Ureader.com  
Microsoft software help and Community
   home   |   control panel login   |   archive   |  
 
platform
active.directory
adsi
adsi.iis-admin
base
com_ole
complus_mts
component_svcs
database
directx
gdi
graphics_mm
internet.client
internet.server
internet.server.isapi-dev
localization
mapi
messaging
msi
mslayerforunicode
multimedia
networking
networking.ipv6
sdk_install
security
shell
telephony.tapi_2
telephony.tapi_3
telephony.tsp
telephony.wte
tools
ui
ui_shell
win_base_svcs
win16
  
 
date: Mon, 30 Jun 2008 12:21:20 -0400,    group: microsoft.public.platformsdk.active.directory        back       


Upgrading to AD2008, what do our developers need to know?    
Greetings,

I'm going to be writing a one page "What You Need to Know" brochure for our 
internal developers and application owners that bind to our AD to provide 
security and other meta for their applications.  We will be going direct 
from 2000 to 2008 (we will do the forestprep in two steps 20K to R2, R2 to 
08) and we will be conduct a hardware replacement which will complete the 
upgrade's DC swapout.

I have the following bullet points so far:

------------------------------------------------------------------------------------------------------------------------------------

- Schema Extension -

This will only add attributes to the AD database schema, it will not 
deactivate any attributes you are currently using.  However, your 
application performance may decrease while the Schema Extensions are 
replicating.  This will be done after-hours.

- Hardware Replacement -

We will conduct a one-for-one domain controller demotion/promotion and will 
preserve the existing IP address.  This will relieve the network 
administrators from having to update the DHCP scopes and DNS zone sharing 
settings.  the NAMES, however, will change, thus if you are binding to the 
directory using a fixed host name, we advise you to take this opportunity to 
follow best practices and update your code to reference the domain name 
directly.  The downtime period for each replace domain controller will be 
one day, and will be performed after-hours.

- Domain Controller Security policies

Base changes in the local security policy of the Windows Server 2008 
operating system may have an effect on your bind to Active Directory.  The 
key changes that may affect you are .....

- Global Catalog placement

In the below chart please find the names of the servers which will host the 
Global Catalog role.  Please note some DC's replaced will no longer hold the 
role. {add chart}

------------------------------------------------------------------------------------------------------------------------------------


That's all I can think of, if anyone else has suggestions I would appreciate 
any input I can get.

Thanks
date: Mon, 30 Jun 2008 12:21:20 -0400   author:   -

Re: Upgrading to AD2008, what do our developers need to know?    
If you are deploying any RODCs, your devs that write apps that write to AD 
need to be very careful about that.

Additionally, if you plan to use fine-grained password policies and 
currently have tools that calculate password expiration, the algorithm for 
that calculation needs to be addressed as it will be more complicated than 
it used to be.

Those are two initial thoughts.

Joe K.
-- 
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
<-> wrote in message news:e6tSW1s2IHA.5564@TK2MSFTNGP06.phx.gbl...
> Greetings,
>
> I'm going to be writing a one page "What You Need to Know" brochure for 
> our internal developers and application owners that bind to our AD to 
> provide security and other meta for their applications.  We will be going 
> direct from 2000 to 2008 (we will do the forestprep in two steps 20K to 
> R2, R2 to 08) and we will be conduct a hardware replacement which will 
> complete the upgrade's DC swapout.
>
> I have the following bullet points so far:
>
> ------------------------------------------------------------------------------------------------------------------------------------
>
> - Schema Extension -
>
> This will only add attributes to the AD database schema, it will not 
> deactivate any attributes you are currently using.  However, your 
> application performance may decrease while the Schema Extensions are 
> replicating.  This will be done after-hours.
>
> - Hardware Replacement -
>
> We will conduct a one-for-one domain controller demotion/promotion and 
> will preserve the existing IP address.  This will relieve the network 
> administrators from having to update the DHCP scopes and DNS zone sharing 
> settings.  the NAMES, however, will change, thus if you are binding to the 
> directory using a fixed host name, we advise you to take this opportunity 
> to follow best practices and update your code to reference the domain name 
> directly.  The downtime period for each replace domain controller will be 
> one day, and will be performed after-hours.
>
> - Domain Controller Security policies
>
> Base changes in the local security policy of the Windows Server 2008 
> operating system may have an effect on your bind to Active Directory.  The 
> key changes that may affect you are .....
>
> - Global Catalog placement
>
> In the below chart please find the names of the servers which will host 
> the Global Catalog role.  Please note some DC's replaced will no longer 
> hold the role. {add chart}
>
> ------------------------------------------------------------------------------------------------------------------------------------
>
>
> That's all I can think of, if anyone else has suggestions I would 
> appreciate any input I can get.
>
> Thanks
>
>
date: Mon, 30 Jun 2008 14:36:28 -0500   author:   Joe Kaplan

Re: Upgrading to AD2008, what do our developers need to know?    
Hello -,

You can not inplace upgrade the 2000 DC's. You have to add the 2008 server 
as member to the domain, upgrade the schema and then promote it to additional 
DC.

