For many different deployments, upgrading versus migrating is indicated by the deployment goals and contingencies of the existing server and network operating system (NOS) infrastructure.
The decision whether to migrate or upgrade depends upon a number of factors. Start by answering the fundamental questions for each server:
Is it possible? Do the system hardware and software support an upgrade, and, if so, to which edition of Windows Server 2003?
Can the existing hardware support the necessary service and operations load?
Is it desirable? Are there services or applications that are beneficial to maintain in place, or would you be better off with a new, clean installation and migrating the data?
When installing Windows Server 2003 domain controllers, you also must determine whether to upgrade or to migrate security principals from the existing domain controllers.
Where it is possible, performing an upgrade has substantial advantages over performing a migration in that it maintains existing server and application configuration settings. Migration, on the other hand, requires that you move security principals from an existing domain controller using Microsoft or third-party migration tools.
An upgrade is an in-place installation of Windows Server 2003 on a server running Windows NT or Windows 2000. An upgrade provides operational advantages to a business that must maintain the services that the server is currently providing (without reconfiguration) while updating the operating system software.
An upgrade has certain advantages over migration, as follows:
It is done in place, leaving existing servers intact and operational.
Existing configuration data are incorporated.
Current device and driver settings are leveraged.
Configured security settings are maintained.
The following configuration data is maintained during the upgrade process:
User accounts and settings
Group settings
User rights
Permissions
Application configuration information
Yet there are limits to the utility of upgrading servers from previous operating systems. Repeated upgrading of servers—from Windows NT 4 to Windows 2000 to Windows Server 2003—can result in the server providing less than optimal performance. Where server performance is important, a new installation will deliver better overall service performance, providing an advantage to migrating instead of upgrading.
One downside to upgrading an existing server is the possibility of installation or configuration problems that render the system unusable. This potential downside can be addressed by creating a full backup of the current server (and any data it contains), preferably an imagebased backup that can be readily applied if restoration is necessary.
Although it is important to note the minimum requirements for Windows Server 2003 as described in Chapter 2, rarely do the minimum requirements allow a server to meet the operational demands placed upon it in an enterprise network environment. Consider for a moment that the performance of your servers running Windows Server 2003 will be more important than most of the other systems on your network. These servers are where a significant percentage of your network workload will reside; thus, enhancing the server hardware for Windows Server 2003 installations is a good idea.
Particularly if you are planning to upgrade a server that runs Windows NT 4, evaluate the hardware and not only from the perspective of meeting the minimum requirements, but also evaluate how effective/optimal it is for running Windows Server 2003 (and any services it is configured to provide).
To help assess server compatibility, do the following:
Review Windows Server Catalog at http://www.microsoft.com/Windows/catalog/server.
Review the HCL at http://www.microsoft.com/whdc/hcl/search.mspx.
Review the DocsRelnotes.htm on the product CD.
Check application compatibility at http://msdn.microsoft.com/compatibility.
Prior to upgrading servers, review the partitioning and free disk space on drives that you intend to upgrade. The partition on which you will install Windows Server 2003 should be an NTFS partition. If upgrading, the partition must have at least 2 GB of space, though a minimum of 4 GB is recommended.
An important caveat on upgrading Windows NT 4 systems is the lack of support for drives configured with Windows NT 4 volume, mirror, or striped sets.
To handle Windows NT 4 fault-tolerant configurations, do the following:
If you are using Windows NT 4 disk mirroring, back up all data on the mirrored volume and break the mirror set.
If you are using a Windows NT 4 volume set, stripe set, or stripe set with parity (redundant array of independent disks [RAID] 0 or 5), back up all data on the set, remove RAID, and re-create it after the upgrade.
An important limitation for upgrading servers that run Windows 2000 is that Windows Server 2003 cannot be installed on a dynamic disk partition in a certain situation—if Windows 2000 was installed on a disk without any partitions and configured directly as a dynamic disk volume, Setup will fail. You must first revert the dynamic disk partition to basic or remove the partition during setup and create a new basic partition. Dynamic disk partitions can be reestablished (by using Disk Administrator) once Windows Server 2003 is installed.
In evaluating the upgrade or migration path, determine the forest and domain functional levels needed for your network environment (functional levels determine the types of domain controllers and features supported). Table 7-2 shows the types of domain controllers supported by each functional level.
