Planning for
Windows 2000
Server
N
o matter how small your network or your needs, you
should not install Windows 2000 without preparing an
implementation and deployment plan. This chapter covers
planning for Windows 2000 Server and takes you through the
steps required to formulate and execute a deployment plan.
Steps to Implementation
Many of you are probably following the advice of your peers:
Microsoft should release the first service pack or two to
Windows 2000 before you touch it. Here’s your wake-up call:
You need to install Windows 2000 Server now. Not after one or
two service packs. Now. Are we paid Microsoft supporters?
No. We just want to make sure you get on the train when it
stops at your station.
By “now,” we do not mean you have to rush out and install it
in a production environment. But you have to start testing
now, understanding now, and learning now. You have to plan
for Windows 2000 Server, and this advice is aimed at not only
the multi-national company with 432,981 employees in 65
countries, but also at the single-person company that you’ll
find around the next corner.
Why the rush? Windows 2000 Server is a shocker. It is more
stable at release time than NT 4.0 was, and in many cases, even
without its advanced functionality, it is preferable to install
Windows 2000 than Windows NT 4.0. It is not only years ahead
4
4
CHAPTER

evaluate and plan an upgrade or conversion to Windows 2000 Server. If you take the
CEO or CTO a 1,200-page tome, he or she will freak out. Managers will want to know
how Windows 2000 Server is going to save them money, make them more competi-
tive, and keep them secure. Most executives need nothing more than an executive
summary with which to begin.
Migrate. This is the first and the last time you will see the term migrate in this
book because it is a misnomer when referring to moving to Windows 2000 Server.
We don’t want you to use it because it has negative connotations. Migrating
implies that you can go back to where you came from. Migrating is not possible
with Windows 2000. If you’re trying to go back, then you’re in disaster recovery
mode. Your domains can coexist, which most of you will be doing for a while, and
you will convert. But if you follow the advice in this book and in the next few chap-
ters in particular, you will not have to climb down from Windows 2000 and rein-
stall Windows NT.
If you think we are playing petty semantics, you are wrong. In many languages and
cultures, migration is a temporary thing. Once you convert your last Windows NT
Domain Controller, there is no reversion; you are done . . . dead or alive.
Note
4667-8 ch04.f.qc 5/15/00 1:58 PM Page 98
99
Chapter 4 ✦ Planning for Windows 2000 Server
There are many ways to approach a project and a plan. And we do not intend to
teach project science here, so whatever works for you, or is required by your
organization, is fine with us. We are not going to offer you the best way to approach
the conversion. We will give you some pointers culled from many years of doing
needs analyses and syntheses.
It is important that in the early days of the planning and testing phase, you only
choose a handful of energetic people to evaluate Windows 2000 Server. You don’t
want too many people doing their own thing and becoming unproductive and
uncoordinated. In the beginning, there will be little time for managing all the egos

Figure 4-1: Phase implementation plan (drawing of plan)
There are also several steps within each phase. The conversion step is in itself a
phased-implementation effort. However, take care not to over-nest your project
with too many phases. Our suggested phase-implementation structure is as follows:
✦ Phase 1: Analysis and Ramp-up
✦ Phase 2: Labs
✦ Phase 3: Sanity Check
✦ Phase 4: Pilot
✦ Phase 5: Conversion
Here are the suggested steps that span all five phases, outlined in Table 4-1:
Table 4-1
Planning Steps
Phase Step
Phase 1 Step 1: Establish a Timeline for Your Project
Phase 1 Step 2: Understand the Technology
Phase 1 Step 3: Understand How Your Enterprise is Currently Positioned
Phase 1 Step 4: Establish Budget
Phase 2 Step 5: Create the Lab
Ramp-up
Phased implementation time line
LABS
Sanity Check
Pilot
Conversion
4667-8 ch04.f.qc 5/15/00 1:58 PM Page 100
101
Chapter 4 ✦ Planning for Windows 2000 Server
Phase Step
Phase 2 Step 6: Design the Logical and Physical Structures
Phase 2 Step 7: Secure the Lab

