|
|
 |
|
|
|
MCSE Training Kit (Exam 70-222): Migrating from Microsoft® Windows NT® 4.0 to Microsoft Windows® 2000
|
|
|
Author |
|
Microsoft Corporation
|
|
|
Pages |
576
|
|
Disk |
1 Companion CD(s); 2 Evaluation CD(s)
|
|
Level |
Int/Adv
|
|
Published |
01/31/2001
|
|
ISBN |
9780735612396
|
|
ISBN-10 |
0-7356-1239-0
|
|
Price(USD) |
$59.99
To see this book's discounted price, select a reseller below.
|
|
|
|
|
|
|
|
|
Index
Page references to figures and tables are indicated in italics.
2-way clustering services 19
4-way clustering services 19
8mm cassette backup 392
8-way symmetric multiprocessor 19
16-way symmetric multiprocessor 19
A
access control entries 100, 313
accessing
Active Directory 372
by administrator 277-79
DACLs 58
Dfs (distributed file system) 372
files 376
folders 376
user privileges 58
access permissions 58-59, 375-76. See also access tokens; trust relationships
access tokens 221, 222
size of 314
Windows NT 100
account domains 101, 119, 122-23, 130-31
accounts
duplicate 375-78
group 59-62
user 59-62
Accounts Operators group 59
Account Transition Options dialog box 287
ACEs (access control entries) 100, 313
Active Directory architects 63
Active Directory directory services. See also sites Active Directory; trust relationships
access problems 372
basic principles 103
design strategies 109-10
domain linking 107-8
installing 212-14
log and database directories 152
namespaces 104-5
objects in domains 105-6
organizational units and activity directory 103-4
pollution 209-10
Active Directory Installation Wizard 149-57, 361
Active Directory-Integrated DNS 349
Active Directory Migration Tool. See ADMT
Active Directory root
account domains as 130-31
adding new 131-32
Active Directory Service Interface 314-17
Active Directory Sites And Services administrative tool 110, 273-74
Active Directory Users And Computers administrative tool 326-28
Add A Session Comment dialog box 342
Add DNS Server dialog box 88
Add Group dialog box 189
Add/Remove Snap-In dialog box 330
addresses, IP. See IP addresses
Add setting of Security Translation wizard
AddSidHistory method 292
Add To Chart dialog box 82
Add User Or Group dialog box 281
Add Users And Groups dialog box 279
Addusers utility 60, 61
administration
centralizing 120
decentralizing 120
isolating 115
restructuring 119-21
and site design 114
administrative documents 29-30
administrative plan 114-15
administrator access 277-79
Administrators Properties dialog box 278
ADMT (Active Directory Migration Tool)
cloning shared local groups 334-35
cloning users 286-89
installing 285-86
inter-forest cloning 226
intra-forest restructuring 305-6
limitations 285
moving workstations 236
obtaining 284
purpose 284
requirements to function 277, 280
Security Translation wizard 312-13
troubleshooting 289-90
ADSI Edit snap-in tool 314-17
Advanced Server 145-57
analysis phase 2, 3-5
analyzing security configuration 59
anonymous users 155
APIPA (Automatic Private IP Addressing) 367
APIs (application programming interfaces) 35
applications
assessment of 51-56
business 53-54
compatibility 34-35
directory of 357-60
Microsoft Readiness Analyzer 54-55
consolidating 52
inventory of, 46, 51-52, 56
mission-critical 53-54
programming interfaces 35
restoring 313
security 34
sharing 323
site-aware 110
third-party 360
architects Active Directory
assessing
access permissions 58
applications 51-56
DHCP services 74-75
Directory Replicator Service 93
hardware 46-51
NetBIOS 82-83
network services 68-73
personnel 63-65
RRAS 93-94
security 57-62
WINS and NetBIOS Services 75, 82-83
assigning
group policy objects 177-78
staff 29
Audit Account Management success and failure 225, 229
auditing 225, 229, 280-82
authentication. See also passwords; trust relationships
biometric devices 58
certificate services 57-58
Kerberos protocol 87, 369
NTFS permissions 375-76
and SIDhistory property 220-22
smart cards 58
troubleshooting 369-70
using certificate services 57-58
of user accounts in different domains 186-87
Windows NT 98-102, 184-85
authorization entry
Automatic Private IP Addressing 367
automatic trusts 106-7
AvoidTimeSyncOnWan registry value 381
B
backing up
