Upgrading and Repairing Networks (5th Edition)
Fortunately, when you upgrade your network to Windows 2000, you don't have to jump in and do it all at once. The Windows 2000 Active Directory is backward compatible with previous Windows NT Server domain controllers, so you can upgrade your Windows NT 4.0 Servers in a time scale convenient to your own timetable. The Active Directory that comes with Windows 2000 adds additional functionality. And, for your desktops, Windows 2000 Professional is more intuitive and easier to use than Windows NT Workstation. You can choose to upgrade only a few servers at a time while you test the waters on the migration to Windows 2000, also called mixed mode . When you get ready to make the final change into an all “Windows 2000 network (native mode), you can simply click the switch. Otherwise, you can remain in a mixed network consisting of both Windows NT 4.0 domain controllers as well as Windows 2000 domain controllers. Note, however, that you won't gain all the benefits that the Active Directory can provide while you operate in mixed mode. When you convert your network to an all “Windows 2000 network, you'll gain a large number of features ( offered by the Active Directory) that can make managing the network a much simpler set of tasks . However, after you make the switch to a native-mode network, you can't go back! It's a one-time conversion that you cannot easily undo. When you do make the decision to upgrade your domain controllers to Windows 2000 and switch to an all-2000 network for your domain controllers using the Active Directory, there's still one way you can back out if you must. You can create an additional domain controller for each domain (a backup domain controller or BDC ) before you change over to an all-2000 network, and then take that domain controller offline (power it off!). If for some very good reason you need to revert a domain to Windows NT 4.0, you can shut down the Windows 2000 domain controllers (and thus the Active Directory), power up the BDCs, promote them to be primary domain controllers, and keep your fingers crossed. You might have some problems with user workstations that were members of a Windows 2000 domain, but these can usually be resolved by changing their domain membership. However, this method is not recommended except as a very last resort. The more time that passes between switching to native mode and attempting a rollback, the more problems you're likely to run into. Remember, the BDC has a snapshot of your domain from the point at which you power down the machine. Any domain object changes that are made between powering down the last BDC and going native mode ”including, for example, adding new computer accounts, changing user accounts, or even changing user passwords ”must be redone if you roll back. Because the BDC would not be aware of those changes, it would be as if they had never occurred. In the past, Windows domains were used to group resources and users into manageable units for administrative control. The Active Directory provides for enhanced security mechanisms, such as the capability to delegate security administration and a new method of grouping users and resources: the organizational unit (OU). These two features can make it easy to reduce the number of domains you have in an existing network as you migrate to a network that eventually will be managed totally using the Active Directory.
This chapter examines some of the things you should consider before performing an upgrade and shows you an example of how you can create a domain controller in a Windows 2000 network. |