Upgrading the domain is one part, that you can find here:
http://technet2.microsoft.com/windowsserver2008/en/library/f1713937-0b3f-4b0d-9d31-410598278f6e1033.mspx?mfr=true

Hardware:
http://msdn.microsoft.com/en-us/windowsserver/cc196364.aspx

For the application part i would strongly recommend to prepare a test domain 
and check out your special needs for the applications.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers 
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

> Greetings,
> 
> I'm going to be writing a one page "What You Need to Know" brochure
> for our internal developers and application owners that bind to our AD
> to provide security and other meta for their applications.  We will be
> going direct from 2000 to 2008 (we will do the forestprep in two steps
> 20K to R2, R2 to 08) and we will be conduct a hardware replacement
> which will complete the upgrade's DC swapout.
> 
> I have the following bullet points so far:
> 
> ----------------------------------------------------------------------
> --------------------------------------------------------------
> 
> - Schema Extension -
> 
> This will only add attributes to the AD database schema, it will not
> deactivate any attributes you are currently using.  However, your
> application performance may decrease while the Schema Extensions are
> replicating.  This will be done after-hours.
> 
> - Hardware Replacement -
> 
> We will conduct a one-for-one domain controller demotion/promotion and
> will preserve the existing IP address.  This will relieve the network
> administrators from having to update the DHCP scopes and DNS zone
> sharing settings.  the NAMES, however, will change, thus if you are
> binding to the directory using a fixed host name, we advise you to
> take this opportunity to follow best practices and update your code to
> reference the domain name directly.  The downtime period for each
> replace domain controller will be one day, and will be performed
> after-hours.
> 
> - Domain Controller Security policies
> 
> Base changes in the local security policy of the Windows Server 2008
> operating system may have an effect on your bind to Active Directory.
> The key changes that may affect you are .....
> 
> - Global Catalog placement
> 
> In the below chart please find the names of the servers which will
> host the Global Catalog role.  Please note some DC's replaced will no
> longer hold the role. {add chart}
> 
> ----------------------------------------------------------------------
> --------------------------------------------------------------
> 
> That's all I can think of, if anyone else has suggestions I would
> appreciate any input I can get.
> 
> Thanks
>
date: Mon, 30 Jun 2008 19:46:52 +0000 (UTC)   author:   Meinolf Weber meiweb(nospam)@gmx.de

Re: Upgrading to AD2008, what do our developers need to know?    
That's a good tip regarding RODC's.  We won't be using RODC's, granual 
password policies, or anything that requires upgrading the functional level 
for the domain/forest.  The reason is because it will take a long time to 
swap out the DC's.  Thanks for tips, it's always helpful to get some 
peoples' opinions!

"Joe Kaplan"  wrote in message 
news:OCcF%23ku2IHA.1204@TK2MSFTNGP04.phx.gbl...
> If you are deploying any RODCs, your devs that write apps that write to AD 
> need to be very careful about that.
>
> Additionally, if you plan to use fine-grained password policies and 
> currently have tools that calculate password expiration, the algorithm for 
> that calculation needs to be addressed as it will be more complicated than 
> it used to be.
>
> Those are two initial thoughts.
>
> Joe K.
> -- 
> Joe Kaplan-MS MVP Directory Services Programming
> Co-author of "The .NET Developer's Guide to Directory Services 
> Programming"
> http://www.directoryprogramming.net
> --
> <-> wrote in message news:e6tSW1s2IHA.5564@TK2MSFTNGP06.phx.gbl...
>> Greetings,
>>
>> I'm going to be writing a one page "What You Need to Know" brochure for 
>> our internal developers and application owners that bind to our AD to 
>> provide security and other meta for their applications.  We will be going 
>> direct from 2000 to 2008 (we will do the forestprep in two steps 20K to 
>> R2, R2 to 08) and we will be conduct a hardware replacement which will 
>> complete the upgrade's DC swapout.
>>
>> I have the following bullet points so far:
>>
>> ------------------------------------------------------------------------------------------------------------------------------------
>>
>> - Schema Extension -
>>
>> This will only add attributes to the AD database schema, it will not 
>> deactivate any attributes you are currently using.  However, your 
>> application performance may decrease while the Schema Extensions are 
>> replicating.  This will be done after-hours.
>>
>> - Hardware Replacement -
>>
>> We will conduct a one-for-one domain controller demotion/promotion and 
>> will preserve the existing IP address.  This will relieve the network 
>> administrators from having to update the DHCP scopes and DNS zone sharing 
>> settings.  the NAMES, however, will change, thus if you are binding to 
>> the directory using a fixed host name, we advise you to take this 
>> opportunity to follow best practices and update your code to reference 
>> the domain name directly.  The downtime period for each replace domain 
>> controller will be one day, and will be performed after-hours.
>>
>> - Domain Controller Security policies
>>
>> Base changes in the local security policy of the Windows Server 2008 
>> operating system may have an effect on your bind to Active Directory. 
>> The key changes that may affect you are .....
>>
>> - Global Catalog placement
>>
>> In the below chart please find the names of the servers which will host 
>> the Global Catalog role.  Please note some DC's replaced will no longer 
>> hold the role. {add chart}
>>
>> ------------------------------------------------------------------------------------------------------------------------------------
>>
>>
>> That's all I can think of, if anyone else has suggestions I would 
>> appreciate any input I can get.
>>
>> Thanks
>>
>>
>
>
date: Tue, 1 Jul 2008 13:13:43 -0400   author:   -

