Migrating to Windows 2000 in a Large Research Environment

1
Migrating to Windows 2000 in a Large Research
Environment

• Rand Morimoto
• President, Inacom Oakland
• rand_at_inaoak.com

2
Migrating to Windows 2000 in a Large Research
Environment

• Background of Active Directory
• DNS in Windows 2000
• Migrating from WINS to DNS
• Consolidating NT4 Domains
• Conducting a Phased Migration
• Next Generation MS-Exchange

3
About the Speaker

• Microsoft Advisory Council Member (1995-present)
• On the NT and Windows 2000 Development Team
• Author
• Deploying Microsoft Exchange v5, 700-pages
• Tuning and Optimizing Windows NT, 1000-pages
• Windows 2000 Design and Migration
• Exchange v6 Design and Migration
• President / Inacom Oakland
• Inacom Corporation
• National / Intl Services
• Windows 2000 Services

4
Microsoft Directory Evolution
Now
Now
Coming
Microsoft Exchange Server directory
Windows 2000
Windows NT user directory
Windows NT user directory

• Singleenterprise logon
• Centralmanagement
• Replicated/ partitioned

• E-mail namesand rich attributes
• X.500 naming
• MAPI, LDAP support
• Scalable to millions

• Integrated DNS, X.500
• Deep integration with OS security
• More standard support X.500 DAP/DSP, ADSI,
  OLE/dB, etc.
• Scalable to millions

5
What is Active Directory?

• Windows 2000 directory service
• Active Directory has
• A hierarchical, flexible namespace
• Partitioning for scalability
• Multi-master replication
• Dynamic extensibility
• Open and extensible directory synchronization
  interfaces
• Lightweight Directory Access Protocol (LDAP) as
  the core protocol for interoperability

6
AD Terminology

• Namespace
• Name
• Domain
• Organizational Units (OUs)
• Tree
• Sites
• Global Catalog
• Schema

7
Differentiation
Administration Designators vs Replication
Designators
8
Creating Administrative Structures

• First I Create my Domain and Give it an
  Organization Name
• Then I Create Organizational Units within this
  Domain to Distribute Administration
• I then Create Users within the Organizational
  Units where they Belong
• Finally I Group the Users so I can more Easily
  set Policies to the Group

9
Creating Administrative Structures
Domain
10
Enterprise is Made of Domains

• Domains can be linked by trust
• Domains can be related by name
• Both X.500 and DNS naming

DCMyCorp,DCCom
whatever.edu
DCDev,DCMyCorp,DCCom
whatnot.whatever.edu
11
Active DirectoryGlobal namespace DNS LDAP
Directories
com
edu
berkeley
inacom
microsoft
students
courses
PoliSci
Domain inacom.com
BSmith
RJones
AArney
KBryant
Domain microsoft.com
Domain berkeley.edu
12
Windows 2000 DNS Management Services
13
Planning Your DNS Strategy

• Active Directory is integrated with Domain Name
  System (DNS)
• Therefore, it is important to
• Determine which DNS server to use
• Determine your DNS root

14
DNS Server Options

• Implement Microsoft DNS Exclusively
• Implement Microsoft DNS as a Delegated
  Sub-domain
• Use an Existing DNS Server

15
Implement Microsoft DNS Exclusively

• Benefits
• Tight integration with Active Directory
• Supports the extended character set, Unicode
• Not dependent on existing DNS Servers
• Will co-exist with other DNS Servers
• Supports multi-master replication

16
Implement Microsoft DNS as a Delegated Sub-domain

• Benefits
• Requires no upgrade of any existing DNS servers
• Utilize existing DNS infrastructure
• Minimizes dependency of Active Directory on
  existing DNS servers

17
Use a Non-Microsoft DNS Server

• Benefits
• Does not require replacing existing DNS servers
• No DNS changes required

18
Existing DNS Server

• To Support Active Directory, a DNS Server
• Must support the SRV RR defined by RFC 2052
• Should also support
• The Dynamic Update Protocol - RFC 2136
• Incremental Zone Tranfers - RFC 1995

19
Multiple Domains/Trees

• Sometimes it is necessary to have more than one
  domain
• Multiple domains with a contiguous name space are
  referred to as trees

tailspintoys.com
europe.tailspintoys.com
marketing.europe.tailspintoys.com
20
Forest Definition

• One or more Windows 2000 Trees
• Do not form a contiguous namespace
• Share a common schema, config., Global Catalog
• All Trees in a Forest trust each other
• Does not need a distinct name

Softimage.Com

Finance.Softimage.com

21
Integrated Security
Scenarios
22
Goal of Windows 2000 for EnterprisesReliability
and Scalability
Network Load Balancing
Clustering
23
Goal of Windows 2000 for EnterprisesWorld Ready

• Multilingual user interface
• Same code runs anywhere
• Simultaneous support of multiple languages
• Single world-wide API

24
What Can be Done with NT4 in Anticipation of a
Migration to Windows 2000
25
Consider Implementing NT4 Workstation Today

