JconleyMCSE
asked on
Windows 2000 Domain Controllers
I am getting ready to upgrade our 4.0 network to 2000. We purchased a new server and installed 2000 Server on it. As I was configuring it to be a DC, I specified that I wanted it to be a member of our current 4.0 domain. I received the error message: Domain xyz is not an Active Directoy domain or an Active Direcory domain controller could not be found. This leads me to believe that I need to upgrade my PDC first. Is that correct or do I want to "create a domain"?
Thanks for your input!
Thanks for your input!
The recommended path is to upgrade your PDC first, then you can run dcpromo on a W2K member server, and it will install AD. Creating a new domain will mean setting up trusts with your NT 4 domain, so the upgrade should be much easier. Take your time to get the DNS structure right, because it causes pain if it's not correct.
ASKER
Thanks! That what I was thinking.
Any advise on how to set up that DNS structure?
Any advise on how to set up that DNS structure?
Going from NT to 2K is tricky. There are a whole lot of gotchas.
The best way is this:
a) Make sure your BDC is up to date and move it off-line so its available for fall-back in case anything goes wrong.
b) Install the Win2K Server (not a DC).
c) Upgrade the PDC NT to Win2K. This is the best way to take all your accounts, policies, etc, with you.
d) Promote the new server to a domain controller. Make SURE it replicated completely. Once when I did this I thought it had finished replicating but it hadn't and I junked my old server. Boy did I regret it. The problem was the time on the new server was off by 1 hour and the replication decided to wait until it was fixed. Always check the event logs to make sure everything is nice.
-- If you want to get a clean Win2K install only, you have to transfer some "roles" from the old PDC to the new Win2K DC before you can wipe the old PDC and install a clean Win2K on it.
Here are some links:
The best way is this:
a) Make sure your BDC is up to date and move it off-line so its available for fall-back in case anything goes wrong.
b) Install the Win2K Server (not a DC).
c) Upgrade the PDC NT to Win2K. This is the best way to take all your accounts, policies, etc, with you.
d) Promote the new server to a domain controller. Make SURE it replicated completely. Once when I did this I thought it had finished replicating but it hadn't and I junked my old server. Boy did I regret it. The problem was the time on the new server was off by 1 hour and the replication decided to wait until it was fixed. Always check the event logs to make sure everything is nice.
-- If you want to get a clean Win2K install only, you have to transfer some "roles" from the old PDC to the new Win2K DC before you can wipe the old PDC and install a clean Win2K on it.
Here are some links:
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
BTW: Here are some links to show the struggles I'VE faced in this tricky world.
This one is my post for a similar question, namely I was trying to move my domain controller from one hardware to another, so I asked for opinions on that. Some of the info may be useful.
https://www.experts-exchange.com/jsp/qManageQuestion.jsp?ta=win2k&qid=20139091
The second one is for dealing with the screwup of not waiting for the FULL replication and the subsecuent quest to FIX the screwed up domain :(
https://www.experts-exchange.com/jsp/qManageQuestion.jsp?ta=win2k&qid=20142349
Hope this helps.
Dave
This one is my post for a similar question, namely I was trying to move my domain controller from one hardware to another, so I asked for opinions on that. Some of the info may be useful.
https://www.experts-exchange.com/jsp/qManageQuestion.jsp?ta=win2k&qid=20139091
The second one is for dealing with the screwup of not waiting for the FULL replication and the subsecuent quest to FIX the screwed up domain :(
https://www.experts-exchange.com/jsp/qManageQuestion.jsp?ta=win2k&qid=20142349
Hope this helps.
Dave
Here is more info from MS on the problem we had when going through the same process. We did not remove the old DNS settings on the PDC before the upgrade, so when we upgraded the DNS name for the new forest and the DNS name on the machine did not match.
That is one of our top call generating issues- it is not documented in any of our printed deployment guides but is available in some online documentation. My personal opinion is that it was basically a slip up on the part of development team in the DC promotion section of the
product. Most of the time there is so many other errors in the domain when that machines name is disjointed it is hard to track down the cause. Network administrators from around the country have called to get that fixed, that script I sent you is not public so.... that would
have been the only way to get you up and running anyways without about 6 hours of workarounds.
Here are some articles that reference the issue- but it would have been difficult to find them without knowing the root cause.
Frequently Asked Questions About Windows 2000 DNS
[ntrelease]
ID: Q291382
Troubleshooting Common Active Directory Issues in Windows
2000[ntrelease]
ID: Q260371
That is one of our top call generating issues- it is not documented in any of our printed deployment guides but is available in some online documentation. My personal opinion is that it was basically a slip up on the part of development team in the DC promotion section of the
product. Most of the time there is so many other errors in the domain when that machines name is disjointed it is hard to track down the cause. Network administrators from around the country have called to get that fixed, that script I sent you is not public so.... that would
have been the only way to get you up and running anyways without about 6 hours of workarounds.
Here are some articles that reference the issue- but it would have been difficult to find them without knowing the root cause.
Frequently Asked Questions About Windows 2000 DNS
[ntrelease]
ID: Q291382
Troubleshooting Common Active Directory Issues in Windows
2000[ntrelease]
ID: Q260371
ASKER
Hey Dave, thanks for so much info.
My NT clients will still work as they always have right? I can't upgrade some of them due to software conflicts.
My NT clients will still work as they always have right? I can't upgrade some of them due to software conflicts.
In Win2K all domain controllers are primary in the sense that you can make changes to any of them and they keep each other in sync. Except for a few roles that are "primarily" homed to one or anther DC, all the DCs are equivalent. These roles are pretty esotheric. Things like changing the active directory schema, and things like that, so for all intents and purposes all DCs are equivalent.
If you are going to keep old NT clients, you want to make sure that one of your new Win2K domain controller behaves like a PDC. That is, you have to designate one of the DCs as a PDC.
Everything else should work ok I think. I've never seen anything indicate that stand-alone (non domain controller) servers or NT workstations needed to be upgraded.
Dave
If you are going to keep old NT clients, you want to make sure that one of your new Win2K domain controller behaves like a PDC. That is, you have to designate one of the DCs as a PDC.
Everything else should work ok I think. I've never seen anything indicate that stand-alone (non domain controller) servers or NT workstations needed to be upgraded.
Dave
ASKER
Thanks for the help! We have been a 2000 domain for a while now and the upgrade went smoothly!