joecunningham
asked on
NT 4.0 domain emulation
Can anyone tell me if you can emulate an NT4.0 domain on a Windows 2000/3 server without migrating to Active Directory fully. We are intending to migrate to AD, but not before Microsoft stop supporting security fixes for NT4.0 Server.
Thanks!
Thanks!
You sure can. Back at my previous job, we had a mix of Windows NT 4.0 Servers and Windows 2000 Servers. We ran a traditional NT domain setup. We had multiple domains tied together over a WAN and this worked fine. Just like you, we were planning to move to Active Directory but weren't ready to make the jump yet (we had Netware as well, so that complicated things greatly).
I assume you are adding Windows 2000 servers to an existing NT 4.0 domain? If so, it should work just fine. You can even create a new domain with Windows 2000. Just don't convert it to "Native mode" as that will lock out NT 4.0. The default mode will allow you to connect and interoperate just fine.
Jeff
I assume you are adding Windows 2000 servers to an existing NT 4.0 domain? If so, it should work just fine. You can even create a new domain with Windows 2000. Just don't convert it to "Native mode" as that will lock out NT 4.0. The default mode will allow you to connect and interoperate just fine.
Jeff
Sorry I should have been a little clearer about that.
You can have Windows 2000 / 2003 Member Servers on the NT Domain, just not Domain Controllers.
As Jeff says you can upgrade the Primary Domain Controller to AD, but this is what you wanted to avoid.
In addition to that you can set up trusts between an NT Domain and a 2000 / 2003 Domain, which would allow use of the ADMT once you're ready to move after adequate testing time.
ASKER
Hi there
Thanks for the responses.
In short, I suppose I what I am trying to say is: can I have the equivalent of an NT4.0 domain running on a Windows 2000/3 server but not running AD, i.e. no NT4.0 servers available on the domain.
We do have W2K/3 servers attached to an NT4.0 domain, which has a number of Trusts with other NT4.0 domains around our business but we want remove all NT4.0 servers from ever growing list of servers, but with migrating fully to AD yet.
Does that make sense???
Thanks for the responses.
In short, I suppose I what I am trying to say is: can I have the equivalent of an NT4.0 domain running on a Windows 2000/3 server but not running AD, i.e. no NT4.0 servers available on the domain.
We do have W2K/3 servers attached to an NT4.0 domain, which has a number of Trusts with other NT4.0 domains around our business but we want remove all NT4.0 servers from ever growing list of servers, but with migrating fully to AD yet.
Does that make sense???
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Understanding appears to be off here. Mixed Mode is a COMPATIBILITY Mode for Active Directory. If you are running in Mixed mode, you can have existing NT4 BDCs, but you ARE running Active Directory. You MUST use AD Users and Computers, you have the ability to use Group Policies, Domain Based DFSs, and ALMOST all the other features of Active Directory. You can CHOOSE not to, but you ARE running Active Directory. And once you have the PDC running 2000 in Active Directory (Mixed Mode or Native Mode) you CANNOT add other NT4 BDCs.
<in response to leew>
I'm trying to think back to how we did this before. I know we had Windows 2000 servers running as members of a domain, but I am not sure if we had them running as domain controllers. I thought we did though.
So if you had an NT 4.0 remaining as the PDC, you can have Windows 2000 DCs as well right? Or does that then require AD? Maybe I only had Windows 2000 servers as members....
I wish I had a few spare machines to test this out!
I'm trying to think back to how we did this before. I know we had Windows 2000 servers running as members of a domain, but I am not sure if we had them running as domain controllers. I thought we did though.
So if you had an NT 4.0 remaining as the PDC, you can have Windows 2000 DCs as well right? Or does that then require AD? Maybe I only had Windows 2000 servers as members....
I wish I had a few spare machines to test this out!
A windows NT domain (Where the PDC is running on an NT4 box) can have Windows 2000 and 2003 MEMBER SERVERS. NONE of the 200x systems can be domain controllers AND be a member of the same domain
A domain where the NT4 PDC has been upgraded to 2000 becomes an Active Directory domain in Mixed Mode. In mixed mode, remaining NT4 BDCs can perform authentication, but can NEVER become PDCs. In addition you can NO LONGER ADD NT4 BDCs to the network (or so I've experienced - the MS link below seems to suggest in mixed mode it's possible, but I've never heard of anyone being able to)..
A domain where the NT4 PDC has been upgraded to 2000 AND you have switched to Native Mode will not communicate with NT4 PDCs for user authentication/directory purposes (I'm not sure if they'll be able to communicate AT ALL with the rest of the domain). You may STILL have NT4 servers as long as they are not DCs as well as NT4 clients.
For Mixed Mode and Native Mode info, have a look at:
http://www.win2000mag.com/Articles/Print.cfm?Action=Print&ArticleID=7156
See also:
http://support.microsoft.com/kb/186153/EN-US/
http://techrepublic.com.com/5100-6228_11-5387258-1.html
A domain where the NT4 PDC has been upgraded to 2000 becomes an Active Directory domain in Mixed Mode. In mixed mode, remaining NT4 BDCs can perform authentication, but can NEVER become PDCs. In addition you can NO LONGER ADD NT4 BDCs to the network (or so I've experienced - the MS link below seems to suggest in mixed mode it's possible, but I've never heard of anyone being able to)..
A domain where the NT4 PDC has been upgraded to 2000 AND you have switched to Native Mode will not communicate with NT4 PDCs for user authentication/directory purposes (I'm not sure if they'll be able to communicate AT ALL with the rest of the domain). You may STILL have NT4 servers as long as they are not DCs as well as NT4 clients.
For Mixed Mode and Native Mode info, have a look at:
http://www.win2000mag.com/Articles/Print.cfm?Action=Print&ArticleID=7156
See also:
http://support.microsoft.com/kb/186153/EN-US/
http://techrepublic.com.com/5100-6228_11-5387258-1.html
> In short, I suppose I what I am trying to say is: can I have the equivalent of an NT4.0 domain running
> on a Windows 2000/3 server but not running AD, i.e. no NT4.0 servers available on the domain.
No, you can't have Windows 2000 pretending to be Windows NT and running a Windows NT Domain.
You can have Windows NT as Backup Domain Controllers for Windows 2000 / 2003, and you can have Windows 2000 / 2003 Member Servers in the domain.
Leew said it as well, but since you accepted the answer that says you can I feel it might need repeating.
Joe,
It sounds like I gave you some false information (not intentionally of course). You probably should post a request in the support forum to have this question opened again so you can accept an alternative answer. This is what I get for trying to answer a question from memory (it has been about 2.5 years since I was at my last job where we had a mix of NT 4.0 and 2k).
Sorry for the mixup!
Jeff
It sounds like I gave you some false information (not intentionally of course). You probably should post a request in the support forum to have this question opened again so you can accept an alternative answer. This is what I get for trying to answer a question from memory (it has been about 2.5 years since I was at my last job where we had a mix of NT 4.0 and 2k).
Sorry for the mixup!
Jeff
Afraid not. While Windows NT can be a backup Domain Controller for Windows 200x the other way around doesn't work.