Post on 29-Nov-2014
transcript
http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=13380Microsoft Active Directory Topology Diagrammer
\http://technet.microsoft.com/en-us/library/cc751379.aspx
Visio step by Step
http://www.microsoft.com/download/en/details.aspx?id=7826
Microsoft Assessment and Planning Toolkit
************************************************** Audit and Assessment of Active Directory *
Audit and Assessment of Windows Server *
Audit and Assessment of Windows Workstations
http://technet.microsoft.com/en-in/library/dd379558(en-us,WS.10).aspx
Migration plan and check list
http://chandoo.org/wp/2009/06/16/gantt-charts-project-management/
Gantt chart
http://technet.microsoft.com/en-us/library/mergers_acquisitions_active_directory_prune_and_graft_restructuring_support_limitations%28WS.10%29.aspx
http://technet.microsoft.com/en-us/library/cc974327(WS.10).aspx
Restructuring details limitations Checklist: Performing an Interforest Migration
http://social.technet.microsoft.com/Forums/en-US/winserverMigration/thread/dab33e51-25f4-476c-b173-7e65ee253373
migration from windows 2003 to windows 2008Checklist
In-place upgrading Windows Server 2003 and Windows Server 2003 R2 can both be upgraded in-place to Windows Server 2008, as long as you keep the following in mind:
The Windows Server 2003 patchlevel should be at least Service Pack 1
You can't upgrade across architectures (x86, x64 & Itanium)
Standard Edition can be upgraded to both Standard and Enterprise Edition
Enterprise Edition can be upgraded to Enterprise Edition only
Datacenter Edition can be upgraded to Datacenter Edition only
This might be your preferred option when:
Your Active Directory Domain Controllers can still last three to five years (economically and technically)
You worked hard to get your Active Directory in the shape it's in.
Your servers are in tip-top shape.
Transitioning Migrating this way means adding Windows Server 2008 Domain Controllers to your existing Active Directory environment. After successfully moving the Flexible Single Master Operations (FSMO) roles you can simply demote the previous Domain Controllers, remove them from the domain and throw them out of the window. Transitioning is possible for Active Directory environments which domain functional level is at least Windows 2000 Native.
I feel transitioning is the middle road between the two other ways to migrate to Windows Server 2008:
Restructuring means filling a new Active Directory from scratch
In-place upgrading means you're stuck with the same hardware and limited to certain upgrade paths
Transitioning means you get to keep your current Active Directory lay-out, contents, group policies and schema. Transitioning also means moving to new machines, which can be dimensioned to last another three to five years without trouble.
Transitioning is good when:
You worked hard to get your Active Directory in the shape it's in.
Your servers are faced with aging.
In-place upgrading leaves you with an undesired outcome (for instance 32bit DC's)
You need a chance to place your Active Directory files on different partitions/volumes.When done right your colleagues might not even suspect a thing! The downside is you need to know exactly what you're doing, because things can go wrong pretty fast. that's why I wrote this useful piece of information.
Restructuring A third way to go from Windows Server 2003 Domain Controllers to Windows Server 2008 Domain Controllers is restructuring your Active Directory environment. This involves moving all your resources from one (Windows Server 2003) domain to a new and fresh (Windows Server 2008) domain. Tools like the Active Directory Migration Tool (ADMT) are priceless in these kind of migrations.
Restructuring is good when:
Your current Active Directory environment is a mess or is uncontrolable
You want to build a new Active Directory environment and import (pieces of) your existing Active Directory environment.
You need to merge (information from)(domains from) two Active Directory forests together
You need to split (information from)(domains from) two Active Directory forests
http://www.microsoft.com/windowsserver2008/en/us/why-upgrade-2003.aspx
Active Directory Planning Worksheets
taken with permission from Active Directory Planning and Design by Harry Brelsford Table 1: Business Needs Analysis (Q and A)Table 2: Business Requirements AnalysisTable 3: Project PlanTable 4: Active Directory Design and Planning TeamTable 5: Technical Requirements AnalysisTable 6: Security Requirements PlanningTable 7: Windows 2000 Server Network Infrastructure PlanningTable 8: Active Directory Design and PlanningTable 9: Windows NT 4.0 to Windows 2000 Migration Planning Table 1: Business Needs Analysis (Q and A)Question AnswerHave you clearly defined the nature of the organization’s business?
Has the organization developed a clear sense of direction or mission?
Does the organization have a clear philosophy for conducting its business affairs?
Are the organization’s business goals attainable?
