Installation and Upgrade Issues
Unless your company is buying its first Windows server, you are going to have to decide between
upgrading and performing a clean install. Each method has advantages and disadvantages:
■
Upgrading preserves many of your existing settings, such as users and groups, permissions
and rights, and applications.
■
Performing a clean installation can improve the performance of your hard drive, as it will be
reformatted during installation.This also gives you a chance to change the partition and
volume sizes used on your drives. Clean installs ensure that you don’t carry over any existing
problems that you might have with your current OS. Some administrators (the authors of
this book included) prefer clean installs because they have seen many problems related to OS
upgrades in the past.There is something comforting about starting from scratch.
Common Installation Issues
The biggest problems with installing a new OS are hardware and software incompatibilities. It is
important to adhere to the recommended hardware specifications for Windows Server 2003. At a
minimum, you need the following hardware configuration:
■
133 MHz processor
■
128MB of RAM
■
1.5GB hard drive
Remember that these are the bare minimums on which Windows Server 2003 will run.
Obviously, on such old hardware, performance will suffer. Microsoft recommends at least a 550
MHz processor and 256MB of RAM.The more RAM the better.
You should always verify hardware compatibility before you start your installation.There is a
system compatibility check you can run from the Windows Server 2003 CD that will check out
your hardware for you automatically via the System Compatibility wizard. Even if all of your hard-
ware is supported, you should always update your machine’s BIOS to the most recent version.
Common Upgrade Issues

As stated earlier, you should always verify hardware compatibility and BIOS versions.You should
always back up your existing system before you start your upgrade. If you have applications on your
server, you should read the release notes on application compatibility.These are found in the docs
folder on the setup CD (relnotes.htm).
When upgrading servers from NT 4.0 to Windows Server 2003, you must have Service Pack 5 or
higher installed.You can perform upgrades from all server versions of NT 4.0 (Server, Enterprise
Edition, and Terminal Server Edition). Upgrading Windows 2000 machines to Windows Server 2003
doesn’t require any service packs to be installed first. Windows 2000 Server can be upgraded to
Windows Server 2003 Standard Edition or Enterprise Edition. However, Windows 2000 Advanced
Server can only be upgraded to Windows Server 2003 Enterprise Edition, and Windows 2000
16 Chapter 1 • Overview of Windows Server 2003
301_BD_Win2k3_01.qxd 5/12/04 10:53 AM Page 16
Datacenter Server can only be upgraded to Windows Server 2003 Datacenter Edition.You must have
at least 2GB of free hard drive space for all upgrades.
When upgrading Windows NT 4.0 domains to Windows Server 2003 domains, you must first
make sure that DNS is installed and properly configured.You don’t have to use a Microsoft DNS
server, but your implementation of DNS must support service (SRV) records. Optionally, you might
want it to support dynamic updates as well. If DNS does not support dynamic updates, you will
have to manually create all of the needed SRV records. Before starting the upgrade, you should take
one of your BDCs offline.This will allow you to roll back to your existing NT 4.0 environment if
you should have problems with the upgrade.Always start your upgrades with the PDC, followed by
the BDCs. After upgrading the PDC, you should set your forest functional level to Windows 2003
interim mode.
When upgrading Windows 2000 domains, you must first prepare the forest and the domain for
Windows Server 2003 by using the ADPrep tool.You can prepare the forest by running adprep.exe
/forestprep on the Schema Master, and you can prepare the domain by running adprep.exe /domainprep
on the Infrastructure Master.ADPrep can only be run from the command line; there isn’t an equiva-
lent graphical tool. Unlike when you upgrade from NT 4.0 domains, you do not have to upgrade
the PDC (technically the PDC Emulator) first.You can install a new Window 2003 domain con-
troller into an existing Windows 2000 domain. When upgrading your domain controllers, you need

