitigating Risks During a Migration, on the Student Materials compact disc
Trang 4LY# # 0RGXOH#5=#&KRRVLQJ#D#0LJUDWLRQ#3DWK#WR#:LQGRZV#5333#$FWLYH#'LUHFWRU\#
0RGXOH#6WUDWHJ\#
Use the following strategy to present this module:
„#Introduction to Choosing a Migration Path Emphasize that choosing a migration path is the first step in developing a migration strategy Provide an overview of the steps involved in choosing a path
„#Identifying the Existing Domain Environment Explain the components of the existing Windows NT 4.0 domain structure that should be documented prior to migration
„#Gathering Information About the Current Network Environment Explain what information to gather about the current network environment and the tools that students can use to gather this information List some of the areas of the current network environment that need to be documented
„#Defining Goals for Migration Define business goals and migration goals Clearly delineate between the two types of goals: Business goals define a business need or requirement, whereas migration goals specify the way that Windows 2000 meets the business need or solves a business problem Explain some of the business reasons for migrating to Active Directory Discuss the business goals and explain how they should map to migration goals
„#Examining the Active Directory Design Because the Active Directory design defines the end point for the migration, explain the need to analyze the design from the perspective of the migration goals Give an example of a conflict that may emerge when comparing the goals of the Active Directory design with migration goals
„#Determining Possible Migration Paths Explain the various ways in which organizations can migrate to Windows
2000 Active Directory Make sure that students clearly understand the differences between the migration paths, because the rest of the course depends on comprehension of these concepts
The decision points for each migration path will help organizations select an appropriate route to Windows 2000 Ask students what migration path their organizations have chosen and which decision points helped them choose Explain the decision points associated with selecting upgrade as the migration path Explain the reasons for and against upgrading
Explain the decision points associated with selecting restructure as the migration path Explain the reasons for and against restructuring
Trang 5in business needs and a tolerance for risk to production and business environments
When selecting a migration path that meets your organizational or business needs, you should carefully compare your goals to the capabilities of each migration path The one that you choose will affect the remainder of migration planning
At the end of this module, you will be able to:
„#Identify the components of the existing Microsoft Windows NT® version 4.0 domain structure that need to be documented prior to migration
„#Identify the areas of your current network environment that need to be documented, and gather information about the current computing environment
„#Identify and prioritize your migration goals
„#Examine the Active Directory design of your organization
„#Examine the different ways in which organizations can choose to migrate to the Active Directory infrastructure
Trang 65# # 0RGXOH#5=#&KRRVLQJ#D#0LJUDWLRQ#3DWK#WR#:LQGRZV#5333#$FWLYH#'LUHFWRU\#
,QWURGXFWLRQ#WR#&KRRVLQJ#D#0LJUDWLRQ#3DWK#
Identify the existing domain environment Gather information about the current network environment Define goals for migration
Determine possible migration paths Evaluate upgrade decision points
1 2 3
Examine the Active Directory design
4
Evaluate restructure decision points
5 6 7
When selecting a migration path to Windows 2000 Active Directory, an enterprise must:
1 Identify the existing domain environment
Identifying the existing Windows NT 4.0 domain environment defines the starting point for the migration and allows an organization to evaluate the efficiencies and effectiveness of the current model in meeting the present business needs
2 Gather information about the current network environment
Analyzing the impact that a migration will have on an organization’s production environment requires a clear view of the information and technologies that an organization uses and needs
3 Define goals for migration
The next step in selecting a migration path is to identify and prioritize your migration goals Your migration goals can relate to business or the
migration itself
4 Examine the Active Directory design
The Active Directory design identifies the migration project’s end goal, the ideal domain infrastructure for an organization You must conduct an initial review of the Active Directory design, because the domain hierarchy it proposes will strongly influence, if not dictate, the migration path that you choose Later, within the context of a domain upgrade or restructure plan, a more thorough examination of the Active Directory design helps guide the remaining migration planning and ensures that the business goals of the two designs are aligned