Table 7-2. Domain Controllers and Functional Levels
Types of Domain Controllers on Network | Domain Functional Level | Forest Level |
|---|---|---|
Windows NT 4, Windows 2000, Windows Server 2003 | Windows 2000 Mixed | Windows 2000 |
Windows 2000, Windows Server 2003 | Windows 2000 Native | Windows 2000 |
Windows NT 4, Windows Server 2003 | Windows Server 2003 Interim | Windows Server 2003 Interim |
Only Windows Server 2003 | Windows Server 2003 | Windows Server 2003 |
Advantages to Windows Server 2003 forest functional level include replication enhancements (Active Directory, global catalog, group membership), deactivating schema objects, dynamic auxiliary classes, forest-level trusts, domain renaming, linked value replication, InetOrgPerson password handling, and tracking the last logon time.
Inside Out: Setting the functional levels
Upgrading the first domain controller from Windows 2000 to Windows Server 2003 assigns the forest functional level to Windows 2000 and the domain functional level to Windows 2000 Mixed. For an upgrade from Windows NT 4 to Windows Server 2003, the domain and forest are set to Windows Server 2003 Interim function level.
To raise the forest functional level, you must be logged on using an account that is a member of the Domain Admins group in the forest root domain or a member of the Enterprise Admins group in Active Directory. Start Active Directory Domains and Trusts, and right-click the root node, then select the Raise Forest Functional Level option. In the Raise Forest Functional Level dialog box, select an available forest functional level, and click Raise. The operation cannot be reversed. All domains in the forest must be at Windows Server 2003 domain functional level to be able to change to the Windows Server 2003 forest functional level. If you are unable to raise the forest function level, click Save As in the Raise Forest Functional dialog box to save a log file detailing the domain controllers in the forest that still need to be upgraded from Windows NT or Windows 2000.
You can raise domain functional levels in much the same way. Again, you must be logged on using an account that is a member of the Domain Admins group in the forest root domain or a member of the Enterprise Admins group in Active Directory. Start Active Directory Domains and Trusts, right-click the domain, then select the Raise Domain Functional Level option. In the Raise Domain Functional Level dialog box, select an available domain functional level, and click Raise. The operation cannot be reversed. Make sure you understand the implications of raising functional levels before you do this. See "Choosing Domain and Forest Functional Levels," earlier in this chapter, for details.
DNS is central to network operations in Windows Server 2003. Active Directory domains use DNS for locating domain controllers, global catalog servers, Kerberos Key Distribution Centers (KDCs), and for using Lightweight Directory Access Protocol Uniform Resource Locators (LDAP URLs). Upgrading a Windows NT network requires a defined DNS namespace, as well as organized DNS services and replication (as described in Chapter 2). Identify the DNS domain information that will be required during the upgrade, as follows:
When upgrading Windows NT 4 domain controllers, you must implement the domain controller within the context of your IT namespace, planning for DNS and Active Directory.
When upgrading Windows 2000 domain controllers, in most situations you will leverage the existing DNS namespace.
Consider whether the (upgraded or migrated) server(s) will be supporting DNS. If the server will be a DNS server, how you choose to store the DNS zone records has implications for replication of the DNS information. You can store DNS zone records in traditional zone files, in Windows 2000 Active Directory–integrated zones, or in the new forest and domain application partitions.
Following are the results of storing DNS data in various locations:
DNS zone files leave replication to DNS and require administrative configuration.
Windows 2000 Active Directory–integrated zones cause DNS data to be replicated to all domain controllers in the domain.
The forest application partition (ForestDnsZones) causes the DNS data to be replicated to all DNS servers in the forest.
The domain application partition (DomainDnsZones) causes the DNS data to be replicated to all DNS servers in the domain.
You must identify the network services and server roles that an upgraded server or domain controller will need to perform. Network services commonly employed include DNS, Dynamic Host Configuration Protocol (DHCP), Windows Internet Naming Service (WINS), Routing and Remote Access Service (RRAS), Terminal Services, and Internet Authentication Service (IAS). Depending upon expected load, servers can host one or more network services.
Carefully assess servers that are domain controllers—review your ability to upgrade the server hardware and which secondary roles (such as global catalog server) the server will perform. Consider server performance and operational requirements for domain controllers on your network.
Although large networks commonly have dedicated DNS servers, on small networks a server might provide multiple network services (such as DNS and DHCP) in addition to domain controller roles such as Active Directory access, Kerberos, and global catalog operations. Evaluate which operations master roles the domain controller will support; forest-wide roles (Schema Master and Domain Naming Master) and/or domain-wide roles (RID Master, Infrastructure Master, and PDC Emulator).
Tip
The PDC Emulator supplies the Windows Time Services to synchronize all other domain controllers in the domain—servers that are assigned this role should receive particularly close scrutiny to ensure system reliability.
For upgrades from Windows 2000, you can continue to use the assigned operations master roles, yet operations master roles must be determined for each domain controller when upgrading a Windows NT 4 domain controller. For more information on operations master roles, see the section entitled "Establishing Operations Masters".