Are the organization’s objectives logically related in a hierarchy that will lead to goal achievement?
Does the organization periodically reevaluate its objectives to be sure they have not grown obsolete?
Has the organization developed a logical and planned approach for collecting data on its internal and external environment?
Are data stored of filed in ways that allow easy retrieval of useful information?
Are reports produced that are seldom or never used?
Does the organization periodically review its information system to make certain it is useful and up-to-date?
List four or five key strengths of the organization.
What are key weaknesses in the organization?
In developing the organization’s final strategy, did it consider three or four possible alternatives?
Table 1: Business Needs Analysis (Q and A)Question AnswerAre employees involved in making planning decisions?
Did management take time to communicate the final strategic plan to employees and deal with their concerns?
Is the timetable for implementation of the strategic plan realistic?
Have definite checkpoints been schedules for assessing progress toward goals?
Has the organization developed effective ways of measuring progress?
Table 2: Business Requirements AnalysisAnalysis Item Sub-Analysis Item CompletedAnalyze the existing and planned business models
Analyze the company model and the geographical scope. Models include regional, national, international, subsidiary, and branch offices.
Analyze company processes. Processes include information flow, communication flow, service and product life cycles, and decision-making.
Analyze the existing and planned organizational structures. Considerations include management model: company organization: vendor, partner, and customer relationships; and acquisition plans.
Analyze factors that influence company strategies.
Identify company priorities. Identify the projected
growth and growth strategy.
Identify relevant laws and regulations.
Identify the company’s tolerance for risk.
Identify the total cost of operations
Analyze the structure of IT management. Considerations include type of administration, such as centralized or decentralized; funding model; outsourcing; decision-making process; and change-management
Table 2: Business Requirements AnalysisAnalysis Item Sub-Analysis Item Completedprocess.Analyze business and security requirements for the end user.
Analyze the current physical model and information security model.
Analyze internal and external security risks.
Other Other Other
Table 3: Project PlanPhase Tasks Duration / Assigned
Resources / CommentsA. AD Design Creation A.1. Namespace (DNS)
Selection
A.2. Namespace Design A.3. Domain Tree/Forest
Architectural Development
A.4. AD Domain Naming Conventions
A.5. DNS Design A.6. DNS Interoperability
Issues
A.7. DNS Zones and Administrative Model Development
A.8 OU Development and Design
A.9. Group and User Design
A.10. Security Design and Development
A.11. Delegation of Authority Design
A.12. AD/Windows 2000 Capacity Planning
A.13. Design of Group Policies
B Test Lab (Proof of Concept)
B.1. Testing Server Functionality
B.2. Core Service Testing (DNS, DHCP, WINS)
B.3. Server Interoperability and Coexistence Testing
B.4. Server Migration Testing
B.5. Desktop Testing (Operating System, Applications)
B.6. Network Infrastructure B.7. Hardware
Infrastructure
Table 3: Project PlanPhase Tasks Duration / Assigned
Resources / CommentsC. Production Pilot C.1. Launch Pilot Phase C.2. Pilot Planning Tasks C.3. Pilot Feedback D. Rollout D.1. Develop
Implementation Plan
D.2. Perform Work D.3. Troubleshooting D.4. Feedback Other Other Other
Table 4: Active Directory Design and Planning TeamTeam Member Role Comments Enterprise or AD Architect Corporate Standards
Implementation Lead
Deployment Site Lead Deployment Team Lead Help Desk Lead Networking Lead Services/Product/
Technology Lead
Developer Lead End User Lead Senior
Management/Executive Representative
Line Manager(s) Other Other Other
Table 5: Technical Requirements AnalysisAnalysis Item Sub-Analysis Item CompletedEvaluate the company’s existing and planned technical environment and goals
Analyze company size and user and resource distribution
Assess the available connectivity between the geographic location of worksites and remote sites
Assess the net available bandwidth and latency issues
Analyze performance, availability, and scalability requirements of services
Analyze the method of accessing data and systems
Analyze network roles and responsibilities. Roles include administrative, user, service, resource ownership, and application.
