Out with the Old, In With the New

With NT support ending soon, credit union administrator doesn't want to be left supporting orphanware and ponders an upgrade to Windows Server 2003.

Question: I'm the sole administrator for a credit union with 25 users. Our main application runs on an HP/UX, but our day-to-day operations run inside a Windows NT domain. I have a four-year-old PDC running file and print services and Microsoft Mail, a six-year-old BDC that's also a print server, a member server running a home banking application, and a member server running a voice response system for our PBX.

I know NT is coming to end of life/support in January and have received a quote from our Dell rep for a new server to replace our PDC. I'm looking at putting Windows Server 2003 Standard Edition on the new box, the two domain controllers and our home banking server. The vendor for the home banking application says he supports an upgrade from NT to Windows Server 2003.

We're also thinking about outsourcing e-mail to the hosting company that does our Web site.

What are your thoughts? Anything we should watch out for?
— Arnold

Get Help from Bill

Got a Windows or Exchange question or need troubleshooting help? Or maybe you want a better explanation than provided in the manuals? Describe your dilemma in an e-mail to Bill at mailto:boswell@101com.com; the best questions get answered in this column.

When you send your questions, please include your full first and last name, location, certifications (if any) with your message. (If you prefer to remain anonymous, specify this in your message but submit the requested information for verification purposes.)

Answer: My first concern is for the mission-critical application running on the HP/UX server. I'd want to make absolutely sure that it doesn't rely on an authentication feature in NT that might not be supported in the new security environment under Windows Server 2003. Get some feedback from the vendor on this.

Also, make sure you don't have any other services running under Unix that might use Windows for authentication. For example, make sure that you don't have any Samba connections between users and the server or between the server and the support folks for the application. You can run Samba in a Windows Server 2003 environment, but you might have to upgrade the version.

Okay, assuming that you don't need to make any adjustments to the main line-of-business application, my next concern is the home banking application that's currently running on an NT server. I like that your vendor expresses support for an upgrade, but it's been my experience that "support" sometimes gets a little strained if something unexpected goes wrong. If it were me, I'd take a complete image of the server before I did the upgrade just to make absolutely sure that I had a fast fallback in case something came up that tested their "support" policy.

You might also consider installing a new server running the application, or image the old server, wipe the drives, do a fresh install of Windows Server 2003, install the application, then restore any data or make any necessary connections to the back-end data.

The same goes for your voice response system. Sometimes vendors in the phone industry aren't quick to support new platforms. New, in their viewpoint, being anything created following the breakup of Ma Bell.

Now for your e-mail. Before you outsource e-mail to a hosting service, make absolutely sure that you don't have any government regulatory requirements that restrict the handling of e-mail by third parties. I'm not sure about the rules for banks and credit unions. If a reader who knows the rules can write in, I'd be glad to include that information in a later column.

Assuming that you have a regulatory constraint on outsourcing your e-mail, you can either install an Exchange 2003 server or some other post office application. Consider saving all current mail in .PST files and starting fresh with new inboxes in Exchange 2003. Be sure you have a back-up solution that can handle Exchange. Exchange Server 2003's Intelligent Message Filter (IMF) does a pretty good job of spam prevention, but you might want to evaluate other products.

Now for the domain upgrade. Like any NT-to-Active Directory migration, the most important item is DNS. Select a DNS name that works for you, then register the name unless it uses a ".local" or ".pri" root.

I like the idea of getting a new server to act as the first Windows Server 2003 domain controller, but since the existing PDC is fairly new, and if you have a support contract for it, there's no reason why you couldn't use it in production after the migration. The sequence of events is as follows:

  1. Install NT SP6a with all patches on the new server and configure it to be a BDC.
  2. Promote the new server to be the PDC then upgrade it to Windows Server 2003.
  3. Install an Exchange 2003 server (or whatever e-mail application you choose) on a separate server or on the newly promoted domain controller.
  4. Get your e-mail configuration stabilized then remove Microsoft Mail from the old PDC (which is now a BDC).
  5. Move all the data off the old PDC to the new server. (Or make a backup that you can restore later on, but make absolutely sure you can do a full restore.)
  6. Wipe the hard drive on the old PDC and do a fresh install of Windows Server 2003.
  7. Promote the newly reinstalled server to be a domain controller. This gives you two domain controllers in your domain for redundancy.
  8. Move the printer queues from the old BDC to either of the new Windows Server 2003 servers.
  9. Retire the old BDC simply by removing it from the wire.
  10. Shift the domain and the forest from Interim functional level to Windows Server 2003 functional level.

Now migrate or upgrade your application servers and then take an afternoon off. You'll deserve it.

Have fun!

About the Author

Contributing Editor Bill Boswell, MCSE, is the principal of Bill Boswell Consulting, Inc. He's the author of Inside Windows Server 2003 and Learning Exchange Server 2003 both from Addison Wesley. Bill is also Redmond magazine's "Windows Insider" columnist and a speaker at MCP Magazine's TechMentor Conferences.

comments powered by Disqus

Reader Comments:

Wed, Sep 1, 2004 Lee Lawson Dallas, Tx

Before moving to an outsourced e-mail vendor, I'd ensure I could live with the downtime when the outsourced e-mail vendor doesn't get e-mail back working quite as quickly as you'd like.

Maybe even have a service level agreement that provides a financial incentive for them to keep the system running.

