LabMice.net - The Windows 2000\XP\.NET Resource Index
Home | About Us | Search

Last Updated December 10, 2003

 

Active Directory
  Getting Started
  Administration
  ADSI
  Book Reviews
  Deployment
  Domain Controllers
  Group Policy
  How To Guides
  Install & Configure
  LDAP
  Replication
  Troubleshooting
    

 


  

 

 

 

 

 

Active Directory Planning, Deployment, and Migration Resources

Active Directory Planning, Deployment, and Migration Resources

A word of warning: Do not rush into your Active Directory deployment process without first reading everything you can about planning and implementing AD. Once you start, you cannot go back unless you tear down your entire directory structure and start from scratch. And a poorly planned Active Directory structure can be a nightmare to administer. Take your time, and get it right the first time!
 
Where to Start...
10 Steps to creating an Active Directory
Designing an Active Directory requires a methodology with a strong focus on your political, business and security requirements. You also need to take into consideration how the big picture evolves as you integrate new applications with a Windows 2000 infrastructure over time. This becomes even more important as the Microsoft software is evolving into the .Net world. We focus here on the 10 most critical steps you'll need to consider during the design of your corporate Active Directory. Source: ITWorld (April 11, 2001)

Active Directory Branch Office Planning Guide
This guide helps network managers, system integrators, and consultants implement Active Directory in branch offices. It describes all the required tasks and decisions to develop an Active Directory design for a large branch office deployment.

Active Directory Sizer Tool Overview
The Active Directory Sizer tool lets you estimate the hardware required for deploying Active Directory in an organization based on the organization's profile, domain information and site topology.

Preparing for Active Directory
In Win2K, a domain name and DNS services are essential concerns. A business needs to have domain name to identify the objects in its AD and use Win2K's DNS services to take advantage of Win2K's functionality. Source: Windows & .NET Magazine (January 2000)

Taking the complexity out of Active Directory
Implementing Active Directory does not have to be an arduous, complex task if users step back and look at the logical ways it applies to their companies. Robert Williams walks one user through the alleged complexity of Active Directory by posing six simple questions. Source: Windows 2000 Advantage (August 13, 2001)

Windows 2000 Deployment: Are You Ready?
Windows 2000 is right around the corner. Have you started planning yet? The latter half of 1999 could be the perfect time to begin this planning for next year. You can get a head start and make the most of your deployment experience, by planning, testing and training well in advance of your desired rollout schedule. By Jennifer Carroll

Planning Guides
Active Directory in Networks Segmented by Firewalls
This white paper describes best practices for deploying Active Directory domain controllers in segmented networks and includes detailed procedures for configuring IPSec policies to protect Active Directory traffic between domain controllers on opposite sides of a firewall and recommended practices for managing IPSec policies that are assigned to domain controllers.  Source:
Microsoft.com

Best Practices for Designing the Active Directory Structure
This TechNet Briefing provides an introduction to Active Directory design and assumes no prior exposure to Active Directory. Shows how to design an Active Directory structure using best practices from Microsoft©s Joint Development Partners.

Designing an Active Directory naming scheme
If you'd like to learn more about fully qualified domain names in large organizations, an excellent poster comes with the Windows 2000 Server Resource Kit. This poster illustrates the concepts that I've discussed in this article in an easy-to-follow format. Source: EarthWeb

DNS Namespace Planning 
Microsoft Knowledge Base Article: 254680 - The resolution of names through the use of Domain Name System (DNS) is central to Windows 2000 operation. Without proper name resolution, users cannot locate resources on the network. It is critical that the design of the DNS namespace be created with Active Directory in mind and that the larger namespace that exists on the Internet not conflict with an organization's internal namespace

DNS Requirements for Deploying Active Directory
This document provides checklists for verifying sufficient resources for the Domain Name Service (DNS) infrastructure when deploying the Windows© 2000 Active Directory? service. Alternatively, you can use the dcdiag command line tool to automatically verify whether you have the configuration described in this document. You may download the tool from here. Source: Microsoft.com

Establishing an Active Directory structure: Planning AD domains, forests, and trusts
Rolling out a Windows 2000 Active Directory on your network is no easy task. This is the second part of a series that will guide you through the steps of creating an effective Windows 2000 Active Directory structure for your network. Source: EarthWeb (Aug 24, 2000)

Establishing an Active Directory structure: Designing an AD naming scheme
This is the first part of a multi-article series that will guide you through the steps of creating an effective Windows 2000 Active Directory structure for your network. Source: EarthWeb (Aug 24, 2000)

Guide to Active Directory Design
This white paper presents a brief summary and overview of current design principles for corporations that are in the planning stages of deploying Microsoft© Windows? 2000 Server and Microsoft Active Directory©. This white paper presents some of the high-level design decision points that a large corporation must consider and validate within the corporation's environment. Source: Microsoft.com (Sept 11, 2000)

HOW TO: Create a Single Domain Tree with Two Domains in Windows 2000 
Microsoft Knowledge Base Article: 317696 - Every Domain Name System (DNS) name of a child domain in a hierarchy contains the name of the parent domain. This step-by-step article describes how to create a continuous namespace that spans two domains by adding a child domain.