to budget a little growing room for the Active Directory database.The database file (ntds.dit) might
grow by up to 10 percent.
Windows Server 2003
Planning Tools and Documentation
Planning is the first step in building a reliable, secure, high-performance and highly available
Windows Server 2003-based network. In this section, we’ll begin with an overview of network
infrastructure planning, introducing you to planning strategies and how to use planning tools.
This section also looks at legal and regulatory considerations, how to calculate total cost of
ownership (TCO), and how to plan for future growth. We discuss how to develop a test network
environment and how to document the planning and network design process.
Overview of Network Infrastructure Planning
Proper planning of a network infrastructure is essential to ensuring high performance, availability,
and overall satisfaction with your network operations. In order to create a viable network design,
you’ll need an understanding of both the business requirements of your organization and current
and emerging networking technologies. Accurate network planning will allow your organization to
maximize the efficiency of its computer operations, lower costs, and enhance your overall business
processes.
When planning for a new infrastructure or upgrading an existing network, you should take
some or all of the following steps:
■
Document the business requirements of your client or organization.
Overview of Windows Server 2003 • Chapter 1 17
301_BD_Win2k3_01.qxd 5/12/04 10:53 AM Page 17
■
Create a baseline of the performance of any existing hardware and network utilization.
■
Determine the necessary capacity for the physical network installation, including client and
server hardware, as well as allocating network and Internet bandwidth for network services
and applications.
■

Select an appropriate network protocol and create an addressing scheme that will provide
for the existing size of the network and will allocate room for any foreseeable expansions,
mergers, or acquisitions.
■
Specify and implement the technologies that will meet the existing needs of your network
while allowing room for future growth.
■
Plan to upgrade and/or migrate any existing technologies, including server operating sys-
tems and routing protocols.
Planning Strategies
When designing a new network or significantly upgrading an existing one, you should first use the
business requirements of your organization as the primary source of planning information.You’ll need
to create a network infrastructure that addresses the needs of your management structure, such as fault
tolerance, security, scalability, performance, and cost.You’ll need to balance these requirements with the
types of services that your users and clients will expect from a modern network, including e-mail, cal-
endaring, project collaboration, Internet access, file, print, and application services.
After you’ve determined the business requirements of your network, you should then analyze
the technical requirements of your organization.These requirements may apply to any applications
that are already in use or that you plan to implement, as well as to the associated hardware and
operating system.You should carefully note all of these requirements so that you won’t create any
difficulties later on during the implementation process. Be sure to analyze and document the
existing network, including any hardware, software, and network services that are already in place.
This will make it easier to take the existing configuration into account when planning the new or
upgraded network.
Finally, any well-formed network plan should make allowances for future changes to the organiza-
tion, including support for new technologies and operating systems, as well as additional hardware and
users.Your organization’s business requirements can change—through a merger, an acquisition, or
simple growth and expansion. Although it is impossible to foresee all possible changes of this nature, a
good network design will be flexible enough to accommodate as many adjustments as possible.
Using Planning Tools

There are a number of tools available to assist you in developing a plan for your network infrastruc-
ture.The first and best of these, however, might be the simplest: pencil and paper. As we discussed in
the previous section, you should begin your planning by determining the requirements of the busi-
ness that will be using the network.
After you have a high-level understanding of your company’s organizational structure and com-
puting needs, you should inventory the hardware and software that is already in place.This is especially
important to ensure existing hardware and software are supported in Windows Server 2003. In a small
18 Chapter 1 • Overview of Windows Server 2003
301_BD_Win2k3_01.qxd 5/12/04 10:53 AM Page 18
office environment, you can accomplish this by simply taking a walk to determine the physical layout
of network cables, routers, and the like. In a medium- to large-sized enterprise network, you will prob-
ably want to rely on automated inventory tools such as Microsoft’s Systems Management Server (SMS)
or a third-party equivalent.Take as detailed of an inventory as possible, including the hardware config-
uration of server and workstation machines, as well as vendor names and the version numbers of the
operating system and business applications the systems are running.
You can use a network analyzer, such as the Network Monitor utility built into the Windows
Server 2003 operating system or the more full-featured version of Network Monitor included in
SMS, to create a baseline of the current utilization of your network bandwidth. If this utilization is
already near capacity, you can use this baseline to justify and plan upgrades to your network infras-
tructure (moving from 10MB Ethernet to 100MB Ethernet, for example).
Windows Server 2003 has introduced new management features that will assist you in planning
your network configuration, especially in the areas of user and computer management.The
Resultant Set of Policy (RSoP) Microsoft Management Console (MMC) snap-in contains a Group
Policy modeling function that will allow you to simulate changes to Group Policy Objects (GPOs)
in an Active Directory (AD) environment before actually applying them to a production network.
For example, if you want to apply a new GPO to a departmental Organizational Unit (OU), the
modeling report will indicate how the new GPO will affect the objects within the OU to which it’s
being applied.The Group Policy Management Console (GPMC) can also provide detailed configu-
ration reports on existing GPO settings in place on a Windows 2000 or Windows Server 2003 AD
installation.

