Planning server roles and the order of server upgrades from Windows NT

  • Article

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Planning server roles and the order of server upgrades from Windows NT

This section provides a list of basic guidelines to use when planning server roles and the order of server upgrades in a domain where all the domain controllers run Windows NT 4.0. For information about how this planning fits into the overall process of the upgrade, see Upgrades in a Windows NT 4.0 Domain.

Use the following guidelines when planning server roles and the order of server upgrades from Windows NT:

  • Familiarize yourself with the slight differences between the naming of server roles for servers running Windows NT as compared to servers running Windows Server 2003:

    • In Windows NT, there are two kinds of domain controllers, the primary domain controller, which is limited to one per domain and contains a read-write database, and backup domain controller, which is not limited in number and contains a read-only database.

    • For domain controllers running Windows Server 2003, there is only one kind of domain controller, without a "primary" or "backup" designation. All domain controllers contain matching copies of the user accounts and other Active Directory data in a given domain, and provide read-write access to that data.

    • In addition to domain controllers, the possible roles for either operating system include member server, which belongs to a domain but does not contain a copy of the Active Directory data, and stand-alone server, which belongs to a workgroup instead of a domain.

  • Note that in contrast with Windows NT, you can change the role of a server without rerunning Setup. However, as a general practice, it is best to plan the roles ahead of time and change them only as necessary.

  • As was true with Windows NT, a domain must have at least one domain controller, but it is recommended that a domain have multiple domain controllers for resilience in the handling of logon requests and directory updates.

  • If the features you need most are not Active Directory features, you can focus on upgrading member servers first. For information about reasons for upgrading a particular member server early in the process, see Planning the order of server upgrades in a Windows NT 4.0 domain.

  • If the features you need most are Active Directory features, focus on upgrading domain controllers first, and carry out the advance planning that is necessary for this part of the upgrade.

    Important

    • When you begin the upgrade of domain controllers running Windows NT 4.0, you must upgrade the primary domain controller first.

    For information about the features that come with Active Directory, see Planning the order of server upgrades in a Windows NT 4.0 domain. For information about the planning necessary before upgrading to Active Directory, see Planning DNS for the upgrade of domain controllers running Windows NT 4.0.

  • When you begin upgrading domain controllers, if you have a remote access server that is a member server, it is recommended that you upgrade it before the last domain controller is upgraded. Such a server is dependent on domain controllers for user information, and therefore should not be "left behind" when domain controllers are upgraded. As an alternative, you can weaken the security permissions in Active Directory so that the remote access server running Windows NT can read user attributes from the domain controllers running products in the Windows Server 2003 family. For more information, see the Windows Server 2003 Deployment Kit at the Microsoft Windows Server System Web site. For information about obtaining the Windows Server 2003 Resource Kit, see Using the Windows Deployment and Resource Kits.