It would be great to get some expertise feedback on a problem which I have been tasked to help resolve..... Dont worry i wont be doing this myself. I will have colleagues and probably lots of external support to assist.
I work for a worldwide organisation where the HQ is based in the UK. Our environment is 4 offices with our servers hosted in an external UK data center where we have a total of 5 AD controllers, 3 on the internal network and 2 in a DMZ which is purely to support our exchange environment which is in the cloud plus 500+ servers hosting a variety of applications and services, majority of these services are presented via Citrix as end users have a mixture of desktop pcs, laptops and thin client technology.
All DCs are windows 2003 r2 apart from 1 DC which is on 2008 r2. All fsmo roles are on a 2003 server. The domain in the UK is the forest root domain. We have a single domain in single forest however there are many forest trusts to other domains to support our other countries. These are a mixture of external/forest and transititve and non transitive. The UK side also have other trusts with older legacy domains currently still in place to support legacy custom built applications, one being on Windows NT!!! And a Linux LDAP domain.
The problem I have been given is to retire our Linux ldap infrastructure which also currently does dns and dhcp at the local office level as well as at the data center. Also upgrade our active directory structure as well as having windows DNS and DHCP to replace the Linux equivalents. We do have Windows DNS servers, however these are forwarded to our main DNS servers which are hosted on Linux at the top of the internal DNS tree, DHCP is fully managed on Linux and we even have a WINS server to make it hugely complicated, so if the DNS servers cannot resolve, we still have WINS which will do name resolution. WINS should have purely been used for legacy applications but i see evidence of newer applications still having a reliance on it.
So where do I even begin to tackle this problem? Lol :-)
would i be worth tackling the upgrade of the existing 2003 AD environement first or tackling dns/dhcp at data center and office level first? We will be using 2008 R2..
In my opinion, you need to tackle DNS and DHCP first which should would relatively easy to do with your existing 2003 servers. You can of course enable WINS on 2008 R2, but I can't see the point to be honest. You may be just as well to make the NT4 side of things a WINS server so it can resolve against itself, along with a 2008 R2 box to resolve DNS requests. This in theory would remove the need to put WINS everywhere else.
Once you've migrated DNS and DHCP to Server 2003, you can then focus on migrating to 2008 R2. The only problem is there isn't a direct upgrade root other than wiping the server and starting again, or alternatively replacing the servers with newly installed 2008 R2. As it's such a big structure you may/may not also wish to throw in a 2012 Server DC in there somewhere to support Win 8 clients for example.
The first thing to do would be identify which hosts are using the linux DNS, DHCP, and LDAP services.
In parallel you would need to understand the configuration and the data being served by the linux hosted services.
Depending on the complexity/documentation you might even need to break out wireshark to develop the complete analysis.
You then need to make sure you understand the requirements of the hosts/business services being provided for by the existing infrastructure.
You can then plan the target configuration.
With the target configuration in mind you can then begin to plan how to get there.
Without doing all that, the following is just shooting from the hip:
As for the actual process of switching off linux and moving to Windows, you will probably start out at the branch offices with DHCP and DNS, and work your way back into the data centre in a 'spiral'. One recommendation I'd make is that your branch office DNS server should go direct to the DNS root servers for all requests that are not for domains hosted by your own DNS infrastructure.
Finally, it is my understanding that 2008 R2 AD cannot co-exist with NT4, so you may have to retire NT4 before you can make that jump. If your AD functional level is below 2003 (to support NT interop) then you can't even have 2008+ domain controllers which would probably mean you need to stick with 2003 DNS servers too. However if your functional level is 2003 or greater then 2008 R2 DCs are possible, and so it could make sense to build your new DHCP/DNS infrastructure with them.
Written quickly with minimal research.. so don't take any of the above as Gospel.