Analyze security considerations
Analyze the impact of Active Directory on the existing and planned technical environment
Assess existing systems and applications
Identify existing and planned upgrades and rollouts
Analyze technical support structure
Analyze existing and planned network and system management
Analyze the business requirements for client computer desktop
Table 5: Technical Requirements AnalysisAnalysis Item Sub-Analysis Item Completedmanagement Analyze end-user work
needs
Identify technical support needs for end-users
Establish the required client computer environment standards
Analyze the existing disaster recovery strategy for client computers, servers, and the network
Analyze the impact of infrastructure design on the existing and planned technical environment
Assess current applications Analyze network
infrastructure, protocols, and hosts
Evaluate network services Analyze TCP/IP
infrastructure
Assess current hardware Identify existing and
planned upgrades and rollouts
Analyze technical support structure
Analyze existing and planned network and systems management
Other Other Other
Table 6: Security Requirements PlanningAnalysis Item Sub-Analysis Item CompleteDesign a security baseline for a Windows 2000 network that includes domain controller, operations masters, application servers, file and print servers, RAS servers, desktop computers, portable computers, and kiosks
Identify the required level of security for each resource. Resources include printers, files, shares, Internet access, and dial-in access
Design an audit policy Design a delegation of authority policy
Design the placement and inheritance of security policies for sites, domains, and organizational units
Design an Encrypting File System strategy
Design an authentication strategy
Select authentication methods. Methods include certificate-base authentication, Kerberos authentication, clear-text passwords, digest authentication, smart cards, NTMLM, RADIUS, and SSL.
Design an authentication strategy for integration with other systems
Design a security group strategy
Design a Public Key Infrastructure
Design Certificate
Table 6: Security Requirements PlanningAnalysis Item Sub-Analysis Item Complete
Authority (CA) hierarchies Identify certificate server
roles
Certificate management plan
Integrate with third-party CAs
Map certificates Design Windows 2000 network services security
Design Windows 2000 DNS security
Design Windows 2000 Remote Installation Services (RIS) security
Design Windows 2000 SNMP security
Design Windows 2000 Terminal Services security
Provide secure access to public networks from a private network
Provide external users with secure access to private network resources
Provide secure access between private networks
Provide secure access within a LAN
Provide secure access within a WAN
Provide secure access across a public network
Design Windows 2000 security for remote access users
Design a Server-Messaging Block (SMB)-signing solution
Design an IPSec solution Design an IPSec encryption
scheme
Design an IPSec management strategy
Table 6: Security Requirements PlanningAnalysis Item Sub-Analysis Item Complete Design negotiation policies Design security policies Design IP filters Design security levels Other Other Other
Table 7: Windows 2000 Server Network Infrastructure PlanningAnalysis Item Sub-Analysis Item CompletedModify and design a network topology
Design network services that support application architecture
Design a resource strategy Plan for the placement and
management of resources
Plan for growth Plan for decentralized or
centralized resources
Design a TCP/IP networking strategy
Analyze IP subnet requirements
Design a TCP/IP addressing and implementation plan
Measure and optimize a TCP/IP infrastructure design
Integrate software routing into existing networs
Integrate TCP/IP with existing WAN requirements
Design a plan for the interaction of Windows 2000 network services such as WINS, DHCP, and DNS
Design a DHCP strategy Integrate DHCP into a
routed environment
Integrate DHCP with Windows 2000
Design a DHCP service for remote locations
Measure and optimize a DHCP infrastructure design
Design name resolution services
Create an integrated DNS design
Create a secure DNS design Create a highly available
Table 7: Windows 2000 Server Network Infrastructure PlanningAnalysis Item Sub-Analysis Item Completed
DNS design Measure and optimize a
DNS infrastructure design
Design a DNS deployment strategy
Create a WINS design Create a secure WINS
design
Measure and optimize a WINS infrastructure design
Design a WINS deployment strategy
Design a multi-protocol strategy. Protocols include IPX/SPX and SNA
Design a Distributed file system (Dfs) strategy
Design the placement of a Dfs root
Design a Dfs root replica strategy
Designing for Internet Connectivity
Design an Internet and extranet access solution. Components of the solution could include proxy server, firewall, routing and remote access, Network Address Translation (NAT, connection sharing, Web server, or mail server
Design a load-balancing strategy
Design an implementation strategy for dial-up remote access
Design a remote access solution that uses Routing and Remote Access
Integrate authentication with Remote Authentication Dial-In User Service (RADIUS)
Table 7: Windows 2000 Server Network Infrastructure PlanningAnalysis Item Sub-Analysis Item CompletedDesign a virtual private network (VPN) strategy
Design a Routing and Remote Access routing solution to connect locations
Design a demand-dial routing strategy
Other Other Other
Table 8: Active Directory Design and PlanningAnalysis Item Sub-Analysis Item CompletedDesign an Active Directory forest and domain structure
Design a forest and schema structure
Design a domain structure Analyze and optimize trust
relationships
Design an Active Directory naming strategy
Establish the scope of the Active Directory
Design the namespace Plan DNS strategy Design and plan the structure of organizational units (OU). Considerations include administration control, existing resource domains, administrative policy, and geographic and company structure.
