Domain Model

In Windows 2000, a domain is a collection of network objects, such as user accounts, groups, and computers, that share a common directory database with respect to security. A domain identifies a security authority and forms a boundary of security with consistent internal policies and explicit security relationships to other domains.

Migrating Domains to Windows 2000

Before you can migrate Windows NT domains to 2000, there are certain steps that must be accomplished:

1. Complete the design of the Windows 2000 forest.

2. Plan the migration of Windows NT domains to Windows 2000 native domains and deploy new features of Windows 2000 Server.

3. Plan the restructure of the Windows 2000 domains.

If you were to put this into a flowchart, it would look like Figure 6.1.

FIGURE 6.1 Domain migration flowchart

Start

Start

When you start analyzing your current domain environment and begin looking at migrating to Windows 2000, you want to make sure that the migration is as painless as possible. The migration should meet certain goals, as laid out in Table 6.1.

TABLE 6.1 The Path to a Perfect Migration

The Goal Should Be

Which Means You Will Need to Do This

A seamless transition to Windows 2000 causing little or no disruption to the production network.

You must make sure that you have planned for all eventualities to make sure that the users can access their data, the resources are available, and applications are accessible during the migration process. Since most people hate change, strive to make sure the users' familiar environment is maintained during and after the migration.

To maintain the current levels of system performance or improve response time.

You must make sure that you have planned for all eventualities to make sure that the users can access their data, the resources are available, and applications are accessible during the migration process. Since most people hate change, strive to make sure the users' familiar environment is maintained during and after the migration.

To eliminate network downtime, or increase the average mean time between failures.

You must make sure that you have planned for all eventualities to make sure the users can access their data, the resources are available, and applications are accessible during the migration process. Since most people hate change, strive to make sure the users' familiar environment is maintained during and after the migration.

To minimize the administrative overhead.

You must make sure that every effort is made to minimize the number of times a member of the IT staff needs to touch a user's computer after the upgrade. Keeping the number of user contacts to a minimum means your upgrade was seamless.

TABLE 6.1 The Path to a Perfect Migration (continued)

The Goal Should Be

Which Means You Will Need to Do This

To maximize the number of quick wins.

Getting a quick win means to have some feature of the new network available at the earliest opportunity so people can see how they will benefit from the upgrade.

Above all, you should maintain system security.

There should be little or no negative impact on the current security policy. Make sure the security of the network is maintained or is strengthened after the upgrade.

As you analyze your current domain trust structure, your goal should be to migrate the NT domains and move the Windows 2000 domains to native mode as soon as possible. Native mode is the final operational state of a Windows 2000 domain, and is enabled by setting a switch on the user interface. While the procedure for the switch is relatively simple, the implications are extensive. Switching to native mode means all the domain controllers in the domain have been migrated to Windows 2000. Native mode is one of those things that once you do it, you can't go back!

Domain Migration Concepts

Domain upgrade is sometimes referred to as "in-place upgrade" or "upgrade." A domain upgrade is the process of upgrading the Primary Domain Controller (PDC) and the Backup Domain Controllers (BDCs) of a Windows NT domain from Windows NT Server to Windows 2000 Server.

Domain restructure is sometimes referred to as "domain consolidation." A domain restructure is a complete redesign of the domain structure, usually resulting in fewer, larger domains. This choice is for those who are dissatisfied with their current domain structure or who feel that they cannot manage an upgrade without serious impact to their production environment.

Upgrade and restructure are not mutually exclusive; some organizations might upgrade first and then restructure, while others might restructure from the start. Both require careful thought and planning before choices are implemented.

Was this article helpful?

0 0

Post a comment