Wed, Sep 1, 2004 Gene Buettner Joplin, MO

Good catch on the OEM install, D-P. I only install from volume license media and missed that completely. The other issue with installing NT on the new box is the 4 gig limit for the system partition. You can't install NT to a larger partition. It is possible to expand the partition to 7.8 gig (but NO larger!!) after the install with the right third-party utilities but the entire task is a day-long pig fraught with numerous pitfalls. (FYI, I did it on a PE2600 back in January. Dell's take on it is "You're on your own; it's not supported." With the 2600 reaching end-of-production, its replacement won't support NT in any configuration.) A 4 gig partition for Win2k3 is really too small so there's that issue to deal with as well; you really want at least 6 gigs and 10 to 16 if you're ever going to consider terminal services. I do stand by my agreement with the bubble box install, however. Any P-III system with 256 megs of RAM and a 4 or larger gig drive will get you up and running for the transition period. Win2k3's 'real-world' hardware requirements (except hard drive space) seem to be a bit more modest than Win2k's, a fact that stunned me but has proven itself in production use. Remember, this is only to get a Win2k3 AD environment up and running without losing several years worth of security permissions. By pulling the old PDC from the network during the transition, it provides for a no-brainer fall-back if any issues with authentication are encountered. Once the new box is up and running and hosting the FSMO roles, the bubble box will be taken down. SBS is a great product for its target market -- just not a good idea in this situation. For a couple of grand all-in, it delivers high-end functionality to the budding entrepreneur. With the stability and remote manageability of the underlying OS it's a Swiss Army Knife that delivers for the small business.

Tue, Aug 31, 2004 Digital-Plumber Pittsburgh, PA

You missed a big point... if they're thinking about a Dell (or anyone else's) server, then they will likely order Server 2003 along with it. BUT!! it will be the OEM version of Server 2003 which does NOT support upgrading of NT4 PDC's!! Only the retail or volume licensing versions of Server 2003 support upgrades. I've installed NT4 on a brand new Dell Poweredge 2600 just a few months ago... if you want an 8 Gig system partition you need the Dell Openmanage Server Assistant disk version 7.2.2 which is still available if you know who to ask. But if a 4 gig partition is acceptable, you don't need the DOSA disk at all. I agree with avoiding SBS. That product was made by the "giant pocket knife inventer" and it's time has passed. Finally, while I like the "bubble server" idea, I don't think a 4 year old box is worth wiping and re-using unless it's a hell of a box for it's time. Remember, 4 computer years is 80 people years.

Tue, Aug 31, 2004 Gene Buettner Joplin, MO

John's idea with the bubble server is an excellent one. You probably won't be able to install NT Serer on the new Dell box; they don't support it and haven't for some time. If you go with an HP Proliant box, you will be able to install NT as a BDC, promote it and upgrade to Win2k3; HP still supports NT. I have to disagree with the idea on SBS in this situation, though. By doing an upgrade install to Win2k3 you will preserve all of your ACLs; a clean install of SBS will break all of those. Having made that mistake in the past, take it from the guy with the T-Shirt -- you don't want one! Get with the CU's auditors on the e-mail issue. You probably want to host it internally on Exchange and load certificates to provide for encryption to protect customer data. That can be a bit of a pig, but you won't have to hassle with protecting privacy through an outside source. Alternatively, you could go with an external source that meets HPPA standards. It may be pricey, but you won't have to worry about privacy issues.

Tue, Aug 31, 2004 Anonymous Anonymous

I see this a perfect case to go with Small Business Server 2003 for File, Print and Exchange services. The hardest thing I see with that woudl be getting email migrated to from Microsoft Mail to Exchange 2003. Moving or re-creating 25 users on a Server shouldn't be that hard. This also provides a fresh start so to speak and he can still use his member servers. His choices all depend on his budget.

Tue, Aug 31, 2004 John Anonymous

I would recommend a bubble server. A desktop computer that will load NT fairly easily so that you don't have to worry about NT4.0 drivers. Install NT4.0 as a BDC and promote to PDC. Unplug the BDC from the network while you are performing the upgrade so that you can go back to NT domain easily. Upgrading the PDC on a desktop to Windows 2003 will be very easy. Then you can have a clean install of Windows 2003 on the new server. You can dcpromo and transfer the FSMO roles. Finally you can dcpromo down the buble server and remove from your environment. I find that the bubble server helps save you time installing NT and upgrading is safer. The extra few steps ultimately help you to have a cleanly installed Windows 2003 environment.

Tue, Aug 31, 2004 Anonymous Anonymous

I also recommend keeping the e-mail in-house, but if you do opt to farm it out, review the contract very, very carefully. You need to check that at all times the mail belongs to you. In the case of a dispute over service or whatever you don't want them holding your e-mail hostage.

Tue, Aug 31, 2004 Anonymous Anonymous

While this article describes a classic approach to the move, I'd consider the value of the data with respect to the cost of new hardware. Consider both the age of existing equipment and the total cost if there is a problem in the transistion. Then, with the right justification, go to management, tell them that you need a new server. Follow the same steps, but don't wipe the old NT system until long after the new Windows 2003 Server system is proven. The best backup is a second live but off-line server.

Tue, Aug 31, 2004 Anonymous Anonymous

The regulators may have a problem with you outsourcing your e-mail, some will, some won't it all depends on who does your audits. you may want to get some guidance from whoever will do the audits. That is from personal experience, my personal recomendation would be for you to host your own e-mail, however you need to make sure you have appropriate security measures in place if you do this. Another consideration is what are you using as your desktop OS? 9x, 2k, XP????

Add Your Comment Now:

Your Name:(optional)
Your Email:(optional)
Your Location:(optional)
Comment:
Please type the letters/numbers you see above

Redmond Tech Watch

Sign up for our newsletter.

I agree to this site's Privacy Policy.