how it achieves its objectives.
Note
4667-8 ch04.f.qc 5/15/00 1:58 PM Page 101
102
Part II ✦ Planning, Installation, and Configuration
Prerequisites
Windows 2000 architecture is highly complex. Our joke is “ZAW = Zero Administrators
for Windows.” Key to understanding the technology is having a good grounding in
general computer science and network engineering, but be willing to specialize. You
are going to need expertise on your team, and the members of the team should be
prepared to show proficiency in several IT areas.
They will need a complete understanding and experience in all of the following:
TCP/IP, DNS, WINS, DHCP, Server Hardware Platforms, Storage, Windows NT Server
administration and deployment experience, NT and Windows 9x workstation expe-
rience, Internet practices, and tons more.
After you have established the timelines and have picked a team of experts, you
need to spend no less than two months, possibly four, understanding everything
about the technology and the architecture, Active Directory (six to eight weeks).
Trust us, we work with engineers all day long, and they are very good at what they
do, but on some Windows 2000 subjects, they still have to scratch their heads.
Where do you start?
Besides this book to break ground, the best place to start is the Microsoft Web site.
There are tons of white papers there and documents that will get you started on
both the easy and difficult stuff. The Deployment planning guide in the Windows
2000 Resource Kit is also a worthwhile document to read, as long as you have lots
of Alka-Seltzer handy.
Avoid books that are nothing but a rehash of the Windows 2000 Help Files. They
may have worked in the past. But not only are the Help Files very thorough, they
are also “mind-blowingly” vast, covering many different functions and features of
the server. And, before you interject, you can take them “anywhere” you can take

convince them to start testing now and then to get the initial sponsorship and bud-
get for the project. And the only way to do that is to become an informed evangelist
in less than two full moons.
Step 4: Establish Budget
You’ll need several stages of financing for your project, so think like an entrepreneur.
The early stages can probably be catered to out of existing equipment, unused
servers, hard disks, and so on. If you don’t have surplus hardware, you’ll need to get
a few servers. And we don’t need to tell you that the best means of providing servers
for a project like this is to buy the pieces and assemble the hardware in your lab.
You’ll not only learn about Windows 2000 hardware compatibility, but you’ll end up
saving a lot of money in the early stages.
Older brand servers, like Compaqs or Dells, are as risky for Windows 2000 (if not
more so) than flea market finds. The only failed installation we battled with for this
book was on a Compaq 6000, as discussed in Chapter 5.
Step 5: Create a Lab
With your initial budget, you need to set up a lab. This should be a secure area
where you can set up a number of servers, workstations, printers, and a slew of net-
work components, such as routers and hubs. Depending on the size of your organi-
zation and the project, you will want your lab to emulate an enterprise-wide domain
structure, both physical and logical. In which case, you’ll need to set up several
domain controllers, role servers like DNS and DHCP, and so on.
Caution
4667-8 ch04.f.qc 5/15/00 1:58 PM Page 103
104
Part II ✦ Planning, Installation, and Configuration
Obtain a space in which you can comfortably fit about 12 full-tower servers and all
collateral network equipment and printers. You might get away with a lot less, and
you might need a lot more. One company we know built a test domain complete
with domain controllers for 24 remote centers — that’s 24 domain controllers.
Follow Chapter 5 for specifics on installing the servers.

105
Chapter 4 ✦ Planning for Windows 2000 Server
Step 10: Evaluate
You need to stop at predetermined intervals or milestones along the way for sanity
checks and to evaluate how far you have come, how far you have to go, deadlines
that may have been missed, and other problems. Towards the end of the project,
you will need to make the decision with your sponsors and management to move
forward with a test or pilot project in which you will be deploying servers in pro-
duction environments.
Step 11: Create Pilot Projects
The pilot projects can take on many forms. They could be limited to the installation
of a role server, many role servers, the beginnings of Active Directory in the organi-
zation, and more. More on this in a later section.
Step 12: Begin Conversions
On the basis of successful pilot projects, you will be able, with the blessings of man-
agement or your own confidence, to move forward with rollout and conversion. Our
strategy for a phased implementation is discussed shortly.
There is a lot of material floating around that covers planning. The material in the
Windows 2000 Deployment Planning Guide is extensive. However, we found it too
detailed in parts and too verbose for the majority of installations. Many sections call
for teams of experts (a way of picking up the fallout from defunct Y2K projects?)
that most companies would not be able to afford. Indeed, a team of such experts,
even for a month, would be beyond the budgets of all but a few companies.
The previous steps are a starting point, something on which you can build. The fol-
lowing planning guide worked for us, suited our environment, and is based on many
projects that came before Windows 2000. Each step along the way was fully docu-
mented and evaluated. Indeed, you are holding much of the research and lab work
we did between these covers. Now let’s kick our implementation into high gear.
Analysis and Ramp-up
There is a huge difference between learning about Windows 2000 Server and under-