migrated environment 311
process 399-402
security issues 395
source domains 334, 335
with tape 392-93
testing 393
Windows 2000 Backup program 393-95
backup domain controllers
moving 238-39
preparation before upgrading 194
role in pre-upgrade procedures 403-5
synchronizing with primary domain controllers , 348
troubleshooting 348
upgrading 195-98
Backup Job Information dialog box 400
Backup Progress dialog box 401
Balance setting 323
bandwidth 72
BDCs. See backup domain controllers
Benport.inc document 55
BIND files 92
biometric devices 58
bitmaps 172
Block Inheritance settings 176
Boot.ini file 148
BOOTP clients 74, 367
budget considerations. See cost considerations
building support and maintenance team 41-43
Built-in container object 106
business applications 53-54
business continuity , 29, 193. See also backing up; maintaining network services
planning for failure 388-91
protecting information 395-96
business-critical applications 53
business goals 22-24
C
capacity
planning 30
testing 37
cassette backup 392
CD-ROM requirements, 33
certificate services 57-58
challenge/response process 100
change resistance to , 26
child domains 150
clients
bootstrap protocol 74
connectivity issues 369-74
Clients and Windows 2000 servers
Cloneggu.vbs script 292
Clonegg.vbs script 292
Clonelg.vbs script 292
ClonePrincipal utility 226
cloning users 293-94
COM object 291-92
practice using 294-95
purpose 291
requirements to function 280
scripts 293
when to use 293
Clonepr.vbs script 292
Clonescript.bat script 295
cloning. See inter-forest restructuring
closed sets
of computers 233-34
of users 230, 231-32, 234-35
clustering services 19
.cmd files 55
.com files 55
commands. See under specific commands
communication 26, 28, 30
importance of 64
support and maintenance teams 43
communication links 68
COM object of ClonePrincipal utility -92
compatibility
of applications 34-35
directory of 357-60
Microsoft Readiness Analyzer 54-55
of hardware drivers 48
complete trust domains 122
computers closed sets of -34
Computers container object 106
computer settings 182
Configure DHCP Options dialog box 411
Configure DNS page, 154
configuring
auditing 280-82
DHCP services 76-81, 408-13
DNS 88-90, 255-60, 277
MIGKIT primary domain controller 144-45
pristine environment 211-17
source environment 244-45
trust relationships 277
virtual memory 325
Windows NT source domain 280-82
conflict detection 412-13
Connection dialog box 315
connectivity issues 369-74
Connect method of ClonePrincipal utility
Console Options dialog box 330
consolidating
applications 52
domains 11, 118-21, 123
RRAS (Routing and Remote Access Service) 194
servers 19
consultants 64
container objects 106
containers 177, 180, 182
contingency planning 72
continuity. See business continuity
control delegating -2, 326-28
Copy backup mode 394
CopyDownlevelUserProperties method 292
copying. See also inter-forest restructuring
profiles 241
security principal objects 218
corporate standards leader 41
cost considerations
defining 29
downtime 391
hardware 51-52, 56
minimizing costs 10
partial upgrade/partial restore 11
resource planning 30
Windows 2000 clients, 15-16
Windows NT, Windows 9.x, and Windows Me
Create New Zone dialog box 90
Create Or Join Forest page 151
Create Scope dialog box 77
Create Tree Or Child Domain page 150
Creating New Zone dialog box , 89
cross-link trusts 107
crucial applications 53
current environment summary document 30
cutting and pasting users/groups. See inter-forest restructuring; intra-forest restructuring
D
DACLs 58, 313
Daily backup mode 394
databases
DNS 362-63
Security Accounts Manager 100
Systems Manager Server 47
DAT backup 392
Dcpromo utility 239
decommissioning 334-39
Default Domain Controllers GPO 178
Default-First-Site-Name (site) 210
defragmenting hard disks 311
delegating control 101-2, 326-28
deliverables
identifying 24-25
mapping onto system functions 28
test program 36
deployment
documents 30-31
and personnel 41, 42, 63, 64
security configuration 59
Designing a Microsoft Windows 2000 Directory Services Infrastructure 255
design phase
explanation 2
identifying tasks 3-5
desktop settings 172
