Windows Server 2008
Migration
Considerations
1-800-COURSES
www.globalknowledge.com
Expert Reference Series of White Papers

Introduction
Windows Server 2008 is a big change from Windows Server 2003, as the 5-year gap in the names would sug-
gest. Microsoft is providing role-based management, major new product variations (Server Core, Read-Only
Domain Controllers), support for hardware-based virtualization, Network Access Protection, BitLocker drive
encryption, an overhauled Terminal Services architecture, and a raft of less exciting but nonetheless useful evo-
lutionary improvements.
What are some of the primary migration considerations that you should review when evaluating or planning a
move to the new product? I identified several of these in a presentation I gave in Raleigh and Chicago to cele-
brate the impending launch of this gargantuan product. It’
s not an exhaustive list (we only had two hours!)
but it’s a good start, and we’ve repackaged that presentation into this white paper:
Key new features (or: “Why should I upgrade?”)
• Product versions
• Hardware requirements
• Focus: Server Core
• Focus: Read-Only Domain Controllers
• Focus: Server Manager
• Focus:
Group P
olicy
• Migration and deployment tools
Key New Features
First, there is a “laundry list” of key new features to be aware of. We can’t cover each of them here, but rec-
ommend exploring the ones that may be unfamiliar to you, either on the broad Web or on the Microsoft

T
echNet
Windows Server 2008
Technical Library:
• New deployment option with Server Core
• Server Manager integrated administrative console
• Better security with Read-Only Domain Controllers (RODCs)
• Group Policy improvements (architecture, settings)
• Improved administration with Server Manager
• Better deployment architecture (WDS, WIM)
• Synergies with Vista (look/feel; shared code base)
• Improved event logging and collection
• IPv6 installed by default
• Network Access Protection (NAP)
•
BitLock
er full volume encryption
Glenn Weadock, Global Knowledge Instructor, MCSE, MCT, A+
Windows Server 2008
Migration Considerations
Copyright ©2008 Global Knowledge T
raining LLC. All rights reserved.
Page 2
•
Service hardening
• PowerShell scripting interface
• Server virtualization (Hyper-V)
• User Account Control
• Windows Firewall with Advanced Security
• Reliability and Performance Monitor

• Server Manager
Product Versions
Note that most of the following list of products is available either with or without Hyper-V, the hardware-
based virtualization technology, although at this writing, the cost savings of the non-Hyper-V SKUs is negligi-
ble:
• Windows Web Server 2008 (no DNS, DHCP, VPN services)
• Windows Server 2008 Standard Edition (no clustering)
• Windows Server 2008 Enterprise Edition
•
Windows Server 2008 Datacenter Edition (unlimited VMs)
• Windows Server 2008 for Itanium-Based Systems
Hardware Requirements
The minimum requirement for Standard Edition is specified as 1GHz CPU, 512MB RAM, and 8GB disk space,
but the recommended spec doubles those figures. As usual with a server operating system, the actual hard-
ware requirements will depend on what you ask the machine to do – how many simultaneous roles and serv-
ices, the size of the client population, and so on.
In terms of the ceiling rather than the floor, you can go up to 4 CPU sockets with the Web and Standard edi-
tions, 8 sockets for Enterprise, and 32 for Datacenter. If that’s just not enough horsepower, Itanium edition sup-
ports 64 CPU sock
ets. Maximum RAM varies from 4GB on the 32-bit versions of
Web and Standard Edition up
to 2TB on the Itanium edition and the 64-bit Enterprise product (wow!).
The 32-bit Enterprise edition supports
a maximum of 64GB.
Focus: Server Core
Server Core is a
“minimalist”
installation of Server 2008 – it doesn’t even come with a
graphical user interface! The idea is that you only install the services you need.
The benefits of a Server Core installation are reduced attack surface and reduced patch

surface. Troubleshooting should be easier, as well, and we would expect increased sta-
bility because of the smaller code footprint.
F
inally
, Server Core is not as demanding as
“regular”
Server 2008 versions when it comes to hardware requirements.
Server Core does require a clean install. It supports many, but not all, of the important server roles, including
Active Directory Domain Services, AD Lightweight Domain Services, DHCP, DNS, file services, print services, and
streaming media services. It does not support Certificate Services, Federation Services, or Rights Management
Services
. (Betas did not support IIS, but support for IIS on Server Core was added before the release of final
code.)
Copyright ©2008 Global Knowledge T
raining LLC. All rights reserved.
Page 3
T
he other point to note when considering Server Core for your migration is that there is no managed code sup-
port. The .NET framework is not present, and PowerShell is not available.
You’ll need to use some command-line tools to configure and maintain Server Core, although the remoteable
MMC snap-ins (which is most of them) can be run from other servers, or from workstations running Vista SP1,
to manage Server Core systems. Microsoft provides a special built-in script, SCREGEDIT.WSF, to handle tasks
such as enabling automatic updates, allowing Remote Administration connections, and setting Windows Error
Reporting options.
In addition to all of the above, you can access Server Core systems via a remote command line using Windows
Remote Management (WinRM) and Windows Remote Shell (WinRS).
Focus: Read-Only Domain Controllers
It’s back to the future – remember the Windows NT Backup Domain
Controller (BDC)? It could log you on, but you couldn’t make any changes
to it.