Develop an OU delegation plan
Plan Group Policy Object management
Plan policy management for client computers
Plan for the coexistence of Active Directory and other directory services
Design an Active Directory site topology
Design a replication strategy
Define site boundaries Design a schema modification policy
Design an Active Directory implementation plan
Design the placement of operations masters
Considerations include performance, fault
Table 8: Active Directory Design and PlanningAnalysis Item Sub-Analysis Item Completed
tolerance, functionality, and manageability
Design the placement of Global Catalog Servers
Considerations include performance, fault tolerance, functionality, and manageability
Design the placement of domain controllers
Considerations include performance, fault tolerance, functionality, and manageability
Design the placement of DNS servers
Considerations include performance, fault tolerance, functionality, and manageability
Plan for interoperability with the existing DNS
Other Other Other
Table 9: Windows NT 4.0 to Windows 2000 Migration PlanningAnalysis Item Sub-Analysis Item CompletedChoose the type of migration. Types include upgrade, restructure Windows NT to Windows 2000, restructure Windows 2000 to Windows 2000, upgrade and restructure, inter-forest restructure, and intra-forest restructure
Plan the domain restructure Select the domain to be
restructured and decide on the proper order for restructuring them. Decide when incremental migrations are appropriate
Implement organizational units (OUs)
Select the appropriate tools for implementing the migration from Windows NT to Windows 2000. Tools include Active Directory Migration Tool (ADMT); ClonePrincipal and NETDOM (for inter-forest type), and Move Tree and NETDOM (for intra-forest type)
Perform pre-migration tasks Develop a testing strategy
for upgrading and implementing a pilot migration
Prepare the environment for upgrade. Considerations include readiness remediation
Plan to install or upgrade DNS
Plan the upgrade for hardware, software, and infrastructure
Assess current hardware Assess and evaluate
security implications. Considerations include physical security, delegating control to groups, and evaluating post-migration security risks
Assess and evaluate application compatibility. Considerations include Web Server, Microsoft Exchange, and line of business (LOB) applications.
Assess the implications of an upgrade for network services. Considerations include RAS, networking protocols, DHCP, LAN Manager Replication, WINS, NetBIOS, and third-party DNS.
Assess security implications. Considerations include physical security, certificate services, SID history, and evaluating post-migration security risks
Identify upgrade paths. Considerations include O/S version and service packs
Develop a recovery plan. Considerations include Security Account Manger, WINS, DHCP, and DNS
Upgrade the PDC, the BDCs, the application servers, and the RAS servers
Implement system policies as Group Policies
Implement replication bridges as necessary
Decide when to switch to
native modeIf necessary, develop a procedure for restructuring. Create a Windows 2000 target domain, if necessary
Create trusts as necessary Create OUs Create sites Reapply account policies
and user rights in the Windows 2000 Group Policy
Plan for migration Migrate groups and users Migrate local groups and
computer accounts
Verify the functionality of Exchange. Considerations include service accounts and mailboxes
Map mailboxes Test the deployment Implement disaster recovery plans
Have a plan to restore to a pre-migration environment
Perform post-migration tasks
Redefine DACLS Back up source domains Decommission source
domains and redeploy domain controllers
Other Other Other
http://allcomputers.us/windows_server/migrating-from-windows-server-20032008-to-windows-server-2008-r2---beginning-the-migration-process.aspx
Any migration procedure should define the reasons for migration, steps involved, fallback precautions, and other important factors that can influence the migration process. After finalizing these items, the migration can begin.
Identifying Migration Objectives
Two underlying philosophies influence technology upgrades, each philosophy working against the other. The first is the expression “If it ain’t broke, don’t fix it.” Obviously, if an organization has a functional, easy-to-use, and well-designed Windows Server 2003/2008 infrastructure, popping in that Windows Server 2008 R2 DVD and upgrading might not be so appealing. The second philosophy is something along the lines of “Those who fail to upgrade their technologies perish.” Eventually, all technologies become outdated and unsupported.
Choosing a pragmatic middle ground between these two philosophies effectively depends on the factors that drive an organization to upgrade. If the organization has critical business needs that can be satisfied by an upgrade, such an upgrade might be a good idea. If, however, no critical need exists, it might be wise to wait until the next iteration of Windows or a future service pack for Windows Server 2008 R2.