Reviewing Legal and Regulatory Considerations
Depending on the business in which you are involved, your network design plan should address the
legal issues associated with your industry, geographic location, and so on. Backup schedules and off-
site data availability have become federally regulated matters, especially in the financial arena.
Consult your Legal department during the design process, because like everything else in this ven-
ture, it’s certainly best to get it right the first time.
Don’t forget to include your client workstations when making allowances for legal and regula-
tory matters. For example, if your corporate data-retention policy calls for maintaining e-mail data
for twelve months, but some users have copies of every item they’ve sent or received in the last five
years, that fact could come back to haunt you in a legal proceeding.
Some fields of business are subject to very detailed governmental regulations regarding data
security. For example, healthcare providers now fall under strict laws regarding electronic patient
information since the Health Insurance Portability and Accountability Act (HIPAA) went into effect
in 2003. Regardless of your field, if you work on government projects, your network might be
required to meet specified security criteria.
Network communications can also subject your company to legal liability when employees misuse
the network. For example, pornographic material on the company network can subject the company
to charges of the “hostile workplace” definition of sexual harassment under Title VII of the federal
Civil Rights Act of 1964 and various state laws.You should also consider intellectual property (copy-
right, trademark, and patent) laws in establishing your network policies.
Overview of Windows Server 2003 • Chapter 1 19
301_BD_Win2k3_01.qxd 5/12/04 10:53 AM Page 19
Common factors that also need to be reviewed for legal compliance are any Service Level
Agreements (SLAs) in place on your network.An SLA attempts to define the scope of a service
provider’s responsibilities in maintaining applications or services on a network.This provider can be
an external vendor to whom you’ve outsourced a critical service (your ISP, for example), or the SLA
can be an internal document detailing the IT department’s duties in maintaining network avail-
ability.The following are the major components of an external SLA, using an ISP as a real-world
example:
■

Scope of services This spells out exactly which service or application that an SLA is
referring to and the level of responsibility that the internal IT department will have in
maintaining this service versus the external vendor.This includes outlining the hardware,
software, and resources that comprise the particular service, such as the modems, network
connectivity equipment, ISP help desk, and engineering personnel in the case of an ISP.
■
Roles and responsibilities Your ISP should establish a coverage schedule so that at least
one primary and one backup support avenue is available to report any service outages.
You’ll also need to establish a system to escalate support calls if the scheduled support
person is unavailable or cannot correct the problem.You can use this information to
inform your users of the turnaround time they can anticipate in responding to and
resolving any problems.
These are only a few of the legal considerations that are important in a corporate network envi-
ronment.You should always include a legal advisor as a member of your network planning team.
Calculating TCO
“These upgrade proposals look interesting, but how will they impact our company’s TCO?”Total
Cost of Ownership (TCO) is a calculation that was designed to assist consumers and corporate
managers in assessing the direct and indirect costs and benefits associated with the implementation
of new or upgraded computer technology.The purpose of TCO is to quantify the financial bottom
line associated with a computer or technology purchase decision.
TCO calculations do not rely on a single formula. For example, a high-end computer will have
a higher initial purchase price, but will probably incur fewer repair bills during its active life cycle.
TCO is balanced against the benefits created by the technology purchase, such as improved user
efficiency or perceived happiness with improved performance, in attempting to make a final pur-
chase decision.
The first part of calculating TCO is relatively simple: What is the initial purchase price of the
new technology? Include the cost of hardware, software licensing, networking equipment, installa-
tion charges, and so on. Don’t forget to factor in the necessary time to train your end users and IT
staff in the use and administration of the new technology. Next, determine the ongoing costs for
maintenance and support.These costs can include charges for vendor support, as well as in-house

