Integrating Windows Server 2003 as a member server role in an NT domain is not as challenging as migrating an NT domain to an AD domain. However, the path you take to both a server and domain migration is one of the biggest concerns you will have to address. It has been my experience that the in-place upgrade approach is not always reliable. It leaves NT remnants on the server or domain controller (even after a reported successful upgrade) and normally requires more effort to clean up system errors. If you are running an Exchange server, be prepared to tweak free/busy using ADSI at a minimum. A parallel approach requires more planning work and hardware upfront but will often result in a more stable environment moving forward.
An analysis of the infrastructure and name resolution configuration is necessary to properly operate a Windows 2003 and an AD domain. Not long ago, one of my new customers was running AD with remnants of NT technology, such as WINS (in addition to DNS) servers for name resolution, the browser service for browsing resources, to name a few. In addition, the domain controllers were reporting Kerberos errors and DNS connectivity issues. The customer soon learned that WINS was not needed. I was able to publish folder and printer shares in AD, which allowed the administrator to stop using the browser service on the servers and clients.
Another area of concern is security. Upgrading an NT domain controller, which by default installs unnecessary roles and services, is less secure when compared to a new Windows 2003 installation. When performing an in-place upgrade, there is a possibility that some of the unwanted roles and services will be preserved. Your domain controllers should not be running any other roles other than integrated DNS servers (one primary zone with a cache zone). This should hopefully get you thinking about some of the biggest concerns when thinking of migrating Windows.
This was first published in October 2004