Re: Upgrading to AD2008, what do our developers need to know?    
We were in fact planning on doing it as you recommend, 2008 member servers 
to DC's, then demote the existing 2000 DC's.  I wish we could throw in a 
test version of all our app/dev servers into a fully parallel environment 
but we lack the equipment resources to get the to make it possible.  We 
intend to space the schema extensions and any "prep" commands at least a 
week apart, taking backups all the while, such that sufficient time can pass 
at each checkpoint to handle any arising issues.

"Meinolf Weber" <meiweb(nospam)@gmx.de> wrote in message 
news:ff16fb66a269f8caa911f1117f90@msnews.microsoft.com...
> Hello -,
>
> You can not inplace upgrade the 2000 DC's. You have to add the 2008 server 
> as member to the domain, upgrade the schema and then promote it to 
> additional DC.
>
> Upgrading the domain is one part, that you can find here:
> http://technet2.microsoft.com/windowsserver2008/en/library/f1713937-0b3f-4b0d-9d31-410598278f6e1033.mspx?mfr=true
>
> Hardware:
> http://msdn.microsoft.com/en-us/windowsserver/cc196364.aspx
>
> For the application part i would strongly recommend to prepare a test 
> domain and check out your special needs for the applications.
>
> Best regards
>
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and 
> confers no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>
>> Greetings,
>>
>> I'm going to be writing a one page "What You Need to Know" brochure
>> for our internal developers and application owners that bind to our AD
>> to provide security and other meta for their applications.  We will be
>> going direct from 2000 to 2008 (we will do the forestprep in two steps
>> 20K to R2, R2 to 08) and we will be conduct a hardware replacement
>> which will complete the upgrade's DC swapout.
>>
>> I have the following bullet points so far:
>>
>> ----------------------------------------------------------------------
>> --------------------------------------------------------------
>>
>> - Schema Extension -
>>
>> This will only add attributes to the AD database schema, it will not
>> deactivate any attributes you are currently using.  However, your
>> application performance may decrease while the Schema Extensions are
>> replicating.  This will be done after-hours.
>>
>> - Hardware Replacement -
>>
>> We will conduct a one-for-one domain controller demotion/promotion and
>> will preserve the existing IP address.  This will relieve the network
>> administrators from having to update the DHCP scopes and DNS zone
>> sharing settings.  the NAMES, however, will change, thus if you are
>> binding to the directory using a fixed host name, we advise you to
>> take this opportunity to follow best practices and update your code to
>> reference the domain name directly.  The downtime period for each
>> replace domain controller will be one day, and will be performed
>> after-hours.
>>
>> - Domain Controller Security policies
>>
>> Base changes in the local security policy of the Windows Server 2008
>> operating system may have an effect on your bind to Active Directory.
>> The key changes that may affect you are .....
>>
>> - Global Catalog placement
>>
>> In the below chart please find the names of the servers which will
>> host the Global Catalog role.  Please note some DC's replaced will no
>> longer hold the role. {add chart}
>>
>> ----------------------------------------------------------------------
>> --------------------------------------------------------------
>>
>> That's all I can think of, if anyone else has suggestions I would
>> appreciate any input I can get.
>>
>> Thanks
>>
>
>
date: Tue, 1 Jul 2008 13:16:47 -0400   author:   -

Google
 
Web ureader.com


    COPYRIGHT 2007, YARDI TECHNOLOGY LIMITED, ALL RIGHT RESERVE  |   contact us