NT Domains to Active Directory - Time to Upgrade? - Page 4

 By Hallett German
Page 4 of 4   |  Back to Page 1
Print Article


To ensure a painless Active Directory upgrade, there are a few tips to keep in mind:

  • Have at least one domain controller at each site, preferably two.

  • Keep your DNS and Active Directory in sync.

  • Have a change control policy in place for forest changes.

  • Limit the number of people who can make administrative changes to Active Directory.

In addition, learn about the great Active Directory utilities from Microsoft that are designed to make your life easier:

  • NDSUTIL - Performs various Active Directory Database tasks, among other things.

  • SYSKEY - Offers additional encryption of password information.

  • LDIFDFE - Imports LDIF format records [LDAP] into Active Directory.

  • ADMT - Migrates user, group, and computer information. A new version was released for Windows Server 2003.

  • REdirUSR and REdirCOMP - This Windows Server 2003-only utility allows users and computers to be placed in specific organization units.

Future Concerns

While upgrading to Active Directory is definitely a good idea in the short term, there clearly are some shifts in the technology coming up that you should keep in mind for the future. Some technology and standards changes may well make the standalone directory obsolete. Long-term questions to consider include:

  • Will all directories be incorporated directly into the Network Operating System, as is the case with Novell's NDS offering, which could enable the integration of the many identity management technologies into a seamless whole?

  • What role will standalone directories play in network provisioning, system configuration, and asset/network management in the future? Will they become pivotal or irrelevant as this functionality is incorporated into larger, more robust integrated systems?

  • Will the dream of virtual and federated directories finally become a reality and make standalone directories obsolete?

  • Will Active Directory in Application Mode become popular even for those who have no desire for a full-blown Microsoft Active Directory infrastructure?

Additional Resources

Third party offerings, especially in the migration and administration areas

A summary of the NT Support retirement plan

Windows Server 2003 resources, including Active Directory and AD/AM

Beth Cohen is president of Luth Computer Specialists, Inc., a consulting practice specializing in IT infrastructure for smaller companies. She has been in the trenches supporting company IT infrastructure for over 20 years in a number of different fields including architecture, construction, engineering, software, telecommunications, and research. She is currently writing a book about IT for the small enterprise and pursuing an Information Age MBA from Bentley College.

Hallett German is an IT consultant who is experienced in implementing stable IT infrastructures with an emphasis on electronic messaging and directories. He is the founder of the Northeast SAS Users Group and former President of the REXX Language Association. He is the author of three books on scripting languages. He is currently seeking challenging opportunities that will expand his directory, networking, and security skills.

» See All Articles by Columnists Beth Cohen and Hallett German

This article was originally published on Jun 23, 2003
Get the Latest Scoop with Networking Update Newsletter