Most users of Microsoft operating systems such as Windows 95/98 and Windows NT Version 4 are aware that something called Windows 2000 was released early this spring. Many casual users are inclined to think based on its ambiguous name that Windows 2000 is just the latest upgrade to the Windows 95 family. But in fact, it's the latest release of NT (Windows NT Version 5, if you will), and represents a new level of functionality and complexity over its predecessors.
Personal Workstations
Windows NT Workstation has been renamed "Windows 2000 Professional," and the good news is that there are few significant differences which are visible to the user. The interface is the same one we've gotten used to with NT4, and most things are in their familiar places, though sometimes with new names or vice versa. As an example, the "Administrative Tools" menu is now to be found in the Control Panel, though it can be added to the Programs menu if desired. Users will also encounter differences in the way network settings are configured, and the way dialup modem connections are set up. But these changes are mostly cosmetic in nature, and aren't conceptually different from what has gone before. If you're the manager of an existing NT4 domain, you can upgrade your users from NT4 Workstation to Windows 2000 Pro, secure in the knowledge that they will still be in familiar territory. And Windows 2000 workstations drop without protest into NT4 domains (I ran my own 2000 Pro workstation in an NT4 domain for over five months).
An NT4 workstation can be upgraded to Windows 2000 Pro, but you might want to seriously consider a full reinstallation. I did so with my own workstations, and I'm glad I did, in spite of the nuisance of application software reinstallation. Microsoft has done a good job of making the upgrade process as smooth as possible, but you're still likely to be better off leaving all traces of the NT4 installation behind and starting afresh. And check in advance to make sure that your hardware and software is supported under Windows 2000. In my own case, an old ISA Qlogic SCSI-1 card was the only unsupported hardware device, and I had no trouble at all with any of my software. But check Microsoft's website and the software/hardware vendors' websites first. You don't want to find out in the middle of an operating system installation that one of your devices doesn't work any more.
Servers, Domain Controllers and the Active Directory
Okay, so much for Windows 2000 Pro. Going to Windows 2000 Server must be just as straightforward, right?
Wrong. The basis for a Windows 2000 domain is qualitatively different from that of NT4, and should be approached carefully by any NT4 domain administrators. Be warned that this is not a casual upgrade.
Under NT4, information about users in the domain was held in the Security Accounts Manager (SAM) database. The master copy of the SAM database was kept on the Primary Domain Controller (PDC), and copied to the domain's Backup Domain Controllers (BDC) at BDC setup time. Afterward, changes to the SAM were replicated among the various domain controllers at predetermined intervals. Functionally, the size of the SAM database was limited to about 45,000 users.
Windows 2000 takes another approach entirely. Information on all objects in the domain (not just users) is stored in the Active Directory, and replicated among all domain controllers as quickly as your network can pass the packets. (Note that I said "domain controllers," not primary or backup domain controllers. There is no hierarchy of domain controllers under Windows 2000; all DCs are created equal.) This distributed database is dynamically maintained using the LDAP (Lightweight Directory Access Protocol) protocol.
Obviously, the Active Directory is central to the proper functioning of a Windows 2000 domain. And underpinning the Active Directory is something new to the NT world: integrated DNS (Domain Name Service). DNS has been around for ages, of course, and since TCP/IP has always been a part of NT, many readers will now be shaking their heads and muttering "so what else is new?" What's new is the integrated part of integrated DNS.
In the past, Windows NT has relied upon NBT (NetBIOS over TCP/IP) naming conventions for locating objects within a domain. Thus, a machine might be named DIANA or MANAGER, a legacy from the days when the NetBEUI protocol was the only way PCs communicated over LANs. As Windows evolved, an IP address could be associated with these single-level machine names using LMHOSTS files or the slightly more sophisticated WINS service, but the model was still the same: A single-level NBT-style machine name matched with a network address.
One of the many drawbacks of this system was that NBT provided only a flat namespace; that is, a list of one-word machine names that could not easily be differentiated from each other. Nor was there necessarily any correlation between a machine's NBT name and its TCP/IP name.
Windows 2000 has finally eliminated this clumsiness by replacing the old NBT naming conventions with the DNS-based FQDNs (Fully-Qualified Domain Names) that the rest of the TCP/IP world uses. Both domains and machines are now associated with FQDN qualifying extensions. A Windows 2000 domain, for example, might be WIN.PSU.EDU, and one of its machines HESTIA.WIN.PSU.EDU. As you can see, the TCP/IP name and the Windows 2000 name for the machine are now one and the same. WINS and NetBEUI are still available in Windows 2000, but they're there solely for compatibility with downlevel NT4 domains. Windows 2000's native addressing model is now DNS. (Unix fans will be muttering "And about time, too." They're right.)
