Kentucky Schools Upgrade Finished

Completed: Kentucky Education migrates, streamlines NT 4.0 systems to Windows Server 2003.

The folks responsible for the huge migration, reported in our November 2003 cover story, "Major Migration," kept waiting for the other shoe to drop. Well, the migration's finished, and the footware is still attached.

This upgrade took the Kentucky public school system from a Windows NT 4.0 mishmash to a pristine Windows Server 2003 network.

According to Tim Cornett, Active Directory architect for the Kentucky Office of Education Technology (OET), the move of approximately 160,000 computer accounts and 700,000 users, along with a 10-to-1 consolidation of servers, was finished Jan. 23, when the Warren County school district was upgraded. And what were the big problems faced during the dog days of the migration? What obstacles had to be surmounted? What thorny issues vexed the AD team responsible for the move? "I really don't remember anything that just jumps out at me," says Cornett.

The network now consists of 371 tightly controlled, highly secure domain controllers instead of 4,000 NT boxes scattered here and there, and vulnerable to the ravages of Internet viruses and worms, such as the Mydoom scourge. "We didn't get slammed" by Mydoom, Cornett says. "We have anti-virus software on each box that updates daily. No [domain controllers] were affected."

Not only is the network more bad-guy-proof, but the previous management nightmare has become a dream, thanks to Microsoft Operations Manager (MOM), the OET's primary management tool.

"MOM is working very, very well for us, between MOM and Dell Open Manage [the management product for their PowerEdge 2600 servers], and the interaction between the two. There's a new management pack for MOM that allows Dell critical alerts to show up on the monitoring," Cornett says.

But just because there were no suicide-inducing foul-ups doesn't mean that everything worked perfectly. In particular, a problem kept cropping up with Server Message Blocks (SMB). If you have Windows 95, 98 or Macintosh, you have to disable SMB signing," explained Cornett. "Users can't log on if it's turned on and can't log in to the new operating system. That's one of our migration steps, and probably 12 or 13 times that one step wasn't done or done correctly."

Cornett isn't too harsh in his assessment of the technicians who had responsibility for setting up the domain controllers in the field, though. "It's very easy to miss, because [disabling SMB signing] has to be done on the default domain controller policy. [The field technicians] would change it on the default domain policy instead of the default domain controller policy."

The primary guide for migrating servers was an in-house-developed series of steps they call The Doc. The Doc was developed over many months of planning and testing, and continued to evolve through mid-July, when the last modifications were made.

Reflecting upon his experience, Cornett pointed to the most important lessons he'd learned. "The No. 1 thing I've learned is to plan well. Bring in folks that know what they're doing. Develop a best-case scenario. Modify [your plan] only as absolutely necessary."

Another key to the smoothness of the upgrade, according to Cornett, was the standardization of servers. "We couldn't do this if we didn't know exactly how every one of these was set up."

Next up for the Kentucky OET? Another upgrade; this time from Exchange 5.5 to Exchange 2003. One gets the feeling that they're up to the task.

About the Author

Keith Ward is the editor in chief of Virtualization & Cloud Review. Follow him on Twitter @VirtReviewKeith.


comments powered by Disqus

Subscribe on YouTube