Planning Active Directory domains, forests, and trusts
In the first article of this series, " Designing an Active Directory naming scheme ," Brein Posey discusses the importance of using a well-organized naming structure in developing your Active Directory layout. Source: EarthWeb

Planning for a Global Directory Service
Downloadable whitepaper from Microsoft, describes how companies can minimize costs, improve functionality and increase their ability to respond to change by consolidating directories and implementing a global directory service. Source: Microsoft.com

Sizing Guidelines for Windows 2000 Domain Controller and Global Catalog Server
Information Technology (IT) administrators may not have the expertise or resources to adequately test Windows 2000 Servers to determine the hardware requirements for their environment. This white paper details the methodology used by one customer in conjunction with Microsoft Consulting Services. It also describes the test results, which could assist administrators in sizing their own infrastructure hardware correctly.

Windows 2000 Domain Architecture: Design Alternatives
This document presents alternatives for designing the Microsoft© Windows? 2000 Active Directory? service, particularly for Domain architecture and Organizational Unit (OU) hierarchy. It discusses the pros and cons of various Active Directory deployment architectures and assumes that readers are already familiar with Active Directory. Source: Microsoft.com  (March 2002)

Windows 2000 DNS Integration
The purpose of this paper is to describe how Microsoft Windows 2000 systems utilize the Domain Name Service (DNS) to register and locate resources within a Windows 2000 network, and to discuss the issues related to integrating Windows 2000 in an existing DNS environment. by Morgan Stern, Consultant, Global Engineering - Microsoft Alliance

Windows 2000 Active Directory Design: Restricting the Enterprise Administrators Group
Windows 2000 offers an entirely new paradigm to the design of a domain hierarchy. In previous versions of Windows NT, each domain was a virtual island. If users wished to access resources in different domains, a complex system of manual trusts was necessary to facilitate this. By James Barrett, Senior Network Systems Consultant. June 2000

Windows 2000 Active Directory Design - Dedicated Forest Root
Microsoft's Windows 2000 operating system offers an organization a significant amount of new functionality and design flexibility. However, these benefits do come at a price; design complexity has increased considerably. By Peter J. Salmeri & James N. Barrett. May, 2000

Migration Guides

Domain Migration and Consolidation
Chapter 6 of Building Enterprise Active Directory Services: Notes from the Field reprinted with permission from Microsoft Press. Explains how to migrate from a complex Windows NT 4.0 domain model to a simpler Windows 2000 Active Directory model © and how to do it with minimum impact on the production environment. Also, how to perform an in-place upgrade and how to perform a domain consolidation to create a more manageable model. Includes details on migration procedure, with emphasis on concepts, specific tasks, and their order. Useful tools and utilities are discussed and explained.

Domain Migration Cookbook
A cookbook typically is a collection of recipes, or instructions, that explain how to do something and what you need to do it. This "cookbook" is a set of "recipes" for migration success. It is designed to help you migrate from Windows NT© 4.0 to the Windows© 2000 Active Directory? service. The cookbook is divided into two sections: Section 1 Migration Concepts covers the main migration concepts and give you an understanding of the underlying technologies Section 2, Migration Scenarios contains a detailed migration scenario involving a fictitious company starting with a description of the current domain structure and takes you through processes such as upgrading domains, cloning groups and users between forests, and restructuring within a forest. Source: Microsoft.com (June 27,2000)

How to Migrate your Windows NT 4.0 Directory Structure to Active Directory
In migrating from Windows NT© 4.0 to Windows 2000 Server, organizations can either upgrade in-place (keep the same domain architecture) or restructure the domain architecture. This session addresses how to make the best choice, and how to plan a migration from Windows NT 4.0 directory services to Windows 2000 Active Directory. We'll discuss the differences between upgrading and restructuring your Windows NT 4.0 directory services, and the implications of each approach. We'll also describe various migration scenarios, and demonstrate Windows 2000 migration tools.

Migrating to Active Directory
Windows 2000's Active Directory (AD) improves on the NT domain model by expanding administrative rights and offering a more flexible structure. Here's a hassle-free way to migrate your existing domain models to AD. Source: Windows & .NET Magazine (January 1999)

Migration Issues Pertaining to Group Policy 
Sample chapter from the Windows 2000 Resource Kit, downloadable in Word format. Explains Group Policy, a flexible Change and Configuration Management tool. This tool includes options for registry-based policy settings, security settings, software installation, scripts, startup, shutdown, logon, logoff, and folder redirection. Source: Microsoft.com

Planning Migration from Windows NT to Windows 2000
This white paper outlines planning processes and considerations when migrating Microsoft Windows NT domains to Microsoft Windows 2000. New Windows 2000 utilities, tools, and technologies make migrating users and computers, while maintaining access to resources, a straightforward task.

