Out with the Old, In With the New

With NT support ending soon, credit union administrator doesn't want to be left supporting orphanware and ponders an upgrade to Windows Server 2003.

• By Bill Boswell
• 08/31/2004

Question: I'm the sole administrator for a credit union with 25 users. Our main application runs on an HP/UX, but our day-to-day operations run inside a Windows NT domain. I have a four-year-old PDC running file and print services and Microsoft Mail, a six-year-old BDC that's also a print server, a member server running a home banking application, and a member server running a voice response system for our PBX.

I know NT is coming to end of life/support in January and have received a quote from our Dell rep for a new server to replace our PDC. I'm looking at putting Windows Server 2003 Standard Edition on the new box, the two domain controllers and our home banking server. The vendor for the home banking application says he supports an upgrade from NT to Windows Server 2003.

We're also thinking about outsourcing e-mail to the hosting company that does our Web site.

What are your thoughts? Anything we should watch out for?
— Arnold

Get Help from Bill Got a Windows or Exchange question or need troubleshooting help? Or maybe you want a better explanation than provided in the manuals? Describe your dilemma in an e-mail to Bill at mailto:[email protected]; the best questions get answered in this column. When you send your questions, please include your full first and last name, location, certifications (if any) with your message. (If you prefer to remain anonymous, specify this in your message but submit the requested information for verification purposes.)

Answer: My first concern is for the mission-critical application running on the HP/UX server. I'd want to make absolutely sure that it doesn't rely on an authentication feature in NT that might not be supported in the new security environment under Windows Server 2003. Get some feedback from the vendor on this.

Also, make sure you don't have any other services running under Unix that might use Windows for authentication. For example, make sure that you don't have any Samba connections between users and the server or between the server and the support folks for the application. You can run Samba in a Windows Server 2003 environment, but you might have to upgrade the version.

Okay, assuming that you don't need to make any adjustments to the main line-of-business application, my next concern is the home banking application that's currently running on an NT server. I like that your vendor expresses support for an upgrade, but it's been my experience that "support" sometimes gets a little strained if something unexpected goes wrong. If it were me, I'd take a complete image of the server before I did the upgrade just to make absolutely sure that I had a fast fallback in case something came up that tested their "support" policy.

You might also consider installing a new server running the application, or image the old server, wipe the drives, do a fresh install of Windows Server 2003, install the application, then restore any data or make any necessary connections to the back-end data.

The same goes for your voice response system. Sometimes vendors in the phone industry aren't quick to support new platforms. New, in their viewpoint, being anything created following the breakup of Ma Bell.

Now for your e-mail. Before you outsource e-mail to a hosting service, make absolutely sure that you don't have any government regulatory requirements that restrict the handling of e-mail by third parties. I'm not sure about the rules for banks and credit unions. If a reader who knows the rules can write in, I'd be glad to include that information in a later column.

Assuming that you have a regulatory constraint on outsourcing your e-mail, you can either install an Exchange 2003 server or some other post office application. Consider saving all current mail in .PST files and starting fresh with new inboxes in Exchange 2003. Be sure you have a back-up solution that can handle Exchange. Exchange Server 2003's Intelligent Message Filter (IMF) does a pretty good job of spam prevention, but you might want to evaluate other products.

Now for the domain upgrade. Like any NT-to-Active Directory migration, the most important item is DNS. Select a DNS name that works for you, then register the name unless it uses a ".local" or ".pri" root.

I like the idea of getting a new server to act as the first Windows Server 2003 domain controller, but since the existing PDC is fairly new, and if you have a support contract for it, there's no reason why you couldn't use it in production after the migration. The sequence of events is as follows:

1. Install NT SP6a with all patches on the new server and configure it to be a BDC.
2. Promote the new server to be the PDC then upgrade it to Windows Server 2003.
3. Install an Exchange 2003 server (or whatever e-mail application you choose) on a separate server or on the newly promoted domain controller.
4. Get your e-mail configuration stabilized then remove Microsoft Mail from the old PDC (which is now a BDC).
5. Move all the data off the old PDC to the new server. (Or make a backup that you can restore later on, but make absolutely sure you can do a full restore.)
6. Wipe the hard drive on the old PDC and do a fresh install of Windows Server 2003.
7. Promote the newly reinstalled server to be a domain controller. This gives you two domain controllers in your domain for redundancy.
8. Move the printer queues from the old BDC to either of the new Windows Server 2003 servers.
9. Retire the old BDC simply by removing it from the wire.
10. Shift the domain and the forest from Interim functional level to Windows Server 2003 functional level.

Now migrate or upgrade your application servers and then take an afternoon off. You'll deserve it.

Have fun!