labor expended on interoperability issues with third-party and legacy software support.Try to esti-
mate the total costs for the full anticipated life cycle of the proposed technology.
Determining the soft costs associated with a new technology is a bit more complicated. How
much money will your company save by reducing the number of times your users are forced to
20 Chapter 1 • Overview of Windows Server 2003
301_BD_Win2k3_01.qxd 5/12/04 10:53 AM Page 20
reboot their computers each day? Conversely, how much money is lost when an account manager
cannot access the order-entry application for 20 minutes, for an hour, and for a day? These costs are
fairly difficult to quantify, but they can be critical when determining the total benefits afforded by a
network upgrade.You can start investigating soft costs by talking to your users and reviewing TCO
models from network analysts.
Your users can certainly tell you how much it aggravates them when their e-mail or order
database is “running too slowly,” even if they can’t tell you what “too slowly” means in terms of
actual response time.This can also point out performance bottlenecks that you may not have known
about before. For example, a real estate lending office for a well-known bank shared a T1 line with
the bank branch in the lobby of the office building.The real estate lenders encountered severe net-
work performance degradation every day at around 4:30
P.M. Further investigation revealed that this
time frame coincided with the bank tellers transmitting their daily totals to the bank’s main head-
quarters when the branch closed each day.
Preconfigured TCO models from organizations like the Gartner Group, IDC, or other indepen-
dent network analysts can walk you step-by-step through plugging in various budget figures to
arrive at the TCO of a specific technology, hardware, or software package. However, remember that
these models are not set in stone, and they should be modified as needed to meet the specific needs
of your organization.These models will rely more on actual calculations, such as dividing a help
desk analyst’s salary by the number of support calls he or she is able to process in a day, or deter-
mining the “cost per e-mail message” of an e-mail server upgrade that increases the number of mes-
sages it can transmit in a day, week, or hour.You can then take these numbers and factor in the soft
costs already mentioned. Using a combination of calculations and judgment calls will typically lead
you to the most accurate assessment of TCO within your organization.

Developing a Windows Server
2003 Test Network Environment
When implementing a new network or computer solution, you should perform a thorough battery
of testing before deploying it into production. Although not specific to Windows Server 2003, you
should follow a systematic approach to designing a new or upgraded network.This typically
includes developing a test environment in which you can test compatibility, usability, connectivity,
security settings and more.
You’ll begin the test process in an isolated lab where new technologies will have no chance
of adversely affecting the existing computing environment. After you are satisfied with the new
technology’s performance in the test lab, you can expand testing into a pilot deployment involving a
few actual users, analyzing their input and reactions to make any necessary adjustments to your
design. Only after you are satisfied with the pilot deployment should you perform a full-scale
deployment in your production environment.
Depending on the total number of users you have, you might want to split your full-scale
deployment schedule into stages. After each stage, you can verify that your system is accommodating
the increased processing load from the additional users as expected, before you begin deploying the
next group of users.
Overview of Windows Server 2003 • Chapter 1 21
301_BD_Win2k3_01.qxd 5/12/04 10:53 AM Page 21
The success of any network deployment depends heavily on your ability to develop an effective
test environment.This test lab can consist of a single lab or several labs, each of which can test various
pieces of the overall design without risking the integrity of your production environment. Working in
the test lab will allow you to verify the effectiveness of your design, discover any potential deployment
problems, and increase your staff ’s familiarity with the new technology before it “goes live.” In short, a
well-developed test environment will reduce the risk of errors during the deployment of a new tech-
nology, thus minimizing any potential downtime for your clients and users.
Planning the Test Network
Before you begin testing your Windows Server 2003 network design, you need to plan the test net-
work itself.The first step is to determine the hardware resources required to set up the lab.This
involves identifying the standard configurations of your existing or new client computers. (If you

support diverse workstations, do your best to include a representative workstation from each sup-
ported configuration.) Be sure to include all components and peripherals, including the following:
■
BIOS versions
■
USB adapters
■
CD and DVD drives
■
Sound cards
■
Video cards
■
Network adapters
■
Smart card readers
■
Removable storage devices, such as Zip drives or external hard drives
■
Small Computer System Interface (SCSI) adapters
■
Removable storage devices
■
Mouse or trackball devices
■
Keyboards
Although using separate hardware devices for your test lab is the ideal, many small and medium-
sized businesses simply cannot afford to buy dozens of computers for the test lab. Using a third-party
product such as VMware (www.vmware.com) will allow you to simulate a multiple server/domain
environment, as well as multiple desktop operations systems, fairly closely without the expense of mul-