device drivers. See drivers hardware
Dfs (distributed file system) 34
access problems 372
installing 318-19
Dfsutil command 374
Dhcpcmd.exe utility 75, 80
dhcp.dmp file , 416
DHCP Manager 75, 76-79, 80
DHCP Options: Scope dialog box 78
DHCP server service
assessing 74-75
configuring 76-81, 408-13
creating extra settings 77-79
DHCP client configuration 79
ensuring continuity 406-7
extracting configuration settings 415-16
installing 76, 407-8
integrating 47
troubleshooting 367-68
upgrading 194
verifying 414-15
Diagnostics dialog box, Window NT , 49
diagnostics utilities hardware inventory
diagrams network -72
dial-in connections 93-94
Differential backup mode 394
digital audio tape backup 392
digital linear tape backup 392
dir c:\*.exe /s > %computername%.inc command 55
Directory Replicator Service 93
Directory Services Restore Mode Administrator Password page 155
disaster recovery BDC 143
discretionary access control lists. See DACLs
disk drives
hot-swapping 388
imaging 395-96
optimizing performance 311
quotas 318-19
required capacity, 33, 46
Display Properties dialog box 191
Distributed file system 34, 319, 320
.dll files 55
DLT backup 392
DNS. See also namespaces
basic principles 85-87
configuring 88-90, 255-60, 277
creating reverse lookup zone 90
database corruption 362-63
host server information 91-92
installing 87-88
integrating 47
replacement of NetBIOS 33-34
DNS Manager 87, 88-90
DNS servers
installing 210-11
troubleshooting 349
upgrading 193-94
DNS service
bringing down 363
maintaining 405
repairing 364
testing 364
documentation
network 68-72
planning 31
pristine environment planning 209
project planning 28-31
security issues 376
test program 36
domain controllers. See also backup domain controllers; primary domain controllers
authentication by 184-85
container for 106
demoting to member servers 195, 239
logging on to 109
and multiple-master replication 93
problems communicating with global catalog servers 370
problems creating 361
protecting 403-5
redeploying 335-39
requirements for inter-forest restructures 225
setting up connections to 291-92
troubleshooting failure in root domain 348-49
and upgrade process 110
and Windows Time Service 383
Domain Controllers container object 106
domain host 90-91
domain local groups 233
Domain Name System. See DNS
Domain Naming Master 321
domains. See also resource domains; restructuring domains; source domains; trust relationships
account 101, 119, 122-23, 130-31
and Active Directory design strategies 114-15
adding workstations to 261-62
allowing administrator access between 277-79
architecture of 70, 106-7
arrangement of 114-15
authentication 185, 186-87
child 150
configuring for intra-forest restructuring 301-4
consolidating 11, 118-21
decentralizing 120
definition 105
depth of 107
domain local groups 233
and domain policies 120
hierarchy of 105, 121
linking 107-8
mixed mode 199-201, 215, 370
multiple 120
naming issues 355-56
objects in 105-6
order of migration 97, 209
placeholder 132, 211
policies for 176
purpose 6
requirements for inter-forest restructures 224-25
standard models 122
target 334
and trusts 106-7
validating 187-88
Windows NT 101-2
dongles 57
Do Not Display Last User Name In Logon Screen setting 340
downtime
cost of 391
scheduling 53
drivers hardware
biometric device 58
compatibility 48
network cards 150
new support 33
dual-boot systems 147
DumpSec utility 62
duplicate accounts 375-78
duplicate IP addresses 412
duplicate servers 405
duplicate usernames 59
dynamic updates 47, 85, 210
E
editing group policy objects 178
eight-way symmetric multiprocessor 19
e-mail services 53, 405
Emergency Repair Disks 393, 397-98
employees. See personnel
endpoints migration -17
Enterprise Admins groups 120
entry authorization 155
environments. See also pristine environment
backing up 311
documentation 30
heterogeneous 17
preventing users from changing 182
source 242-43, 244-45
ERDs (Emergency Repair Disks) 393, 397-98
event logs 311
Everyone group permission 94
Exchange Server 2000, 123
executive sponsors of migration project
explicit one-way trusts 108
extended integration testing 39
F
facilities planning for needed , 37