5 Determine possible migration paths
This step involves identifying the different ways in which you can accomplish migration to Windows 2000 and then carefully comparing your goals to the capabilities of each migration path in order to select a path that meets your needs
Trang 7# 0RGXOH#5=#&KRRVLQJ#D#0LJUDWLRQ#3DWK#WR#:LQGRZV#5333#$FWLYH#'LUHFWRU\# # 6#
6 Evaluate upgrade decision points
This step involves examining the decision points associated with selecting upgrade as the migration path
7 Evaluate restructure decision points
This step involves examining the decision points associated with selecting restructure as the migration path and the reasons for choosing one migration path over another
Trang 8Document the existing one-way and two-way trust relationships in your network Identify any domains and trust relationships that you do not want to move into your Windows 2000 forest Domains that are upgraded to
Windows 2000 domains and designated as part of the same forest will connect
to other Windows 2000 domains through transitive trust relationships If you upgrade your domains to Windows 2000, you will need to create explicit trust relationships between Windows 2000 domains and down level domains that are not moved into the new forest as required
7KH#1XPEHU#DQG#/RFDWLRQ#RI#'RPDLQ#&RQWUROOHUV#RQ#<RXU# 1HWZRUN#
Determining the number and location of domain controllers on your network
will allow you to plan the migration for each domain Identify primary domain
controllers (PDCs) and backup domain controllers (BDCs) on physical and logical network diagrams Note their geographical locations and configuration details
Trang 9# 0RGXOH#5=#&KRRVLQJ#D#0LJUDWLRQ#3DWK#WR#:LQGRZV#5333#$FWLYH#'LUHFWRU\# # 8#
$FFRXQWV#DQG#$GPLQLVWUDWLRQ#
Document the domain location of user, group, and computer accounts The number and distribution of accounts may also affect the migration path that you ultimately choose Record key account properties, such as group account membership, permissions to shares, and special rights assignments This information will be used during the pilot trial migrations to validate the deployment plan The information can also be used to determine whether any accounts in the enterprise are no longer used so that obsolete and inaccurate data does not migrate into the new directory service
Some Information Technology (IT) organizations strictly control all administrative functions Others may centralize security assignment but allow for decentralized day-to-day user administration Examining and documenting the domain administration culture will reveal the type of, and reasons for, existing administrative traditions and may expose security gaps, outdated policies, or redundancies
Trang 109# # 0RGXOH#5=#&KRRVLQJ#D#0LJUDWLRQ#3DWK#WR#:LQGRZV#5333#$FWLYH#'LUHFWRU\#
*DWKHULQJ#,QIRUPDWLRQ#$ERXW#WKH#&XUUHQW#1HWZRUN#
(QYLURQPHQW#
Information Store
Information Store
Line of Business Applications
Line of Business Applications
File, Print, and Web Server
Hardware and Software
Hardware and Software
Network Infrastructure
Network Infrastructure
Security
DNS Infrastructure
DNS Infrastructure
Network architects must understand the current network environment before they can plan a move to a better one Moreover, the current environment is an important reference point when evaluating whether progress is necessary The following are some areas of your current network environment that you need to document
,QIRUPDWLRQ#6WRUH#,QYHQWRU\#
An information store inventory details what the organization needs to know to run its business and operations It specifies where and how information is stored (such as in databases) and how data is moved and shared throughout the organization It identifies data-management policies, information origination, data ownership, and patterns of information consumption and production in the organization Your inventory should also address statutory or legal restrictions, such as encryption, that affect your data and information needs
+DUGZDUH#DQG#6RIWZDUH#,QYHQWRU\#
Conduct hardware and software inventories of all servers and client computers
in use on your network Document routers, printers, modems, and other hardware, such as redundant array of independent disks (RAID)
Your software inventory should list all applications found on servers and should include version numbers of dynamic-link libraries (DLLs) associated with the applications on your system You should also ensure that the latest basic input/output system (BIOS) is installed Document hardware drivers and any service packs that you might have applied to your operating system or applications Also, document network configurations for servers and client computers, such as Internet Protocol (IP) addresses, primary Domain Name System (DNS) Server, and gateway addresses
Trang 11# 0RGXOH#5=#&KRRVLQJ#D#0LJUDWLRQ#3DWK#WR#:LQGRZV#5333#$FWLYH#'LUHFWRU\# # :#
1HWZRUN#,QIUDVWUXFWXUH#