tiple individual machines. VMware can run multiple operating systems—such as Microsoft Windows,
Linux, and Novell NetWare—simultaneously on a single PC, including all networking and connec-
tivity that you would need to perform your testing.
In addition to purchasing hardware or virtual PC environments for the test lab, you need to secure
appropriate licensing for all necessary software, including operating systems, service packs, management
utilities, and business applications. Make sure that you can obtain or duplicate the following configura-
tion and information when creating a test lab for Windows Server 2003:
22 Chapter 1 • Overview of Windows Server 2003
301_BD_Win2k3_01.qxd 5/12/04 10:53 AM Page 22
■
Network services Install the same services on a test server that will be used in the actual
deployment.This can include Domain Name System (DNS), Dynamic Host Configuration
Protocol (DHCP), Windows Internet Name Service (WINS), or any other Windows ser-
vice.
■
User accounts Create a domain controller in your test environment to effectively simu-
late any upgrade procedures.
■
Domain structure Simulate the domain hierarchy of your proposed environment,
including forests, trees, parent and child domains, and all necessary trust relationships.
Configure sites as necessary to simulate any WAN testing considerations.
■
Network protocols and topology Re-create the network technologies that will be
used in your production environment as completely as possible. For example, if your pro-
duction environment will be using 100MB cabling, using Gigabit Ethernet will provide
erroneous results when doing performance testing.You should also include routers to test
for performance latency as well as replication across WAN links.
■
Domain authentication Use the appropriate authentication to mimic the desired pro-
duction environment, including mixed mode versus native mode, and NTLM versus

Kerberos client authentication. Selecting the appropriate authentication model will allow
you to compare apples to apples during testing and avoid any unexpected behavior later.
Remember that Windows NT 4 workstations or servers cannot use Kerberos authentica-
tion.You will need to rely on either NTLM authentication or its stronger successor,
NTLM version 2.
■
Group Policy Object (GPO) settings Create GPOs with the settings that you wish to
deploy in your production environment.You can use the GPMC (discussed earlier) to test
the potential behavior of any policy objects on user and group objects.
Although you usually want your test lab to mimic your production environment as closely as
possible, there are exceptions to every rule. Some tests that you might wish to perform will affect an
entire domain or forest, rather than a single machine. If you are testing this type of functionality, you
might wish to create a separate domain within the test lab so that the remainder of the lab environ-
ment will not be adversely affected.
Some of the tests for which you might wish to create a separate, isolated domain or forest are as
follows:
Switching from mixed mode to native mode Changing from mixed mode to native
mode will allow for much tighter security in a Windows 2000 or Windows Server 2003 environ-
ment, but it assumes that you have no Windows NT 4 backup domain controllers (BDCs)
remaining in your domain. (After the switch to native mode, Windows NT 4 BDCs will no longer
be able to replicate with Windows 2000 or 2003 domain controllers.) This change will affect an
entire domain and cannot be reversed.
Upgrading the domain or forest functional level This feature was introduced in Windows
2000, where you had the ability to run a domain in mixed mode for backward compatibility or
native mode for increased security and functionality. Windows Server 2003 expands on this by cre-
ating several levels of both forest and domain functionality that can expose different features of the
Overview of Windows Server 2003 • Chapter 1 23
301_BD_Win2k3_01.qxd 5/12/04 10:53 AM Page 23
operating system for your use. For example, raising the functional level of a domain to Windows
Server 2003 native will prevent any existing Windows NT 4 or Windows 2000 Server domain con-

