Migration and Backward Compatibility
Many operating system upgrades of the past can best be described as nightmares. Microsoft has provided solid upgrading solutions, especially for those migrating from early versions of Windows NT.
The Active Directory is designed with backward compatibility as its cornerstone. Thus, a layer of code in Windows 2000 fully emulates the directory services of Windows NT 3.51 and 4.0. In fact, the Active Directory is designed to operate either in a native Windows 2000 environment or in a mixed enterprise with Windows NT.
Migration can take one of two forms: a rapid and systematic upgrade of Windows NT to Windows 2000, or a coexistence of Windows 2000 and Windows NT for an undefined period. In the first instance, the existing Primary Domain Controller (PDC) should be the first server upgraded as a Windows 2000 Active Directory domain controller. User and group accounts are automatically loaded into the Active Directory during the installation process. Backup Domain Controllers (BDCs) are then upgraded to Windows 2000 Server with the Active Directory, and copies of the Active Directory are then automatically promoted as peer domain controllers.
Group information is migrated only from Windows NT domain controllers to Windows 2000. Group policy, security, and other data that were created in a workgroup environment will remain local, and are not migrated. The local security database remains discrete from the Active Directory.
After the first Windows 2000 Active Directory domain controller is in place, the enterprise can start taking advantage of greater functionality. This is true even if the Windows NT BDCs are maintained for some protracted period. BDCs and associated Windows NT workstations will operate in the same manner as before. In environments in which BDCs exist downstream, the same PDC/BDC relationship will continue to function. The older installations will immediately gain the added value of the Global Catalog to improve object resolution. At the same time, the Active Directory domain controller will still act as a peer with other Windows 2000 domain controllers. Over time, the older BDCs may be upgraded as needed and become peer domain controllers.
Client systems can be easily added in either case. The Windows NT Workstation is upgraded simply by installing Windows 2000 Professional. Existing Windows 95 and Windows 98 clients can take advantage of Active Directory awareness by installing a downloadable patch from Microsoft's Web site. This will permit down-level clients to use Kerberos security and to fully support Active Directory-compliant and -aware applications.
For organizations with a heavy investment in Exchange Server, it will be good news that this popular groupware suite will also utilize the Windows 2000 Active Directory, eliminating the need to maintain two sets of user accounts and other data.
In the next part of this series we examine API operations, administrative security and trust relationships.