Manage Learn to apply best practices and optimize your operations.

We are beginning the migration process from Windows NT 4.0 to Windows Server 2003. What should our b

We are beginning the migration process from Windows NT 4.0 to Windows Server 2003. What should our biggest concerns be?
Some of the stumbling blocks to be aware of are: 1. the method of server and domain migration path (example: selecting an in-place instead of a parallel approach); 2. the current infrastructure configuration and its limitations; 3. running a single or multiple name resolution system; 4. running outdated NT technology (such as browser service in an AD domain); 5. overlooking overall security; and 6. forgetting down-level clients.

Integrating Windows Server 2003 as a member server role in an NT domain is not as challenging as migrating an NT domain to an AD domain. However, the path you take to both a server and domain migration is one of the biggest concerns you will have to address. It has been my experience that the in-place upgrade approach is not always reliable. It leaves NT remnants on the server or domain controller (even after a reported successful upgrade) and normally requires more effort to clean up system errors. If you are running an Exchange server, be prepared to tweak free/busy using ADSI at a minimum. A parallel approach requires more planning work and hardware upfront but will often result in a more stable environment moving forward.

An analysis of the infrastructure and name resolution configuration is necessary to properly operate a Windows 2003 and an AD domain. Not long ago, one of my new customers was running AD with remnants of NT technology, such as WINS (in addition to DNS) servers for name resolution, the browser service for browsing resources, to name a few. In addition, the domain controllers were reporting Kerberos errors and DNS connectivity issues. The customer soon learned that WINS was not needed. I was able to publish folder and printer shares in AD, which allowed the administrator to stop using the browser service on the servers and clients.

Another area of concern is security. Upgrading an NT domain controller, which by default installs unnecessary roles and services, is less secure when compared to a new Windows 2003 installation. When performing an in-place upgrade, there is a possibility that some of the unwanted roles and services will be preserved. Your domain controllers should not be running any other roles other than integrated DNS servers (one primary zone with a cache zone). This should hopefully get you thinking about some of the biggest concerns when thinking of migrating Windows.

This was last published in October 2004

Dig Deeper on Network Infrastructure

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.