So you've been working with NT domains for a few years, and now you're staring Active Directory in the face. Directories being the complex beasts they are, you know that you're in for a real challenge if you're going to move to Microsoft's next- generation operating system, Windows 2000. Here are a few things that will help you get your NT 4.0 domain infrastructure in order before you flip the switch on Active Directory.
Verify the information you already have in your domains. Chances are your old domains have grown cluttered, full of user IDs of past employees, groups that exist for no apparent reason, and accounts that haven't seen action for two months because the users have moved from marketing to sales.
There's no point in migrating all your garbage to Windows 2000 - clean it up now. Tools such as Entevo's DirectManage suite (www.entevo.com) have domain searching and reporting capabilities that can help you weed out duplicate or outdated information within your domains.
The main issues you'll face when consolidating NT 4.0 domains are resolving disparate naming standards and reconciling security policies. Products such as FastLane Technologies' DM/Manager (www.fastlanetech.com) and Mission Critical's Domain Administrator (www.missioncritical.com) can help you address these issues for consolidating NT 4.0 domains and migrating NT 4.0 domains to Active Directory.
For example, Aelita Software Group (www.aelita.com) offers a utility called Delegation Manager that lets you create an Active Directory structure, test it in a controlled environment to see if it works and gain management's approval, and then roll back the changes if you don't like it.
The better option is an incremental migration of domain information to Active Directory. This means you move your users over in subgroups, ensuring that both the old NT 4.0 account and the new account in Active Directory have access to the resources. In this respect, you keep the NT 4.0 domain structure intact, so if you do have any problems you can always revert to it and maintain service levels. This is an essential requirement for moving any large enterprise NT 4.0 installation to Active Directory.
This story, "Closing the Active Directory gap" was originally published by Network World.