Establishing Migration Project Phases
After the decision is made to upgrade, a detailed plan of the resources, timeline, scope, and objectives of the project should be outlined. Part of any migration plan requires establishing either an ad-hoc project plan or a professionally drawn-up project plan. The migration plan assists the project managers of the migration project to accomplish the planned objectives in a timely manner with the correct application of resources.
The following is a condensed description of the standard phases for a migration project:
Discovery— The first portion of a design project should be a discovery, or fact-finding, portion. This section focuses on the analysis of the current environment and documentation of the analysis results. Current network diagrams, server locations, wide area network (WAN) throughputs, server application dependencies, and all other networking components should be detailed as part of the Discovery phase.
Design— The Design portion of a project is straightforward. All key components of the actual migration plan should be documented, and key data from the Discovery phase should be used to draw up design and migration documents. The project plan itself would normally be drafted during this phase. Because Windows Server 2008 R2 Active Directory is not dramatically different from Windows Server 2003 or 2008, significant reengineering of an existing Active Directory environment is not necessary. However, other issues such as server placement, new feature utilization, and changes in AD DS replication models should be outlined.
Prototype— The Prototype phase of a project involves the essential lab work to test the design assumptions made during the Design phase. The ideal prototype would involve a mock production environment that is migrated from Windows Server 2003/2008 to Windows Server 2008 R2. For Active Directory, this means creating a production domain controller (DC) and then isolating it in the lab and seizing the Flexible Single Master Operations (FSMO) roles with a server in the lab. The Active Directory migration can then be performed without affecting the production environment. Step-by-step procedures for the migration can also be outlined and produced as deliverables for this phase.
Pilot— The Pilot phase, or Proof-of-Concept phase, involves a production “test” of the migration steps, on a limited scale. For example, a noncritical server could be upgraded to Windows Server 2008 R2 in advance of the migration of all other critical network servers.
In a slow, phased migration, the Pilot phase would essentially transition into Implementation, as upgrades are performed slowly, one by one.
Implementation— The Implementation portion of the project is the full-blown migration of network functionality or upgrades to the operating system. As previously mentioned, this process can be performed quickly or slowly over time, depending on an organization’s needs. It is, subsequently, important to make the timeline decisions in the Design phase and incorporate them into the project plan.
Training and support— Learning the ins and outs of the new functionality that Windows Server 2008 R2 can bring to an environment is essential in realizing the increased productivity and reduced administration that the OS can bring to the environment. Consequently, it is important to include a Training portion into a migration project so that the design objectives can be fully realized.
Comparing the In-Place Upgrade Versus New Hardware Migration Methods
Due to the changes in Windows Server 2008 R2, the in-place upgrade path is limited to servers using the 64-bit version of Windows Server 2003 and Windows Server 2008. Depending on the type of hardware currently in use in a Windows Server 2003/2008 network, this type of migration strategy might be an option. Often, however, it is more appealing to simply introduce newer systems into an existing environment and retire the current servers from production. This technique normally has less impact on current environments and can also support fallback more easily.
Note
Because Windows Server 2008 R2 is a 64-bit only operating system, upgrades from 32-bit versions of older operating systems are not supported. Upgrades from Windows 2000 Server are also not supported.
Determining which migration strategy to use depends on one additional factor: the condition of the current hardware environment. If Windows Server 2003/2008 is taxing the limitations of the hardware in use, it might be preferable to introduce new servers into an environment and simply retire the old Windows Server 2003/2008 servers. This is particularly true if the existing servers are veterans of previous upgrades, maybe transitioning from Windows 2000 Server to Windows Server 2003 to Windows Server 2008. If, however, the hardware in use for Windows Server 2003/2008 is newer and more robust, and could conceivably last for another two to three years, it might be easier to simply perform in-place upgrades of the systems in an environment.
In most cases, organizations take a hybrid approach to migration. Older hardware, 32-bit systems, or Windows Server 2003 domain controllers are replaced by new hardware running Windows Server 2008 R2. Newer Windows Server 2008 64-bit systems are instead upgraded in place to Windows Server 2008 R2. Consequently, auditing all systems to be migrated and determining which ones will be upgraded and which ones will be retired are important steps in the migration process.
Identifying Migration Strategies: “Big Bang” Versus Phased Coexistence
As with most technology implementations, there are essentially two approaches in regard to deployment: a quick “Big Bang” approach or a slower phased coexistence approach. The Big Bang option involves the entire Windows Server 2003/2008 infrastructure being quickly replaced, often over the course of a weekend, with the new Windows Server 2008 R2 environment; whereas the phased approach involves a slow, server-by-server replacement of Windows Server 2003/2008.
