News Stay informed about the latest enterprise technology news and product updates.

Dos and don'ts of Active Directory migrations, part 2

Laura E. Hunter,'s resident expert on network management, provides tips for an Active Directory rollout.

The most important "do" in implementing Active Directory is: do remember to plan. Similarly, the most important "don't" is: don't forget to plan. Though I'm sure you're eager to jump in and start playing with all the new features offered by Windows 2000 and Active Directory, make sure that there's water in that pool before you go headfirst off of the diving board. The late nights you save could be your own.

Do test name resolution and replication before deploying Active Directory in production. Unlike replication under NT4, Active Directory replication not only works but is possibly the single most important item required for AD to function correctly. Second only to file replication for a happy AD implementation is name resolution. Whether you are deploying WINS or DNS, ensure that all systems that need to can effectively talk to one another. Neglect these functions at your own peril!

Don't deploy group policy objects without fully understanding their implications. In some ways, Microsoft does not protect you from yourself when applying GPO settings; as a result, you could very easily render portions (or even the whole) of your network inaccessible and unusable.

Don't assume that your production PDC must necessarily be the first machine to be upgraded. Since Windows 2000 uses a multi-master role in which all controllers are essentially equal, you can bring a completely different machine online in your NT4 network, promote it to the PDC role, then use that machine to perform the AD upgrade. This flexibility will allow you to perform the upgrade with a minimum of exposure to your production servers.

Do take an NT4 BDC offline before beginning the upgrade. (As described in the item above, you can easily build one from scratch.) If you need to roll back to NT4, demote the Windows 2000 controllers, then boot the "spare" BDC and promote it to the PDC role. This will allow the NT4 directory and domain information to repopulate itself within your network.

Don't leave your users out of the loop during this process. Even though the Active Directory process can be largely transparent to end users, ensure that they are aware of any timelines and scheduled downtime that might affect their workday. This is especially important if you are not migrating client operating systems at the same time.

Page 1 2

About the author: Laura Hunter is's resident expert on management tools and solutions, storage management and network security. She has spent many years working in the trenches of network design, administration and user support and has earned a myriad of vendor certifications, including MCSE, CNE and CCNA. She is presently a senior systems analyst for a major American university.


Best Web links on AD migration
Ask Laura Hunter a question.

Dig Deeper on Windows systems and network management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.