When to deploy Windows XP Professional
You can deploy Windows XP Professional desktops in a Windows NT 4 domain whenever you like. When used in an NT 4 domain, Windows XP Professional emulates the behavior of a Windows NT 4 Workstation, so domain controllers will see these systems as ordinary workstations.
You can also upgrade your member servers to run Windows Server 2003 whenever you like. As with desktop systems, these machines will emulate the behavior of Windows NT 4 when running in an NT 4 domain.
Before you upgrade any of your NT domain controllers to Windows Server 2003, you should have a plan in place that includes details concerning the type of deployment you are planning. Contact the Active Directory Support Team using the Contact Us web form to request advice and assistance prior to upgrading.
Preparing for migration from Windows NT to Windows Server 2003
System administrators can prepare for migration from Windows NT to Windows Server 2003 by first becoming familiar with Windows Server 2003, especially Active Directory and the other new technologies in Windows Server 2003. A good place to start is the CITES course on Active Directory available through CITES Training. Also, see Microsoft's Domain Server Consolidation and Migration Windows NT 4 to Windows Server 2003 .
You also need to decide whether your domain should become its own Windows 2000 Server or Windows Server 2003 domain or instead become an organizational unit (OU) in the UIUC Active Directory. Some guidelines on how to make this decision follow.
Finally, if your domain currently has domain accounts that are not mapped into the equivalent centralized UIUCnet NetIDs, you must determine how you will do this mapping.
Creating your own AD vs. migrating into an OU in the UIUC AD
CITES manages an Active Directory named ad.uiuc.edu. When your Windows NT 4 domain is upgraded to Windows Server 2003 you have a choice:
- migrate your existing domain into an OU in ad.uiuc.edu
- maintain your environment as a separate subdomain.
In general, most campus NT 4 domains have migrated into OUs in ad.uiuc.edu. By doing so, administrators no longer need to maintain their own domain controllers. Active Directory enables delegated administrative authority at the OU level. If you choose to migrate your domain to an OU in the Active Directory, you retain control over your environment. Domain administrators become OU Administrators within ad.uiuc.edu.
Even if you have a large NT domain already, you should still consider joining the UIUC Active Directory as an OU. Here's why:
- Fewer domains on campus mean that users will find it much easier to use computing resources.
- Security is much simpler to implement in a single domain environment. Troubleshooting file and directory access permissions can become a nightmare in a multi-domain environment.
Designing the Structure of Your OU
Departments joining the UIUC Active Directory will establish their OU name with CITES. Full control of the departmental OU is granted to a local security group. Additionally, a Group Policy Object (GPO) can be created and linked to the OU. A single administrator account is added to the OU security group.
OU structure could be organized geographically, politically, or by classification. Design of the OU structure is entirely up to each department. See Microsoft's Reviewing OU Design Concepts. We recommend organizing your OU as dictated by delegation needs of your IT resources.
Group Policy and Security settings can be implemented at the OU level as the administrator sees fit. See Microsoft's Technology Center on Group Policy.
For technical details about AD implementation, see the
Administrator Support pages.