There are millions of Windows NT and 2000 servers on the Internet, and they
are not part of any Windows domains. The machine is thus more secure as a
standalone server than as a member server because standalone servers are
not given domain accounts nor are they authenticated on the domain. They
can also be print servers, and so on, but their resources cannot be published
in Active Directory, short of mapping them to IP addresses (see Chapter 23).
If you are in a hurry to install Windows 2000 Server, do not try to join it to any
domain or promote it to a domain controller. Make it a standalone server that logs
into its own workgroup.
2. Windows 2000 can be a member server, which means that it has an account in
the domain. Now, that account can be in a Windows NT domain or a Windows
2000 domain. As long as it is a member server, you can access its resources
via the authentication mechanisms of Windows NT and the NTLM authentica-
tion service (see Chapter 3), or via Kerberos on a Windows 2000 network.
This means that the Windows 2000 member server can play certain worth-
while roles in an NT domain. We will discuss such roles shortly.
3. A domain controller loads the Active Directory support infrastructure. You can
install a Windows 2000 domain controller when you are ready to begin learn-
ing about Active Directory, or when you are building your test domains in the
lab. You can also install a Windows 2000 domain controller server into a
Windows NT domain.
Tip
4667-8 ch04.f.qc 5/15/00 1:58 PM Page 106
107
Chapter 4 ✦ Planning for Windows 2000 Server
Good examples of understanding the technology are coming to the conclusion that
Windows 2000 Server-DNS, Windows 2000 Server-WINS, and Windows 2000 Server-
DHCP are ideal role servers to install in the existing environment, be it Windows NT
or something else . . . and figuring out how to integrate them. In fact, this is the
design technique that forms the basis of our evangelism in this book in general,

much for the enterprise? It does if your sites are interconnected over low bandwidth
4667-8 ch04.f.qc 5/15/00 1:58 PM Page 107
108
Part II ✦ Planning, Installation, and Configuration
WAN (56K circuits). It does not take much to fix broken WINS server services using
the old WINS. But when users call because they cannot find their network shares
and when automatic file transfers fail, WINS 2000 may be one of the first new servers
you try to get into production and deployment, as we earlier explained.
Needs Analyses-Needs Syntheses
A needs analysis or need synthesis is a study of the needs of an enterprise for cer-
tain technology or solutions. This can and should be done during the planning phase
and before testing efforts and pilot projects are complete. This is your opportunity
to “sell” Windows 2000 Server to your enterprise.
Here is a good example of a needs synthesis. One of our clients is a large multi-
national that is about to embark on the complex process of merging the IT depart-
ments of two recent acquisitions into its own IT infrastructure. Mergers and
acquisitions can collapse if IT cannot get it right, and merging the network infras-
tructures and domains of once-competing companies can cause your cholesterol
levels to skyrocket.
For the foreseeable future, at least two years, the companies will have to operate
as separate entities while IT converts key services and infrastructure into the
acquiring, now parent, corporation.
Between the three companies, there are 9,000 employees. Each company has a col-
lection of Windows NT domains. The domains between the three companies num-
ber about 45, many still from earlier acquisitions, and acquisitions of acquisitions,
and all 45 need to be managed holistically. Many of the domains are NT account
domains, collectively containing some 13,622 accounts. This is a daunting task. For
starters, under Windows NT all the domains interconnect over a large WAN and
thus all need to be related to each other with complex Windows NT domain bi- and
uni-directional trusts.