• Higher level of security
• ability to lock down w/s hardware config
• ability to create and manage set processes
• Ability to use global roaming profiles
• Key to Intellimirror in Windows 2000
• Consolidated DLL model in Windows 2000

26
Design, Implement, and Gain Support for System
Policies

• Globally manage individuals, groups of users, or
  all users the ability to
• change screen saver
• change desktop background
• add applications
• purposely or accidentally delete applications
• drop to DOS prompt
• modify workstation configurations

27
System Policies
28
Consolidate Domains

• Minimize resource domains
• Develop structure that utilizes fewer domains
• Create simplified trust model
• Document enterprise hierarchy
• server/host configurations
• segment addresses
• segment bandwidth
• trust and authentication process

29
Fastlane Technologies DM/Manager
Selectively move single or multiple users from
any Source Domain...
...to any Target Domain!
30
Setting Rules / Policies for Migration
Flexible migration options...
31
Conduct Performance Analysis

• Evaluate Client to Server Bandwidth Demands
• Evaluate Server to Server Bandwidth Utilization
• Analyze Server System Utilization
• Conduct WAN Bandwidth Analysis
• Bluecurve Dynameasure recognized by Microsoft
  for capacity analysis and capacity planning
  (http//www.bluecurve.com)

32
Performance Analysis
Server CPU capacity is bottlenecked. All four
server CPUs reach maximum thruput
33
Implement TCP/IP and SMTP as Core Communications
Protocols
TCP/IP SMTP
Site A
Site B
34
Implement DNS (in addition to (and in an Windows
2000 environment, in place of) WINS)

• WINS needed for Netbios name resolution
• DNS to be native in Windows 2000 complete TCP/IP
  environment

35
Implement LDAP for Look-up
Domain Controller
Client
Microsoft Management Console
Legacy NT4 APIs
NT4 BDC Replication
SAM
ADSI
NW3 NW4 NT4 NTDS
Windows 2000 M-M Replication
Directory Service
LDAP
wldap32.dll
NCP
NCP
Net APIs
36
Create an Windows 2000 Deployment Team

• Team Includes
• DNS Decision Makers (NT, UNIX, etc)
• Hardware Implementers and Support Personnel
• File/Print LAN/WAN Decision Makers
• Firewall and Internet Security Decision Makers
  (Kerberos, X.509, etc)
• Electronic Messaging Group
• Desktop Support Group (Intellimirror, Windows
  Scripting, Sysclone, SMS)

37
Migrating from NT4 to Windows 2000

• Migrating Domain Controllers
• Migrating Servers
• Migrating Users

38
Migration

• Any Windows NT domain model can be migrated
  easily to the Active Directory
• Mixed environments
• Fully supported
• Look and act like Windows NT 4.0 domains
• Migration to domain tree simple

39
Migration (Initial State)
Initial state
Windows NT 4.x domain
PDC
BDC
BDC
40
Migration (Step 1)
Upgrade PDC to Windows 2000
PDC
BDC
BDC
BDC
41
Migration (Step 2)
Upgrade remaining Windows NT 4.x BDCs
DC - GC
DC
DC
DC
42
Migration (Final State)
DC - GC
DC
DC
DC
Native domain
43
Migrationresource domains

• Can be upgraded in place and joined to tree
• Can be replaced with OUs
• Convert in place
• Join to tree
• Create OU in parent domain
• Drag resource domain contents into OU
• Delete (empty) resource domain

44
Server Role In Windows 2000
PDC BDC Replica Windows NT 4.0 Only
writeable Read-only -- copy copy Windows
2000 Writeable copy. -- Writeable copy Appears
as PDC to downlevel clients Windows
2000 Only writeable Read-only Read-onlyMixed
domain copy (Windows copy copy NT 4.0
or (Windows Windows 2000) NT 4.0)
45
Next Generation Microsoft Exchange 2000 codename
Platinum
46
Built on Windows 2000 Active Directory
47
AD Does Exchange Administration
48
Utilizes Multiple Storage Groups

• More than 1 MDB Per Server
• Smaller MDBs for easier backup/restore
• Separate MDB for NNTP and Internal Public Folders
• Distribute DBs across multiple Storage Area
  Network (SAN) devices
• Distribute Administration of DB management on a
  single server

49
Migration to Exchange Platinum

• Exchange Platinum Migration
• Exchange server needs to be migrated, but not the
  whole organization
• Migration tools included to migrate Exchange v5.5
  to Platinum (users, org/site structure,
  mailboxes, public folders)
• Active Directory Connector provides a link
  between non-Active Directory NOSs and Exchange
  Platinum (NT4, NDS, LDAP)

50
Preparing for Exchange Platinum

• Upgrade to Exchange v5.5 (if you have not already
  done so)
• Replace Site Connectors with SMTP or X.400
  Connectors using InterOrg Directory Replication

51
Questions ?
52
Rand MorimotoInacom Oaklandinternet
rand_at_inaoak.com(510) 444-5700 ext.100