Tip

Checklist: Preparing to deploy Active Directory

Don't let your Active Directory deployment turn into a fiasco. Be prepared by knowing what to expect ahead of time. This checklist provides a step-by-step approach that will help steer you around the pitfalls, while highlighting the best practices for a successful deployment.

Requires Free Membership to View

Brien M. Posey, MVP and technology consultant, provides this preparation checklist to help you plan for a trouble-free Active Directory deployment. You may download a printer-friendly version.
 Checklist: Preparing to deploy AD
Plan the DNS namespace:
The first thing that you will want to do is to plan the DNS namespace. In Windows NT, each domain is an entirely self-contained entity. In Windows 2000 Server and Windows Server
2003, a domain is a part of a forest. In a forest, each domain trusts every other domain.
When you upgrade to Windows 2000 or Windows 2003, the first domain that you upgrade
is considered to be the root domain. All other domains become either parallel domains
or child domains. The root domain is generally considered to be the most important domain in the organization, and you will never be able to place another domain at a higher
level of the domain hierarchy than the root domain. Therefore, you should carefully consider which domain you wish to make the root domain.
Windows NT uses basic alphanumeric domain names. Windows 2000 and 2003 use Internet-style domain names. These domain names generally include a .com suffix. You
can keep your current domain names and just add the .com extension, but you should plan ahead and decide what you want your domain names to be.
Plan master operations roles:
Active Directory makes use of certain operations master roles. Some of these operations master roles are applied at the forest level and others are applied at the domain level. The
forest level operation master roles will be assigned to the first domain controller that you upgrade to Windows 2000 or to Windows Server 2003. The domain level operations master
roles are assigned to the first domain controller to be upgraded in each domain. However, you do have the option of transferring operations master roles to alternate domain
controllers, should the chosen server be over-burdened. Generally, having a server host one or more operations master roles isn't a big deal, but you do need to be aware of these
roles should server performance become an issue. It is also extremely important that the operations master roles be assigned to servers that will be constantly available.
Do a hardware inventory on the PDC:
The first domain controller to be upgraded in each domain will be the primary domain controller (PDC). You must verify that this server has adequate hardware for running
Windows 2000 or Windows Server 2003. You must also ensure that the partition containing the server's Windows NT operating system is formatted as NTFS and that it has enough
free space for the upgrade.
Designate a DNS server:
Active Directory is completely dependant on DNS. If your organization currently has a DNS server then you will want to go ahead and add records to the server for the new domains
that you will be creating.
If you don't already have a DNS server then "setup" will install the DNS services onto the first domain controller that you upgrade. Make sure that this server has enough free resources
to handle running the DNS services in addition to its normal workload. You always have the option of setting up a separate DNS server later on.
Remove Internet connection sharing:
Check to see if your network is running Internet connection sharing, and remove it if necessary. Internet connection sharing tends to interfere with DNS and DHCP functionality.
If you need Internet connection sharing, try using a NAT-enabled firewall instead.
Create a spare BDC:
Configure an old PC as a Windows NT backup domain controller (BDC) for the domain that you are about to upgrade. When you are done, unplug the PC and put it in the closet. Should
anything go wrong during the upgrade, you can put this PC onto the network, promote it to PDC and use it to recover your domain. As an alternative, you can just remove an existing
one from the network and put it in a closet.
Back up the PDC:
The last step before you begin the upgrade is to make a full system backup of the PDC.
Upgrade the PDC:
Install Windows 2000 or Windows Server 2003 on the PDC that you have chosen. This server will be assigned all operations master roles, and the server's domain will become
the forest's root domain. When the upgrade completes, Active Directory will be installed on your network and will be running in mixed mode.
Reconfigure TCP/IP:
Reconfigure each server's TCP/IP configuration if necessary, so that it includes a reference to the network's DNS server.
Upgrade BDCs:
Upgrade the remaining BDCs to Windows 2000 or Windows 2003.
Switch to Native Mode:
After everything has been up and running for a few months with no problems, plug your spare BDC back into the network and let it resynchronize. Upgrade this BDC to Windows
2000 or 2003. When the upgrade completes, you can switch the domain to native mode if you like. Native mode will give the Active Directory additional functionality, but will prevent
you from ever setting up another Windows NT-based domain controller within the domain.

ABOUT THE AUTHOR:   Go back to checklist
Brien M. Posey, MCSE
Brien is a Microsoft Most Valuable Professional for his work with Windows 2000 Server and IIS. He has served as the chief information officer for a nationwide chain of hospitals and was once in charge of IT security for Fort Knox. As a freelance technical writer, he has written for Microsoft, CNET, ZDNet, TechTarget, MSD2D, Relevant Technologies and other technology companies. Copyright 2004 TechTarget

This was first published in February 2005

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.