This brief overview of Windows 2000's DNS-based domain structure (and believe me, it is brief and superficial) has been to demonstrate the great importance of DNS to the Windows 2000 domain. And in order to keep your domain's DNS in good order, any Windows 2000 DC now has the ability to be a DNS server.
This server may be authoritative for its own domain, or it may get its information from another outside DNS server (which doesn't have to be a Windows 2000 DNS server). It can use the traditional database files for its DNS information, or it can use Active Directory-Integrated DNS, which will make changes to the database dynamically, within the security constraints imposed by the domain (though it is not meant to update non-Microsoft DNS servers, and must not be configured to try and do so). The permutations are many and subtle, and if they don't work properly, neither will the Active Directory. And as the Active Directory goes, so goes the domain.
The bottom line is that if you don't have a thorough understanding of how DNS works now, you need to get one before attempting to put together a production Windows 2000 domain. Unlike the NT4 world, a casual understanding of TCP is not going to be sufficient this time. Think of a Windows 2000 domain as an inverted pyramid, with users, files, machines, and all the other components of the domain balancing on the sharp point of Active Directory and DNS. To support its load, that point needs to be made as strong as it can possibly be.
General New Stuff
Administration of a Windows 2000 domain is now done mostly through Microsoft Management Consoles (MMCs) rather than menu items or Control Panel applets. MMCs look much like Explorer file-navigation windows, and in fact have a similar operational mode and "feel." They take some getting used to, but once you get the hang of them, they really are a better way of doing things.
Backups
Those who are doing backups on their NT4 domains may (or may not) have an unpleasant surprise in store for them. Windows 2000's NTBACKUP utility has been completely revamped. It's now media-pool oriented, rather than device oriented, as NT4 was, using a new service called Removable Storage Management. And of course, the syntax of NTBACKUP's command line has changed radically, so any existing script files that you're using for scheduled NT4 backups will no longer work. The new backup utility is aimed primarily at large domains, with large-scale and demanding backup needs, and these it addresses well. But administrators of smaller domains may well find it overcomplex, confusing, and far too large a cannon for their modest target. In passing, it might be noted that the same NTBACKUP and RSM found in Windows 2000 Server is also part of Windows 2000 Pro. In my opinion, this is a mistake, for most workstation users are likely to be unhappy with the complexity of this new backup paradigm, and have little need for its elaborate feature set. A simplified version for Windows 2000 Pro would seem advisable. Anyone listening at Microsoft?
Server Types
Windows 2000 Server now comes in three delicious flavors: Server, Advanced Server, and the new DataCenter. A Server may be a fileserver, a domain controller, or both. An Advanced Server can also fill these roles, but has the additional capability to be made part of a two-node cluster. A Windows cluster, for the uninitiated, is a group of two or more machines (nodes) with a common IP address, providing a common filespace or service to the network. Should one of the nodes go down or be taken offline, the cluster resources will remain transparently available to users.
New to both Windows clustering and to the Server lineup is the DataCenter cluster. This option allows clustering of up to four nodes, though hardware requirements are much more stringent.
And of course, the cost of each version of Windows 2000 Server increases with its greater capabilities.
Hardware Requirements
Will you need to upgrade your existing hardware base in order to have a Windows 2000 domain? It depends. I've successfully made a Windows 2000 domain controller of a 200MHz Pentium with 128M of memory and a 4G SCSI system disk. It ran acceptably well, but the processor tended to work very hard when Active Directory-intensive operations like adding large numbers of users in batch were going on. Under Windows 2000, with its distributed Active Directory, hardware requirements for DCs tend to increase with the number of objects in the domain.
My own experience has been that Windows 2000 Pro is quite comfortable on a properly-configured Pentium 200 machine with at least 128M RAM and a fast system disk of at least 2G. And for DCs, I've found that at least a 333MHz Pentium II and 256M RAM with a 4G system disk is a good minimum. But special needs (like running processor or memory-demanding CAD applications, for example) obviously could alter the workstation requirements upward, and a very large domain with a busy Active Directory might want more robust servers.
And in conclusion . . .
As you will have gathered from this very brief and incomplete overview, the transition from an NT4 domain to a Windows 2000 domain is not a small one. An incautious domain administrator who breezes into the office some Sunday afternoon expecting to upgrade the domain from NT4 to Windows 2000 for the start of Monday's work day is going to be very much sadder and wiser by the end of the week. All system upgrades are traumatic to one degree or another, but rest assured, the change from NT4 to Windows 2000 is a larger jump than most NT domain administrators are accustomed to making. Be prepared. Be very prepared!
For more information, see the useful resources section at the top of this page.