When documenting your network infrastructure, obtain hardware data to document your infrastructure’s physical structure and software data to document the existence and configuration of the protocols in use on your network You also need to document the logical organization of your network, name and address resolution methods, and the existence and configuration of services used, such as the Windows Internet Name Service (WINS) topology, and Dynamic Host Configuration Protocol (DHCP) reservations, and option configurations to ensure that these services function appropriately after migration Documenting geographic locations, physical connectivity, and available bandwidth between them will also assist you in making appropriate installation decisions as they pertain to replication In addition, you should document statically assigned IP address assignments and the presence of other network operating systems
'16#,QIUDVWUXFWXUH#
Because an Active Directory forest requires a unique DNS namespace, it is important to document any DNS namespaces in use in your organization Identify all zones and primary and secondary servers, in addition to the configuration of zone transfers You should also document the DNS software versions in use, such as Berkeley Internet Name Domain (BIND)
)LOH/#3ULQW/#:HE#6HUYHUV/#3'&V/#DQG#%'&V#
Document the configuration details of all servers Identify whether any of these servers rely on special protocols or drivers For instance, if a product needs to reside on a BDC, the functionality of this product might be impacted when the backup controller is upgraded to Windows 2000 As with any computer, evaluate the hardware and associated drivers on these computers for Windows 2000 compatibility through the Hardware Compatibility List (HCL) /LQH#RI#%XVLQHVV#$SSOLFDWLRQV#
Identify all applications that your enterprise must have to perform its core mission Determine any dependencies that these applications have on network protocols, versions of operating systems, or connectivity Evaluate these applications for compatibility with Windows 2000
Trang 12Document the types of relationships that currently exist among office locations, business units, and divisions in your organization Document any existing user and enterprise security policies Identify what types of information are available
to which groups, and any significant restrictions required for certain types of information, such as accounting data Document any guidelines that exist regarding appropriate network usage; for example, whether staff members can access the Web and for what purposes, and what constitutes prohibited or inappropriate access The relationships that your company has with outside vendors, customers, and joint-venture or business partners will also affect the security measures in your migration strategy
Trang 13# 0RGXOH#5=#&KRRVLQJ#D#0LJUDWLRQ#3DWK#WR#:LQGRZV#5333#$FWLYH#'LUHFWRU\# # <#'HILQLQJ#*RDOV#IRU#0LJUDWLRQ#
migration goals and to understand the implications of your choices Your migration goals can be business-related or relate to the migration itself
%XVLQHVV#*RDOV#
Business needs, requirements, and goals drive the decision to migrate to Windows 2000 It is important to define how the technology maps to the needs and functions of the organization, thereby aligning technology with business needs and goals Technology exists to solve business problems and meet business goals If a function of technology does not exist to accomplish a particular business goal, migration impedes functions that do meet business goals and solve business problems
Trang 1443# # 0RGXOH#5=#&KRRVLQJ#D#0LJUDWLRQ#3DWK#WR#:LQGRZV#5333#$FWLYH#'LUHFWRU\#
0DSSLQJ#%XVLQHVV#*RDOV#WR#0LJUDWLRQ#*RDOV#
Migration goals should map to business goals to ensure the alignment of business and technology objectives During the migration project, when conflicts arise, this mapping helps remind the project team of the business interests that precipitated migration objectives The following table is an example of how business goals and needs should map to migration goals
Business goals Map to migration goals
Minimize administrative overhead during migration
Seamless migration of user accounts
Users maintain their passwords
Administrators minimize the number of visits to the workstation
No requirement to set up new permissions for resources
Maximize incremental value The enterprise should obtain earliest access to key
features of the new platform
Maintain domain security There should be no impact on security policy,
other than improvement
Minimize disruption to the business environment
User access to data and resources should be maintained during and after the migration User access to applications should be maintained during and after the migration
The user’s familiar environment should be maintained during and after the migration.Maintain or improve security of
confidential customer information
Implement encrypting file system using certificates provided by Certificate Services Improve support of geographically
dispersed end users
Maximize the administrative tool capabilities for remote use and resource administration
Lower total cost of ownership and administration
Implement Group Policy for software distribution and updates