The 2008 version of the BDC goes by the new name of Read-Only
Domain Controller. It is intended for deployment in branch offices that
have low physical security and/or limited local IT management.
The RODC receives all
Active Directory database changes from a writeable domain controller. It has the ability
to cache requested credentials (but not for administrators);
however, it does not contain a full copy of the AD
database. The idea is that if an RODC gets stolen, it’s a lot easier to reset the passwords that might have been
cached on the RODC – that is, users at the branch office – than it would be to reset the passwords of every
user in the forest!
You’ll set up an RODC with new options when you run DCPROMO to promote a member server to a domain
controller. The setup wizard also gives you the opportunity to pre-designate a group that can manage the
RODC. The benefit of doing this is that you don’t have to have a Domain Admin at the branch office; the dele-
gated RODC admin can log on to the RODC but doesn’t have the broad directory access that a Domain Admin
has.
Most of you reading this white paper know that Active Directory and DNS go together like the peanut butter
and chocolate in a Reese’s peanut-butter cup. So it comes as no surprise that you can set up DNS on an RODC.
If you do this, Microsoft recommends that branch office clients should point to the RODC’s DNS as the pre-
ferred DNS server
, with an alternate at the hub site running writeable DNS.
Focus: Server Manager
If you’re lik
e me
,
you occasionally wish that your virtual desktop didn’t need
to be as cluttered as your physical desktop. (The desktop metaphor that the
folks over at Xerox developed a couple of decades ago is a little more accu-
rate than I’d like!) In an attempt to ease some of that clutter, Microsoft has
given us Server Manager, a new console that combines elements of several
Server 2003 administrative tools

.
T
he idea is that Server Manager is a one-
stop shop for server administration.
Although it doesn’t quite succeed in that
regard, its improvements are welcome.
Copyright ©2008 Global Knowledge T
raining LLC. All rights reserved.
Page 4
F
or one thing, Server Manager provides simultaneous access to multiple administrative tools, such as roles,
features, Windows Reliability and Performance Monitor, Scheduled Tasks, and Event Viewer. In some cases it
includes help data on tools and some links to documents dealing with best practices.
Server Manager’s Achilles heel (and an area in which it represents a step backwards from the Computer
Management console in Server 2003) is that it is not remoteable. However, you can always run it from within a
Remote Desktop session. A command-line version provides opportunities for scripting (and showing off).
Some of the Server Manager lingo may be a little bit new. “Roles” are collections of related functionality,
much as you used to find in the Add/Remove Windows Components wizard (now defunct). Active Directory
Domain Services is a role; so is DNS, Terminal Services, and Web Server (to mention a few). Through a new
architecture called Component-Based Servicing, installing a role automatically installs required services and
features. Server Manager also automatically secures roles during the installation, bringing the old Security
Configuration Wizard one step closer to obsolescence. Finally, several wizards have been beefed up to guide
administrators through necessary configuration steps.
“Features” in Server Manager are ancillary support functions not tied to specific roles: things like BitLocker,
failover clustering, Remote Assistance, and telnet. To round out the vocabulary lesson, “role services” are
optional services that augment the capabilities of a role
.
Focus: Group Policy
Group Policy (surely Microsoft regrets that name every time someone like me points
out that it doesn’t normally have anything to do with groups) keeps evolving in inter-

esting ways with every new operating system. Vista gave us a thorough preview of
the changes in Group Policy that find their fruition in Server 2008; here’s a quick run-
through of the changes you should know about when planning your migration.
First off, the Group Policy Management Console, or GPMC, is now included with
Server 2008. (It was also bundled with Vista, but it has been “un-bundled” from Vista
as of Service Pack 1, nominally so that the product can be updated separately from
the workstation operating system.) This console is where you can manage links, back up Group Policy Objects,
product reports, create WMI filters, and perform security group filtering.
But the Server 2008 GPMC goes further. It provides the ability to comment your GPOs, and even comment
individual policy settings
, as long as they fall in the Administrative Templates hierarchy. It also has improved
search capabilities (although it’s called “filtering”). You can even create base GPOs that can act as templates
for other GPOs;
Microsoft calls these
“starter GPOs
.
”
T
hese are all welcome changes
.
Another benefit to those of us who have to manage Group Policy is that you can create a central storage area
on the network for the Group P
olicy
“source code” files, formerly *.ADM and now *.ADMX to reflect their
XML structure. These files are modular and topically organized; they load automatically if the GPO administra-
tor is running Server 2008 or Vista (no more manual loading of ADM files!).
Troubleshooting Group Policy is now easier in that there’s a dedicated event log just for Group Policy events.
Copyright ©2008 Global Knowledge T
raining LLC. All rights reserved.
Page 5