A Real-World Upgrade
In the non-Microsoft-exam world, there are serious budget constraints,
manpower shortages and management conflicts over upgrading.
- By Bill Boswell
- December 01, 2002
Have you ever noticed that the domain upgrade scenarios in Microsoft
documentation and the certification exams read like scenes from an episode
of “Lifestyles of the Rich and Famous?” You, the administrator, are invited
to imagine yourself as the sole network systems architect for a company
with 50,000 users in a hundred locations scattered all over the globe.
You have an unlimited budget to implement whatever domain configuration
meets the design goals in the product documentation and best practice
white papers. You can deploy your designs without the need for collaboration
with colleagues or approval by managers. The result of your efforts is
a sublime amalgam of technical excellence and design elegance. You take
a bow toward the footlights then stroll solemnly off-stage.
The real world is somewhat less glamorous. Take this situation,
for example. Ann is a systems technician for a small network support firm
in Toledo, Ohio. One of her clients is a company that builds custom plastic
shelves for convenience stores. The owner of this company has a well-deserved
reputation for “spending both sides of a nickel.” Here’s the company’s
current system configuration.
The main office has 15 employees, all of whom use thin clients that connect
to a server running Windows NT 4.0 Terminal Services Edition. This server
has two 400 MHz PIII processors. It was recently upgraded to 512MB of
RAM using memory taken from the desktop of the owner’s business partner
after a motherboard failure. The company’s assembly plant, located across
town, has eight employees who also use thin clients to connect to the
terminal server in the home office. The thin client units were purchased
at the bankruptcy auction of a cell phone reseller. They are configured
to use RDP as the wire protocol. Ann uses a short logon script to configure
drive mappings and printer connections; but otherwise the users are free
to manage their own virtual desktops.
Old Apps, Old Servers
The company bookkeeper keeps her financial records using a 16-bit
Windows application that runs on NT but isn’t compatible with terminal
services. Ann has installed the application on a PC that doubles as a
terminal server client. The company owner also uses a PC, partly because
he thinks a thin client doesn’t befit his role as CEO and partly because
the terminal server bogs down too much when he runs Microsoft Golf.
The NT domain name is NT-DOM. The PDC for the domain is a 90MHz PII desktop
with 128MB of RAM. The PDC also provides WINS and DHCP services, runs
Exchange 5.5, and has two modems for the company’s salespeople to use
for dial-in. The last time Ann took the skin off the PDC, the dust inside
was so thick that everyone in the office had allergic attacks for a week.
The company contracts its DNS and Internet e-mail to an ISP that also
hosts the company Web site, www.shelfware.biz. The company has changed
Internet providers three times in three years, each time to a provider
with a lower price. The Exchange server has an Internet mail connector
that failed a few months ago so everyone pulls their Internet e-mail from
the ISP mail server using an Outlook POP3 client while sending their internal
e-mail using Exchange.
The main office has a BDC that also acts as a file and print server.
The BDC is a 533 MHz PIII desktop with 128MB of RAM, an IDE boot disk,
and three-disk SCSI array configured as a fault tolerant disk set with
18GB of usable storage. A DAT4 tape backup unit is attached to the external
SCSI interface. Ann has configured an NTBackup job to capture as much
of the volume as will fit on a single tape. The bookkeeper rotates the
tapes using a calendar with each day of the week shaded with a highlighter
that corresponds to a color on the tape label. The tapes have been in
use since the start of former president Clinton’s second term in office.
Ann has cautioned the owner about the need for off-site tape storage,
so every once in a while he nabs a tape and sticks it in his briefcase.
When the bookkeeper remembers to complain about the missing tape, he brings
The network connection between the two offices consists of a SOHO router
in each location that acts as a NAT interface to the Internet via a symmetrical
DSL line with 256K capacity. Every once in a while, high latency on the
Internet connection causes the remote office users to lose their terminal
server session. They can log right back on and regain their sessions,
so the owner won’t spend money on a dedicated frame relay connection.
That’s the gist of the configuration. Ann looks in every couple of weeks
to check the event logs and reboot the servers.
Left to itself, this little system and hundreds of thousands of
others just like it would continue to putt along quite nicely for many
years, but Microsoft has decried an end to NT support in 2003, and Ann
is reluctant to leave her client on an operating system that lacks official
standing with its vendor. She originally planned on upgrading to Windows
2000, but she’s been following the public newsgroups and knows that Windows
.NET has great new features. Since .NET is due for release about the same
time as the owner’s annual vacation, she decides to use it for her upgrades.
Here’s a summary of the challenges that she faces as she sets out her
Ann wants to change the current domain name, NT-DOM, to one that
matches the company’s registered Internet name, Shelfware.biz. Ordinarily,
the flat NetBIOS name of an AD domain is derived from the leftmost element
of the hierarchical DNS name, but this is not an absolute requirement.
Ann plans on using the domain rename feature in .NET to change the flat
name after she finishes the upgrade.
The DNS server at the company’s ISP doesn’t support Service Locator
(SRV) records, so Ann decides to install DNS on the .NET domain controllers.
She avoids the temptation to install DNS in conjunction with the PDC upgrade.
Instead, she installs .NET on one of the new machines as a member server
then installs DNS with a standard primary zone. Later on, she’ll promote
this machine to be a DC and integrate the zone into AD. The DNS server
forwards to the ISP’s DNS server.
