December 14, 2000, 11:45 AM — So you've been working with NT domains for a few years, and now you're staring
Active Directory in the face. Directories being the complex beasts they are, you know
that you're in for a real challenge if you're going to move to Microsoft's next-
generation operating system, Windows 2000. Here are a few things that will help you get
your NT 4.0 domain infrastructure in order before you flip the switch on Active
Verify the information you already have in your domains. Chances are your
old domains have grown cluttered, full of user IDs of past employees, groups that exist
for no apparent reason, and accounts that haven't seen action for two months because
the users have moved from marketing to sales.
There's no point in migrating all your garbage to Windows 2000 - clean it up now.
Tools such as Entevo's DirectManage suite ( target="_new">www.entevo.com) have domain searching and reporting capabilities that
can help you weed out duplicate or outdated information within your domains.
Directory will be to do so from a single domain. Many NT 4.0 shops have divided their
installations into several domains in order to accommodate multiple geographical
locations or autonomous departments. You'll save effort during the upgrade if you
consolidate them now.
The main issues you'll face when consolidating NT 4.0 domains are resolving
disparate naming standards and reconciling security policies. Products such as FastLane
Technologies' DM/Manager ( target="_new">www.fastlanetech.com) and Mission Critical's Domain Administrator ( href="http://www.missioncritical.com/" target="_new">www.missioncritical.com) can
help you address these issues for consolidating NT 4.0 domains and migrating NT 4.0
domains to Active Directory.
Directory hierarchy and how the migration will affect how they locate and use network
resources. You can do this with any number of Active Directory modeling tools.
For example, Aelita Software Group (
target="_new">www.aelita.com) offers a utility called Delegation Manager that lets
you create an Active Directory structure, test it in a controlled environment to see if
it works and gain management's approval, and then roll back the changes if you don't
the migration. The wrong way is to do an in-place upgrade to Windows 2000 at your NT
4.0 primary domain controller and upgrade the entire domain at once. This converts your
network irrevocably to Windows 2000. You can't undo it, which is risky.