Each approach has its particular advantages and disadvantages, and key factors to Windows Server 2008 R2 should be taken into account before a decision is made. Few Windows Server 2008 R2 components require a redesign of current Windows Server 2003/2008 design elements. Because the arguments for the Big Bang approach largely revolve around not maintaining two conflicting systems for long periods of time, the similarities between Windows Server 2003/2008 and Windows Server 2008 R2 make many of these arguments moot. Windows Server 2008 R2 domain controllers can easily coexist with Windows Server 2003/2008 domain controllers. With this point in mind, it is more likely that most organizations will choose to ease into Windows Server 2008 R2, opting for the phased coexistence approach to the upgrade. Because Windows Server 2008 R2 readily fits into a Windows Server 2003/2008 environment, and vice versa, this option is easily supported.
Exploring Migration Options
As previously mentioned, the Windows Server 2008 R2 and Windows Server 2003/2008 Active Directory domain controllers coexist together very well. The added advantage to this fact is that there is greater flexibility for different migration options. Unlike migrations from NT 4.0 or non-Microsoft environments such as Novell NDS/eDirectory, the migration path between these two systems is not rigid, and different approaches can be used successfully to achieve the final objectives desired.
In this article, three Windows Server 2008 R2 migration scenarios are explored:
Big Bang migration— This scenario upgrades all domain controllers in a short span of time. This is typically suitable only for single domain and small organizations.
Phased migration— This scenario takes a phased coexistence approach and upgrades the domain controllers in phases over an extended period of time. During this time, there is coexistence between the existing versions of Active Directory and the new Windows Server 2008 R2 Active Directory Domain Services. This is typically the approach used when there are multiple domains or for large organizations.
Multiple domain consolidation migration— A variation on the phased upgrade, the multiple domain consolidation migrates the existing domains to a new Windows Server 2008 R2 Active Directory domain. This is the typical approach when there are problems with the existing domains, too many domains, or when merging organizations.
http://social.technet.microsoft.com/Forums/en/winserverMigration/thread/5b0319a2-e901-4763-8b46-4350cb2ad75d
Blog for AD migration from 2k3 to 2k8
http://msmvps.com/blogs/mweber/archive/2010/02/10/upgrading-an-active-directory-domain-from-windows-server-2003-to-windows-server-2008-or-windows-server-2008-r2.aspx
http://support.microsoft.com/kb/816043/en-us
Domain Controller time article
http://technet.microsoft.com/en-us/events/ee335985.aspx
Demos and articles migrating AD domains
http://social.technet.microsoft.com/forums/en-US/winserverMigration/threads
Migration forums
http://www.sivarajan.com/admt.html
Migration expert
http://searchwindowsserver.techtarget.com/answer/Active-Directory-migration-planning-checklist
Migration check list
You will have to cover at least the following: Collect diagrams configuration of current DNS Collect diagrams and configuration of current network structure -- include bandwidth, remote locations and stability Collect listings of all servers and their criticality Collect listing of workstations that will be affected Understand how all of the servers and workstations interrelate
Collect information on the security policies or the requirements if you have to create a security policy Determine the type of migration (post restructure, pre-restructure, pristine build or upgrade) Determine the rights, objects and policies that will need to be migrated. Determine the fall back procedures in case of failure This involved procedures for servers, backups, secondary systems, etc.Then you start the development the plans:
User education and notification plan (this gets missed so often) IT training plan DNS structure and implementation plan (must be completed first) AD installation and implementation/migration plan Must include fallback plan Must have interim operations plans (how to support) Must have interim functionality plan (how replication, WINS, DNS and logins will be working) Installation of AD Installation/upgrade of servers Trusts required and how to install Sites that will be installed Hardware requiredHere is the post-AD installation planning:
Must include cleanup of old accounts, groups, ACLS, etc. Retirement of old systems Retirement of old domains Move to NATIVE mode Upgrading other servers (applications, Web systems, etc.) Support plan for the migration and post migrationHere is the group policy planning:
Development of group policy for user accounts, passwords, security GP for event logs, desktops, etc. Who has access to modify group policyHere is the operations planning:
Who will be administrating the AD and each piece of the AD Help desk functions IT server administration functions
Well, that is my quick list. There is more of course, and the list is a little dynamic based on the type of migration that occurs.