Domain Controller Hardware
The current PDC and BDC scarcely have sufficient resources to run
NT, much less .NET, so Ann buys a couple of new P4 desktops with 256MB
RAM. She decides to use a leapfrog approach to the PDC hardware upgrade.
She installs NT 4.0 SP6a on one of the new machines and makes it a BDC.
She then promotes it to PDC, which automatically demotes the existing
PDC to a BDC. She upgrades the newly promoted PDC to .NET and, when that
completes successfully, she promotes the .NET member server to a DC.
Rather than upgrade the existing BDC, which is also the file and print
server, Ann originally planned to transfer the SCSI adapter and drives
to the .NET member server. She’s disturbed to discover, however, that
.NET doesn’t support NT-style fault tolerant disk sets. She finds an inexpensive
IDE RAID controller and installs it along with two 20GB drives into the
new machine. She mirrors the drives and copies the data files from the
old BDC using the xcopy /o command to retain
any special permissions that exist on the files and folders.
Once all data and services have been transferred from the BDC, Ann can
remove it from the network and rename the .NET DC to the same name (a
feature not available in Win2K.) This retains compatibility with drive
mappings and shortcuts on the user desktops.
Ann keeps the BDC in reserve for a while in case a calamity causes a
loss of AD. At some point in the future, she can format the hard drive
and repurpose the machine.
Ann plans on transferring the SCSI controller and tape backup unit
to the new file and print server and to use the built-in scheduler in
NTBackup to build her nightly backup job. She found a three-tape DAT4
library on eBay and plans on using the Removable Storage Manager feature
in .NET (also present in Win2K) to drive the library so she can get a
full backup of all the critical servers each night. To avoid the necessity
for naming each tape, she puts the /um (unmanaged) switch on the command
line of the backup job. She trains the bookkeeper about the new tape rotation.
Exchange 2000 can’t run on a .NET server because of incompatibilities
with the rewritten IIS in .NET. Exchange 2000 relies on IIS to provide
SMTP, NNTP, POP3 and IMAP4 services. Ann has no plans to upgrade from
Exchange 5.5, however, so this lack of support doesn’t concern her. She
installs Exchange 5.5 on one of the Win2K servers and moves the user mailboxes
to the new server. She installs a new Internet connector and successfully
configures it to route mail. With this service removed from the old PDC,
she can now retire the machine.
If Ann decides to upgrade to Exchange 2000 in the future, she can install
a new Win2K member server and use it as a platform for Exchange. The schema
modifications performed during the Exchange 2000 installation are compatible
with the .NET schema.
TCP/IP Services and Scripts
The old PDC, now demoted to a BDC, still runs DHCP and WINS. Ann
decides to transfer the TCP/IP services to the newly upgraded PDC. She
moves DHCP using the procedure in KnowledgeBase article Q130642,
“How To Move a DHCP Database to Another Windows Server.” In brief, this
procedure involves saving the NT DHCP Registry key to a file then copying
the key and the DHCP database to the Win2K server and starting up DHCP
services in such a way that the database is converted and the keys aren’t
The WINS database requires much less work. Ann simply removes WINS from
the demoted BDC and installs WINS on the new Win2K DC. She reconfigures
the other servers and the two desktops to point at the new WINS server
to register their resource records. Ordinarily, because Ann uses logon
scripts in NT 4.0, she’d need to reconfigure NETLOGON replication to use
a classic BDC as an export server because neither .NET nor Win2K supports
classic LMRepl. However, because she’s upgrading the entire system at
once, she plans to use group policies to control the terminal server sessions.
Rather than moving the modems to one of the new .NET DCs, Ann plans to
enable the RRAS service on one of the servers to accept VPN connections.
If she can get the SOHO firewall to accept tunneling IPSec in .NET, then
she’ll use L2TP as the VPN. Otherwise, she’ll use PPTP.
Ann is excited about the new terminal server features in .NET, but she
has a couple of problems ahead of her. First is money. To run Win2K or
.NET as an application terminal server, Ann must install Licensing Services
and populate the license database with Terminal Server Client Access Licenses
(TSCals) for her thin clients. This turns out to be a significant expense.
She only has 90 days to obtain the licenses after upgrading the terminal
server, so she needs to come up with compelling reasons to give the owner
prior to upgrading the server. Those reasons include much faster performance,
fewer problems with the high-latency connection between offices, greater
color density, automatic printer/serial port redirection, and better encryption
support on the data streams coming across the Internet from the assembly
She’s also likely to encounter problems with her thin client units. RDP-based
thin clients use a CE operating system that must be upgraded to CE .NET
to support the latest version of RDP in .NET. If Ann’s fortunate enough
to have thin clients that support a CE .NET upgrade, then all’s well.
If not, the clients won’t take advantage of the greater color density,
automatic printer/serial port redirection or other new .NET terminal server
The existing terminal server doesn’t meet the minimum CPU speed requirements
for a .NET server, but Ann isn’t about to talk the owner into getting
rid of a two-processor server for the sake of a few hundred MHz of processor
speed. She’s fortunate that she doesn’t have a four-processor server,
because that would require installing .NET Enterprise at a significant
One Long Weekend
All in all, Ann is looking at a single day of work over a weekend
to do the entire upgrade, assuming that nothing goes wrong. She uses the
same plan to upgrade the remainder of her clients in Toledo and still
has time to go to a few Mudhen games.