Out with the Old, In With the New
With NT support ending soon, credit union administrator doesn't want to be left supporting orphanware and ponders an upgrade to Windows Server 2003.
- By Bill Boswell
- August 31, 2004
I'm the sole administrator for a credit union
with 25 users. Our main application runs on an HP/UX, but our day-to-day
operations run inside a Windows NT domain. I have a four-year-old PDC
running file and print services and Microsoft Mail, a six-year-old BDC
that's also a print server, a member server running a home banking application,
and a member server running a voice response system for our PBX.
I know NT is coming to end of life/support in January and have received
a quote from our Dell rep for a new server to replace our PDC. I'm looking
at putting Windows Server 2003 Standard Edition on the new box, the two
domain controllers and our home banking server. The vendor for the home
banking application says he supports an upgrade from NT to Windows Server
We're also thinking about outsourcing e-mail to the hosting company that
does our Web site.
What are your thoughts? Anything we should watch out for?
Help from Bill
Got a Windows or Exchange question or need troubleshooting
help? Or maybe you want a better explanation than provided
in the manuals? Describe your dilemma in an e-mail
to Bill at mailto:email@example.com;
the best questions get answered in this column.
When you send your questions, please include your
full first and last name, location, certifications (if
any) with your message. (If you prefer to remain anonymous,
specify this in your message but submit the requested
information for verification purposes.)
Answer: My first concern is for the mission-critical application
running on the HP/UX server. I'd want to make absolutely sure that it
doesn't rely on an authentication feature in NT that might not be supported
in the new security environment under Windows Server 2003. Get some feedback
from the vendor on this.
Also, make sure you don't have any other services running under Unix
that might use Windows for authentication. For example, make sure that
you don't have any Samba connections between users and the server or between
the server and the support folks for the application. You can run Samba
in a Windows Server 2003 environment, but you might have to upgrade the
Okay, assuming that you don't need to make any adjustments to the main
line-of-business application, my next concern is the home banking application
that's currently running on an NT server. I like that your vendor expresses
support for an upgrade, but it's been my experience that "support"
sometimes gets a little strained if something unexpected goes wrong. If
it were me, I'd take a complete image of the server before I did the upgrade
just to make absolutely sure that I had a fast fallback in case something
came up that tested their "support" policy.
You might also consider installing a new server running the application,
or image the old server, wipe the drives, do a fresh install of Windows
Server 2003, install the application, then restore any data or make any
necessary connections to the back-end data.
The same goes for your voice response system. Sometimes vendors in the
phone industry aren't quick to support new platforms. New, in their viewpoint,
being anything created following the breakup of Ma Bell.
Now for your e-mail. Before you outsource e-mail to a hosting service,
make absolutely sure that you don't have any government regulatory requirements
that restrict the handling of e-mail by third parties. I'm not sure about
the rules for banks and credit unions. If a reader who knows the rules
can write in, I'd be glad to include that information in a later column.
Assuming that you have a regulatory constraint on outsourcing your e-mail,
you can either install an Exchange 2003 server or some other post office
application. Consider saving all current mail in .PST files and starting
fresh with new inboxes in Exchange 2003. Be sure you have a back-up solution
that can handle Exchange. Exchange Server 2003's Intelligent Message Filter
(IMF) does a pretty good job of spam prevention, but you might want to
evaluate other products.
Now for the domain upgrade. Like any NT-to-Active Directory migration,
the most important item is DNS. Select a DNS name that works for you,
then register the name unless it uses a ".local" or ".pri"
I like the idea of getting a new server to act as the first Windows Server
2003 domain controller, but since the existing PDC is fairly new, and
if you have a support contract for it, there's no reason why you couldn't
use it in production after the migration. The sequence of events is as
- Install NT SP6a with all patches on the new server and configure
it to be a BDC.
- Promote the new server to be the PDC then upgrade it to Windows Server
- Install an Exchange 2003 server (or whatever e-mail application you
choose) on a separate server or on the newly promoted domain controller.
- Get your e-mail configuration stabilized then remove Microsoft Mail
from the old PDC (which is now a BDC).
- Move all the data off the old PDC to the new server. (Or make a backup
that you can restore later on, but make absolutely sure you can do a
- Wipe the hard drive on the old PDC and do a fresh install of Windows
- Promote the newly reinstalled server to be a domain controller. This
gives you two domain controllers in your domain for redundancy.
- Move the printer queues from the old BDC to either of the new Windows
Server 2003 servers.
- Retire the old BDC simply by removing it from the wire.
- Shift the domain and the forest from Interim functional level to
Windows Server 2003 functional level.
Now migrate or upgrade your application servers and then take an afternoon
off. You'll deserve it.