failure points 403
failure, systems. See also troubleshooting
planning for 388-91
recovery from 119
risk analysis 26
fault reporting process 389-90
File Replication Service 93, 371
files. See also replication; and names of specific files
identifying users with access to 58
searching for 55
sharing of 323-24
troubleshooting access problems 376
virtual structures 34
filters password
Finance Properties dialog box 189, 190
financial considerations. See cost considerations
fingerprint logon 58
firewalls 376
flexible single master operations roles 321-22
folders
identifying users with access to 58
root node 319
shared 172, 318, 319, 377
troubleshooting access problems 376
Foreign Security Principals container object 106
forests. See also inter-forest restructuring; intra-forest restructuring
and Active Directory design strategies 114-15
arrangement of 114-15
creating 150-51
definition 105
intra-forest restructuring 220
joining 300-302
linking domains across 107
moving trees of objects within 297-99
pristine 118-19
root of 209, 210
forward lookup zones 257-58, 260
four-way clustering services 19
four-way symmetric multiprocessor 19
FQDN
domain names 355-56
forcing to use in referrals 373-74
fragmented hard disks 311
FRS (File Replication Service) 93
FSMO (flexible single master operations) 321-22
FSMO servers 350
functionality improving
functional specification 28
G
gap analysis document 30
gathering information. See inventory
Global Admins groups 120
global catalog servers
failure of 349
problems communicating with 370
and universal groups 234-35
global groups
converting to universal 234-35
explanation 101, 230-31
globally unique identifiers 228
goals
of migration 22-25, 28, 29-30, 111
of test programs 37
GPOs (group policy objects) 176-80, 275-76
Gpresult.exe tool 377
group policies 275-76
group policy objects 176-80, 275-76
applying to organization units 188-91
setting values to registry keys with 179
troubleshooting 371-72
and user rights 377
groups. See also inter-forest restructuring
account security 59-62
domain local 233
global 101, 230-31
identifying users belonging to 58
local , 237, 238
shared local 227, 334-35
and SIDhistory property 220-22
universal 234-35, 370
GUI component of Security Configuration Manager
GUIDs 228, 241
H
hacking dangers 155
hard disks. See disk drives
hardware. See also under names of specific hardware
assessment 46-51
compatibility 357-60
On Forever technology 388
hot-swapping 388
inventory of 47
report 49-50
requirements 32-33
Hardware Compatibility List 48
hardware keys 57
HCL (Hardware Compatibility List) 48
help-desk and training leader 42
heterogeneous environments 17
Hkey_Current_User\Software\Microsoft\Windows\ CurrentVersion\Policies registry key 182
Hkey_Current_User\Software\Policies registry key 182
HKey_Local_Machine\Software\Microsoft\Windows\ CurrentVersion\Policies registry key 182
HKey_Local_Machine\Software\Policies registry key 182
host server information DNS -92
hot-swapping disk drives 388
I
ICloneSecurityPrincipal::CopyDownlevelUser Properties method 293
ILikeToMoveIt.bat file 305
imaging 395-96
implementation phase. See production phase
inbound time partners 380
Incremental backup mode 394
information, gathering. See inventory
information protection 395-96
infrastructure assessment. See also applications compatibility; applications, inventory of; DNS; network services, assessing
application assessment 51-56
Directory Replicator Service 93
hardware assessment 46-51
personnel assessment 63-65
RRAS 93-94
security assessment 57-62
Infrastructure Master 321
infrastructure specialists 63
inheritance permission
in-place upgrades. See upgrading
input/output requirements, 33
installing
Active Directory directory services 212-14
ADMT 285-86
DHCP services 76, 407-8
Distributed file system 319, 320
DNS 87-88
DNS servers 210-11
organizational unit hierarchy 211
security scanners 341-42
support tools 311
WINS 81
integrating
DHCP 47
DNS 47
Intellimirror technologies 19
inter-forest restructuring 218, 219
challenges 226
establishing trusts 243
inter-forest cloning 226-27
preparing for
allowing administrator access between domains 277-79