trollers from participating in domain replication. Like the switch from mixed to native mode, this
will affect the entire domain and/or forest in question and cannot be undone.
DNS settings Changes to a DNS server will affect all clients who use that server for name
resolution.Although this does not involve the kinds of one-way changes described above, you
should still proceed with caution before making changes that can affect other tests that might be
running simultaneously in the lab environment.
One important (but often overlooked) step in the planning process is that of carefully selecting a
location for your test lab.Too often, the test lab is relegated to a corner of a server room or what-
ever room is available in a file or storage area. However, if you will be performing tests for an
extended period of time, you should consider allocating a permanent or semipermanent location for
the lab. Be sure to locate the test lab in an area with enough space for all necessary equipment and
personnel. If you will be testing network equipment that will be deployed to multiple locations, you
should consider deploying a test lab at each site to test WAN links, replication, and site configura-
tions. Also, identify the personnel you’ll need to perform testing, as well as whatever training they
will need.
Finally, be sure to provide both physical and technological security measures for the equipment
and resources of the test lab.This includes isolating the test lab topology from your corporate net-
work using routers, switches, or firewalls, as appropriate. If you need to provide a connection from
the test lab to the corporate network, decide in advance how you will control, secure and monitor
that connection, and be sure to devise a way to quickly terminate the connection if something
unexpected or adverse occurs.
Exploring the Group Policy Management Console (GMPC)
A prominent new feature of Windows Server 2003 that is helpful in planning and assessing net-
work changes is the GPMC, which allows administrators to monitor, troubleshoot, and plan Group
Policy settings across an entire enterprise from a single management console. Along with a console
window that provides a graphical representation of GPO settings, the GPMC also includes a collec-
tion of scripts that you can run from the command line to streamline administration and planning
tasks.You can download and install the GPMC from Microsoft’s Web site. Once it’s installed, you’ll
have a shortcut to it in the Administrative Tools folder, and it will be available as an MMC snap-in.
The scripts that are included with GPMC can greatly simplify your life when you attempt to

take stock of an existing network environment (for example, when you begin to plan for an
upgrade). Using GPMC, you can quickly perform the following tasks using its automated scripting
function:
■
List all GPOs that are present in a given domain
■
List any disabled GPOs
■
List GPOs at a backup location
■
List GPOs by policy extension or security group
■
List any orphaned GPOs (GPOs that are no longer linked to any AD object) that are still
present in the SYSVOL directory
24 Chapter 1 • Overview of Windows Server 2003
301_BD_Win2k3_01.qxd 5/12/04 10:53 AM Page 24
■
List GPOs with duplicate names
■
List GPOs without security filtering
■
List unlinked GPOs in a domain
GPMC’s reporting functions will also generate HTML-formatted reports in an easy-to-read
format, which is always a hit when you’re presenting the upgrade proposal to management or a
budget committee. Additionally, the GPMC includes the Resultant Set of Policy Planning function
to allow you to simulate changes to GPO settings for a user, computer, or container object. Both of
these functions will greatly assist you with the administrative and technical aspects of a network
design project.
Documenting the Planning
and Network Design Process

The importance of documenting your computing environment after you have deployed a new net-
work design such as Windows Server 2003 cannot be overemphasized. As you move through the
network design and testing processes, you should also keep detailed documentation of each design,
product, or vendor decision that you make, including your reasons for choosing one alternative over
another. Personnel changes can occur without warning, and a well-maintained design document will
quickly answer the question of “Why did we choose Vendor X over Vendor Y?” when it is posed by
the new Vice President of IT, who just started last week. Knowing that Vendor Y’s product proved
incompatible after several hours of troubleshooting will save you from needing to waste time by
repeating portions of the design process.
Because of the effects that ongoing changes can have in a production environment, many orga-
nizations use test equipment to test every patch and service pack that is released by their product
vendors, so that any potential problems or bugs can be intercepted before the patch is applied glob-
ally. Whatever method you use to roll out ongoing updates and changes, you should include detailed
documentation, not only of what update was rolled out on a given date, but also of how the change
was applied to client machines or other devices on your network.
Creating the Planning and Design Document
When documenting both your test lab and your overall network design, there are a number of items
that need to be discussed. Although maintaining network documentation is often relegated to a
backseat behind the numerous fires that we must put out on a daily basis as network administrators,
comprehensive records in this area will actually help you in whatever troubleshooting issues come
up after the new network is placed into production. Include configuration information about the
following components of your final network design (although a complete list is limited only by the
amount of time you have in the day!):
■
Windows Server 2003 domain structure information, including DNS hierarchy and repli-
cation information, AD hierarchy information (site configuration, forest, domains, and
OUs), and GPO settings and where they are applied within the AD hierarchy. Be sure to
Overview of Windows Server 2003 • Chapter 1 25
301_BD_Win2k3_01.qxd 5/12/04 10:53 AM Page 25