• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 221
  • Last Modified:

Add 2000 server to NT Domain

I have a network with about 10 win98 workstations and one NT PDC.
Just as a test I created a new win2k server (I built it at another location on another network) made it the DC and used the same domain name.
When I plug it into my network it steals the authentication authority and my win98 machines want to authenticate with it. It does not have the users yet so that is a problem.

Is their a way I can run dcpromo again and tell it take over from my existing pdc and demote it to a bdc and import the usernames from the old server?

0
davidpm
Asked:
davidpm
  • 6
  • 4
1 Solution
 
dew_associatesCommented:
Before connecting the new server, you should have enabled the Windows NT 4.0 domain controller emulation to prevent overwhelming of the new domain controller when the Windows NT 4.0 account domain provides authentication predominantly to:

·Computers running Windows 98/ME/2000 Professional

Note: Windows NT 4.0 domain controller emulation is only supported on Windows 2000 servers running service pack 2.

Any computers running Windows 98/ME/2000 will detect the new Windows 2000 domain controller and only authenticate by using the new domain controller, ignoring any existing Windows NT 4.0 BDCs.

By enabling Windows NT 4.0 domain controller emulation, you force the new domain controller to advertise as a Windows NT 4.0 domain controller. The Windows 98/ME/2000 workstations and member servers will then use all domain controllers for authentication.

To enable Windows NT 4.0 domain controller emulation on the first regional domain controller in your environment
To enable Windows NT 4.0 domain controller emulation:
1. Configure domain_controller (were domain_controller is the name of the domain controller) to emulate a Windows NT 4.0 domain controller by making the following registry entry:

HKLM/System/CCS/Services/Netlogon/Parameters/NT4Emulator = 0x1 (REG_DWORD)

Leave Windows NT 4.0 emulation enabled on all Windows 2000 domain controllers until all authentication traffic has occurred, then disable the Windows NT 4.0 emulation.

2. If you intend to use a Windows 2000 Professional machine to administer the 2000 server, then configure the win2kp_desktop (were win2kp_desktop is the name of a computer running Windows 2000 Professional) that administers the Windows 2000 domain controller to bypass Windows NT 4.0 emulation by making the following registry entry:

HKLM/System/CCS/Services/Netlogon/Parameters/NeutralizeNT4Emulator = 0x1 (REG_DWORD)

Note: There is no need to configure this registry key value on the Windows 2000 domain controller because the domain controllers always behave as if they are configured with this key.

Now migrate your users as necessary.
0
 
dew_associatesCommented:
Before connecting the new server, you should have enabled the Windows NT 4.0 domain controller emulation to prevent overwhelming of the new domain controller when the Windows NT 4.0 account domain provides authentication predominantly to:

·Computers running Windows 98/ME/2000 Professional

Note: Windows NT 4.0 domain controller emulation is only supported on Windows 2000 servers running service pack 2.

Any computers running Windows 98/ME/2000 will detect the new Windows 2000 domain controller and only authenticate by using the new domain controller, ignoring any existing Windows NT 4.0 BDCs.

By enabling Windows NT 4.0 domain controller emulation, you force the new domain controller to advertise as a Windows NT 4.0 domain controller. The Windows 98/ME/2000 workstations and member servers will then use all domain controllers for authentication.

To enable Windows NT 4.0 domain controller emulation on the first regional domain controller in your environment
To enable Windows NT 4.0 domain controller emulation:
1. Configure domain_controller (were domain_controller is the name of the domain controller) to emulate a Windows NT 4.0 domain controller by making the following registry entry:

HKLM/System/CCS/Services/Netlogon/Parameters/NT4Emulator = 0x1 (REG_DWORD)

Leave Windows NT 4.0 emulation enabled on all Windows 2000 domain controllers until all authentication traffic has occurred, then disable the Windows NT 4.0 emulation.

2. If you intend to use a Windows 2000 Professional machine to administer the 2000 server, then configure the win2kp_desktop (were win2kp_desktop is the name of a computer running Windows 2000 Professional) that administers the Windows 2000 domain controller to bypass Windows NT 4.0 emulation by making the following registry entry:

HKLM/System/CCS/Services/Netlogon/Parameters/NeutralizeNT4Emulator = 0x1 (REG_DWORD)

Note: There is no need to configure this registry key value on the Windows 2000 domain controller because the domain controllers always behave as if they are configured with this key.

Now migrate your users as necessary.
0
 
dew_associatesCommented:
Sorry for the double post. Either the server gives me a -10 error and everything I post is lost, or it posts it twice. