Kentucky Schools Upgrade Finished
Completed: Kentucky Education migrates, streamlines NT 4.0 systems to Windows Server 2003.
The folks responsible for the huge migration, reported in our November
2003 cover story, "Major
," kept waiting for the other shoe to drop. Well, the
migration's finished, and the footware is still attached.
This upgrade took the Kentucky public school system from a Windows NT
4.0 mishmash to a pristine Windows Server 2003 network.
According to Tim Cornett, Active Directory architect for the Kentucky
Office of Education Technology (OET), the move of approximately 160,000
computer accounts and 700,000 users, along with a 10-to-1 consolidation
of servers, was finished Jan. 23, when the Warren County school district
was upgraded. And what were the big problems faced during the dog days
of the migration? What obstacles had to be surmounted? What thorny issues
vexed the AD team responsible for the move? "I really don't remember
anything that just jumps out at me," says Cornett.
The network now consists of 371 tightly controlled, highly secure domain
controllers instead of 4,000 NT boxes scattered here and there, and vulnerable
to the ravages of Internet viruses and worms, such as the Mydoom scourge.
"We didn't get slammed" by Mydoom, Cornett says. "We have
anti-virus software on each box that updates daily. No [domain controllers]
Not only is the network more bad-guy-proof, but the previous management
nightmare has become a dream, thanks to Microsoft Operations Manager (MOM),
the OET's primary management tool.
"MOM is working very, very well for us, between MOM and Dell Open
Manage [the management product for their PowerEdge 2600 servers], and
the interaction between the two. There's a new management pack for MOM
that allows Dell critical alerts to show up on the monitoring," Cornett
But just because there were no suicide-inducing foul-ups doesn't mean
that everything worked perfectly. In particular, a problem kept cropping
up with Server Message Blocks (SMB). If you have Windows 95, 98 or Macintosh,
you have to disable SMB signing," explained Cornett. "Users
can't log on if it's turned on and can't log in to the new operating system.
That's one of our migration steps, and probably 12 or 13 times that one
step wasn't done or done correctly."
Cornett isn't too harsh in his assessment of the technicians who had
responsibility for setting up the domain controllers in the field, though.
"It's very easy to miss, because [disabling SMB signing] has to be
done on the default domain controller policy. [The field technicians]
would change it on the default domain policy instead of the default domain
The primary guide for migrating servers was an in-house-developed series
of steps they call The Doc. The Doc was developed over many months of
planning and testing, and continued to evolve through mid-July, when the
last modifications were made.
Reflecting upon his experience, Cornett pointed to the most important
lessons he'd learned. "The No. 1 thing I've learned is to plan well.
Bring in folks that know what they're doing. Develop a best-case scenario.
Modify [your plan] only as absolutely necessary."
Another key to the smoothness of the upgrade, according to Cornett, was
the standardization of servers. "We couldn't do this if we didn't
know exactly how every one of these was set up."
Next up for the Kentucky OET? Another upgrade; this time from Exchange
5.5 to Exchange 2003. One gets the feeling that they're up to the task.
Keith Ward is the editor in chief of Virtualization Review.