configuring auditing 280-82
configuring DNS 277
configuring Windows NT Source Domain 282
creating organizational units 274
implementing group policies 275-76
setting up trusts 274
site topology plan implementation 273-74
prerequisites 224-25
using ADMT with 285, 286-89
when to use 224
Internet Protocol (TCP/IP) Properties dialog box 195, 255, 414
interoperability testing 37
intra-forest restructuring 218, 219, 220
challenges 229-30
configuring domains for 301-4
using ADMT with 285
when to use 228
inventory
application, 46, 48-49, 51-52, 56
hardware 47
IP Address Array Editor dialog box 78
IP addresses 47
Automatic Private IP Addressing 367
and continuity of DHCP servers 406-7
duplicate 412
and pristine restructures 74
ipconfig /all command 80, 150, 157, 367, 415
ipconfig /release command 157, 415
ipconfig /renew command 157, 415
isolating administration 115
ISS Internet Scanner 341-342
K
KCC (Knowledge Consistency Checker) 365
Kerberos authentication protocol 86-87, 369, 380
Kerberos trusts 106-7
Key Select dialog box 342
keys registry -80
Knowledge Base Microsoft
Knowledge Consistency Checker 365
L
LAN Manager authentication passwords 18
LAN Manager Replication Service 93, 153, 371
LANs 110
Lbridge.cmd script 93, 164-67, 289, 371
life cycle project , 3-5
limited pilot testing 39
linking of domains and trusts 107-8, 273-74
LMHOSTS file 406
LM passwords 18
local area networks. See LANs
Local Computer policies 176
local groups 101
defaults 106
migrating , 238
shared 334-35
Local Security Authority 100
locking down environments 182
logoff system scripts 34
logon. See also access tokens
access to logon information 155
fingerprint 58
problems (Windows NT) 109
and quota violations 319
and RRAS 93-94
and SIDhistory property 220-22
system scripts 34
testing 38
troubleshooting script failures 370-71
logs event , 374, 393
LSA (Local Security Authority) 100
Ls command 260
LSDOU mode 176, 275
M
magnetic tape backup 392-93
maintaining network services
continuing application services 405
DNS services 405
protecting domain controllers 403-5
WIN services 406
maintenance team 41-43
management software 74
management utilities 47
mandate establishing
Market.bat file 158
master domains 122
master-slave replication 100, 109
MCSE Training Kit-Designing a Microsoft Windows 2000 Directory Services Infrastructure, 255
MCSE Training Kit-Microsoft Windows 2000 Active Directory Services, 70, 255
member servers
demoting domain controllers to 195, 239
explanation 236
moving 236-37
promoting to domain controller , 196
memory
hot-swappable 388
processor, 32
virtual 325
Microsoft Exchange Server 2000, 15, 16, 22, 72, 110, 123, 383
Microsoft Hardware Compatibility List 48
Microsoft Management Console (MMC) 34, 329-33
Microsoft Security Configuration Editor 58-59, 234
Microsoft Security Configuration Manager 58-59, 234
Microsoft Knowledge Base 26
Microsoft Solutions Framework Web 5
Microsoft Systems Manager Server. See SMS
Microsoft Technet Web site 26
Microsoft Windows 2000 Readiness Analyzer 54-55, 357
migration
definition 1
goals 22-24, 28, 29-30, 111
migration endpoints 15-17
migration strategy document 30
milestones project
Minimize Memory setting 323
mission-critical applications 53, 53-54
mixed mode 6
and restructures 9
working on same network as native mode 11
mixed mode domains 199-201, 215, 370
mixed Windows NT and Windows 2000 clients and servers, 15
MMC. See Microsoft Management Console
modes
mixed 6, 9, 11
native 6
working on same network 11
monitor requirements, 33
Moreusrs.bat file 289
Move dialog box 191
MoveTree.err file 298
MoveTree utility
limitations 298-99
purpose 297-98
troubleshooting 322
using for intra-forest restructuring 304-5
when to use 298
moving. See also intra-forest restructuring
member servers 236-37
objects between domains in forest 218
user profiles 240
users, 220
workstations 236-37
MS-DOS 359
MSSCE (Microsoft Security Configuration Editor) 58-59, 234
multimaster replication , 109, 153, 161
multiple-boot systems 147
multiple domains 120
multiple-forest design 115
multiple-master domains 122
multiprocessors. See SMP
Next
Last Updated: Friday, July 6, 2001 |