Upgrading a Windows NT Domain to Windows 2000
Depending on your migration plan, you can take several approaches to upgrade your Windows NT domain to a Windows 2000 domain. This week, columnist Zubair Ahmad talks about a common scenario that will work for most organizations. Source: Windows 2000 Magazine (January 2000)

Upgrading a Windows NT Domain to Windows 2000 Active Directory  
Outlined here are the steps to upgrading a Microsoft Windows NT 4.0 primary domain controller (PDC) to a Windows 2000 domain controller. This guide focuses on a simple upgrade-in-place of a Windows NT 4.0 PDC in a single domain environment, and describes the deployment of the Active Directory service, as well as the DNS and DHCP services. Source: Microsoft.com (March 2000)

Active Directory Migration Tool (ADMT)
Active Directory Migration Tool Overview
The Active Directory Migration Tool provides an easy, secure, and fast way to migrate to Windows 2000 Active Directory service. As a system administrator, you can use this tool to diagnose any possible problems before starting migration operations to Windows 2000 Server Active Directory.

How to Set Up ADMT for Windows NT 4.0 to Windows 2000 Migration
Microsoft Knowledge Base Article: 260871 - You can use the Active Directory Migration tool (ADMT) to migrate users, groups, and computers from one domain to another. This article describes how to perform a migration from a Microsoft Windows NT 4.0-based domain to a Windows 2000-based domain. 

How to Use Active Directory Migration Tool Version 2 to Migrate from Windows 2000 to Windows Server 2003
Microsoft Knowledge Base Article: 326480 - This article describes how to set up the Active Directory Migration Tool (ADMT) to migrate from a Windows 2000-based domain to a Windows Server 2003-based domain.

Account Expiration for a Migrated User Appears to Be One Day Ahead of or Behind the Date in the Source Domain
This article describes an inconsistency in the way the account expiration date is displayed in User Manager and in Active Directory Users and Computers for user accounts that are migrated from Microsoft Windows NT 4.0 to Windows 2000 or Windows Server 2003 domains by using either the Active Directory Migration Tool (ADMT) or Clone Principal.

ADMT Version 2 Does Not Migrate a Computer If an Account with an Identical NetBIOS Name Exists
Microsoft Knowledge Base Article: 316073 - If you use the Active Directory Migration Tool (ADMT) version 2 to migrate a computer account from one Windows 2000-based domain to another, the migration may not succeed and an "Access Denied" message may be returned when you dispatch a migration...

Account Expiration for a Migrated User Appears to Be One Day Ahead of or Behind the Date in the Source Domain
Microsoft Knowledge Base Article: 278359 - This article describes an inconsistency in the way the account expiration date is displayed in User Manager and in Active Directory Users and Computers for user accounts that are migrated from Microsoft Windows NT 4.0 to Windows 2000 or Windows Server...

Active Directory Migration Tool Version 2 Does Not Migrate Users with Error 7422
Active Directory Migration Tool version 2 may not migrate some users and the following error message is logged in the Migration.log file: 2002-01-07 15:16:43 ERR2:7422 Failed to move object CN=Shelly's Test Account, hr=8007212d

Cannot Add a User to a Group Through the Active Directory Migration Tool Because the User Has Not Been Migrated To the Target Domain
Microsoft Knowledge Base Article: 269391 - When you try to use the Active Directory Migration Tool to migrate a user account, you may receive an error message that is similar to the following: Cannot add user to CN group , because user has not been migrated to the target domain.

Resources...

Account Expiration for a Migrated User Appears to Be One Day Ahead of or Behind the Date in the Source Domain
This article describes an inconsistency in the way the account expiration date is displayed in User Manager and in Active Directory Users and Computers for user accounts that are migrated from Microsoft Windows NT 4.0 to Windows 2000 or Windows Server 2003 domains by using either the Active Directory Migration Tool (ADMT) or Clone Principal.

ADMT Version 2 Does Not Migrate a Computer If an Account with an Identical NetBIOS Name Exists
Microsoft Knowledge Base Article: 316073 - If you use the Active Directory Migration Tool (ADMT) version 2 to migrate a computer account from one Windows 2000-based domain to another, the migration may not succeed and an "Access Denied" message may be returned when you dispatch a migration...

Active Directory Migration Tool Version 2 Does Not Migrate Users with Error 7422
Active Directory Migration Tool version 2 may not migrate some users and the following error message is logged in the Migration.log file: 2002-01-07 15:16:43 ERR2:7422 Failed to move object CN=Shelly's Test Account, hr=8007212d Can't move objects with...


Microsoft Online Seminars

How to Deploy Windows 2000 Active Directory in Your Organization
Product: Microsoft Windows 2000
Topic: Setup, Distribution and System Administration
DNS Category: Infrastructure (I) - (I) Network
Track: Enterprise Architecture August 19, 1999
39 min., 46 sec.; 34 slides


Entire contents
© 1999 LabMice.net
All rights reserved

This site and its contents are Copyright 1999-2003 by LabMice.net. Microsoft, NT, BackOffice, MCSE, and Windows are registered trademarks of Microsoft Corporation. Microsoft Corporation in no way endorses or is affiliated with LabMice.net. The products referenced in this site are provided by parties other than LabMice.net. LabMice.net makes no representations regarding either the products or any information about the products. Any questions, complaints, or claims regarding the products must be directed to the appropriate manufacturer or vendor.