Moving clients to an Active Directory environment: The pitfalls
Brien M Posey
Published: 17 Jul 2003 14:06 BST
I like Active Directory and use it within my own organisation. I recently wrote an article on all the advantages of implementing an Active Directory environment for your client's organisation. In the interest of fairness, I'll cover the disadvantages of moving to an Active Directory environment.
Cost
By far, the biggest reason for not recommending a switch to Active Directory is cost. If your client were to switch to an Active Directory environment, they'd have to incur the cost of the necessary Windows 2000 software licences. There are many other costs too. They may have to upgrade the hardware on their servers if it isn't already adequate for running Windows 2000. There's also the cost of paying the IT staff to work overtime to perform the upgrade. They may also have to pay a hefty sum for training their IT staff to work with Active Directory.
You must also take into account whether your client has a compelling reason to upgrade to Windows 2000 or Windows Server 2003. After all, if they're running Windows NT 4.0 and it's getting the job done, why would they want to jeopardise a functional network and spend thousands of dollars just to switch to the latest Microsoft network operating system?
Infrastructure
Before suggesting a jump into an Active Directory migration, also consider how Windows 2000 will work with your client's existing hardware and software. When Windows 2000 was initially released, it had lots of compatibility problems with older hardware and software. For example, when I upgraded my own network to Windows 2000, I discovered that my VoIP phone system would no longer work. Eventually, I had to get rid of the phone system because the company that made it refused to release a Windows 2000 patch, and I didn't want to waste my investment in Windows 2000 by downgrading. I also had problems with one of my scanners and the memory stick reader for my digital camera after upgrading to Windows 2000.
On a more serious note, the Cisco VPN 3000 concentrator did not work with Windows 2000 because the Cisco clients didn't support dynamic DNS, which Windows 2000 depends on. Many organisations ran into huge problems after upgrading to Windows 2000 because of this compatibility problem. Granted, Windows 2000 has been out for a few years and most of the compatibility issues have been resolved either by Microsoft or by the various hardware and software manufacturers.
If your clients are still running Windows NT Server, however, there's a good chance they're running other older hardware and software as well. I recommend taking a good look at the potential compatibility issues between their existing hardware and software and Windows 2000 before you even think about recommending an upgrade.
Complexity
Another reason for not recommending an upgrade to Active Directory involves the complexities associated with such an implementation. The Active Directory structure works nothing like the Windows NT domain structure. You and your clients will have to do a lot of planning for the upgrade.
For example, Windows 2000 relies solely on DNS for name resolution, while Windows NT relied primarily on WINS. Because of reliance on DNS, you'll have to set up a DNS server within your client's organisation. Unless one of their existing servers has enough free resources to also act as a DNS server, your client will need to buy an additional server and an additional copy of Windows 2000 Server just to run DNS.
Previous
Did you find this article useful?
64 out of 151 people found this useful
Digg
Slashdot
Del.ici.ous
Stumble
Reddit