pilot projects will ensure that.
Assess Your Future Needs
Looking to the future will help you and the team, and especially the managers who
need to come up with the money, understand where Windows 2000 technology will
come in. If you can show, as we did in the previous needs synthesis, that investing
in Active Directory will cut six to eight months off the merger process, you will
make a lot of people sit up and take notice. If you can show how much you will
save, and how you will pave the way for the next big acquisition, which is expected
to add another thousand accounts to the absorption process, you will probably get
double the funding you need to take your project to the next level.
Assess Your Strengths and Weaknesses
We cannot stress how important it is to assess your strengths and weaknesses
before you take your planning project to the second phase. This assessment must
be done on several levels, specifically:
✦ Support from management
✦ Available funds
✦ Available time
✦ Material resources
4667-8 ch04.f.qc 5/15/00 1:58 PM Page 109
110
Part II ✦ Planning, Installation, and Configuration
✦ Human resources
✦ Technical expertise
✦ Network infrastructure
✦ Technology or systems already in place
✦ Direction of the company
✦ What the competition is doing
Support from management
Without champions, you’re dead. In one company, we know the project was blocked
from higher up because of the investment in Novell Directory Services (NDS). Don’t

4667-8 ch04.f.qc 5/15/00 1:58 PM Page 110
111
Chapter 4 ✦ Planning for Windows 2000 Server
Available time
Be sure you have the time to be involved in such a project. If you are planning a
comprehensive technology assessment, test lab, pilot project, the whole thing, then
nothing short of full-time and a team of several souls will do. Work out how much
time you need to complete the job, then double that and work backward from there.
We understand this might not be realistic for many companies and individuals that
often wish they could multithread all the work processes they have.
Material resources
You need space, a test lab, hub space, rack space, monitors, storage, workbenches,
tape backup units, cartridges, CD burners (for cutting auto installation CDs), and
so on. Many companies have a lot of stuff lying around, so before you put pencil to
paper to get a budget, first see how much can be “borrowed” from the other depart-
ments or divisions.
You may still have to invest in new hardware, however, because Windows 2000
exploits new hardware services the major manufacturers are bringing out on their
new platforms. These include Plug and Play, Advanced Configuration and Power
Interface (ACPI), and the Boot Information Negotiation Layer (BINL), which is the
service that enables remote booting.
Human resources
You cannot hope to complete a full-scale Windows 2000 Server test or planning
project on your own. This is tough on smaller companies that do not have many
employees to spare, and trust us, the MSCE on Windows 2000 will not prepare you
sufficiently to convert a considerable infrastructure. You need hands on, all the
time. Microsoft invested millions of person-hours on Windows 2000. Also, do not
forget to allow for time off, sick leave, and so on.
Technical expertise
This is not the same as the previous (HR). Our projects would have traveled a lot

and 9, where you benefit from a first-hand account of a disastrous PDC conversion.
If you have large and complex domains, you should explore using ADSI (Active
Directory Services Interface) to programmatically copy user accounts to the
Windows 2000 domain. Your user accounts can be exported from the SAM database
and then imported to Active Directory. You can also build a simple tool, using
Microsoft’s database technologies, such as the Active Data Objects (ADO) and the
Active Directory OLEDB service provider to perform your import. This is much
harder than it looks, especially if your network administrators do not write soft-
ware, and most don’t.
Regardless of how you plan to transfer user accounts to Active Directory from NT
4.0 domains, there is no getting away from the amount of work it will be. Thus, you
should plan now with Active Directory in mind, even if your conversion project will
only begin a year down the road.
If you have investigated Active Directory really well, you will notice that many
attributes or properties of the user account objects are very different from the
attributes of user accounts in NT (meaning all versions of NT). NT user accounts,
for example, do not contain attributes for new services such as Terminals Services
sessions, or new fields for properties such as User Principal Names (UPNs); and
home directories, policies, profiles, and passwords are all radically different in
Active Directory. You thus need to consider if your NT domain should be phased
over, rather than converted by the promotion of the domain controller. While con-
version may appear to be more desirable, there are caveats.
4667-8 ch04.f.qc 5/15/00 1:58 PM Page 112