There’s nothing like experience to teach a network administrator the right way to do something. The first stab at implementing a new technology is bound to be fraught with difficulties. A lot of network administrators come to TechRepublic to tap into the experiences of their professional peers for insight into tasks they need to do.

This was the case recently when one admin posed the problem detailed in “Can you help this admin plan for pre-Win2K migration testing?”

Joe (who didn’t want his real name to be used) was tasked with testing applications used by his company for compatibility with Microsoft’s Windows 2000 because his company was looking at migrating from Windows NT 4.0. Joe wisely decided to set up a test network to evaluate application compatibility, but having little experience in this area, he needed some help.

One response to Joe’s problem came from Brian Coverstone, MCSE, MCDBA. Coverstone has been working with Windows 2000 for more than a year, and he warned Joe about a few little quirks. For one thing, he said that upgrading the primary domain controller (PDC) in NT to Active Directory (AD) in Win2K is going to break any DNS services that were installed on the machine when it was running NT.

In this article, Coverstone will provide the fix for the broken DNS problem and walk you through some other preparations he recommends for making the upgrade to Windows 2000.

A little research goes a long way
To obtain the proper information on application compatibility, Coverstone recommended setting up a test network that reflects, as closely as possible, the current production network.

“In a perfect world, you should be able to ghost a hard drive from your servers and install them onto identical machines in a test laboratory,” Coverstone said. “However, for the rest of us, getting machines with the same type of HAL [hardware abstraction layer] and similar hardware can be acceptable.”

Before committing to a particular setup on the test network, it’s a good idea to read up on Win2K and see if there are new features that can be incorporated into the future network.

“Jump on the Internet and use your favorite search engine with the words ‘Windows NT 2000 Migration.’ Read through articles from multiple sources and take the best information from each one,” Coverstone advised. “The more reference material you have to start with, the better.”

Coverstone also recommends a book from Microsoft Press called MCSE Training Kit: Migrating from Microsoft Windows NT 4.0 to Microsoft Windows 2000. Not only is this book great background for the upgrade, but it’s also an excellent resource for taking Microsoft exam 70-222.

When implementing the upgrade on the test network, document everything. Write it all down, including what drivers you install in what order or what servers you upgrade in what order.

“Documentation and checklists will be your friends when you ultimately upgrade the production servers,” Coverstone said. “It will guarantee that you will not have forgotten any steps you have performed in the test lab.”

Plan the domain model for the upgrade
Based on what you’ve read and learned about Windows 2000, at this point, you should be able to map out what the network will look like.

“Domains in Windows 2000 take the concepts in NT to the next level,” Coverstone said.

With Win2K, most companies will be able to function under one umbrella domain. This is in contrast to NT, which basically requires multiple domains to segregate corporate divisions (and sometimes even departments). Win2K breaks domains down into Organization Units (OU), and subadministrators can be created to control user accounts in the OUs.

Coverstone said some organizations may not like this scenario because it calls for an “Enterprise Administrator,” who has full access to the entire domain, including all OUs. For this setup to work, all of your NT servers will become domain controllers for the same Win2K domain. Another option is to create separate child domains within the same tree.

“For example, the main enterprise server may be called, and then the sales department could fall under the name, the accounting department, and so on,” Coverstone said.

Companies with WAN connections to remote offices will communicate through domain controllers at each site. AD provides a site service that allows an admin to define servers at remote sites and specify how often they synchronize across the WAN link. Replication can happen through RPC across a LAN and SMTP between sites.

Windows 2000 and AD use forests for root-level organization, and Microsoft recommends that you do not create separate forests within a single company. However, that may happen if two companies running Win2K merge.

“One final thing: You will want to name your domain just like an Internet site,” Coverstone said. “Whether you register that site with an Internet naming service or not, there are known problems if you use a flat name.”

Microsoft offers a Q article that addresses this.

Take the first step on the test network
The planning is finished, and now it’s time to implement that plan on the test network. To do this, the first machine to upgrade to Windows 2000 becomes the root of the domain forest. You will want that to be the NT PDC.

“You should run the upgrade from NT, not from a fresh boot,” Coverstone said. “This will allow 2000 to automatically look at your hardware and tell you if any of the drivers will not work.”

Most NT drivers should work in Win2K, but there are exceptions, so you should check Microsoft’s Hardware Compatibility List (HCL).

“Microsoft won’t even help you if you vary from the HCL list,” he said.

If the hardware is on this list, its drivers should work. If you have hardware that isn’t on the list, and Microsoft doesn’t provide drivers for it, you’ll have to track down the Windows 2000 driver versions from the OEMs before the upgrade.

Windows 2000 Setup will automatically run Dcpromo.exe, the program to upgrade the server to a domain controller. But Coverstone has a warning—do not install the domain controller in Native Mode. Always use Mixed Mode for backward compatibility until the entire network gets upgraded to Windows 2000 (which might never happen). Admins can always switch from Mixed Mode to Native Mode, but the system will not let the network go back to Mixed Mode from Native Mode.

If DNS was running on the NT PDC prior to the upgrade, it is likely to fail after the upgrade. The new DNS will not forward DNS queries to your Internet service provider because the server is under the impression that it is the Root Authority for everything in the world, Coverstone said. Luckily, there’s a simple workaround, which is described in a Microsoft article.

Once those wrinkles are ironed out, you need to install Service Pack 2 (SP2) for Windows 2000.

“By itself, Windows 2000 without any service packs will make you pull your hair out,” Coverstone said. “With SP2, you will still lose hair, but it is not quite as bad.”

But wait, there’s more

Brian Coverstone has additional advice on setting up a Windows 2000 test network. In the next From the Trenches, he will offer some pointers on what to do on the Win2K test network and how to take what you learn and apply it to the upgrade on the production network.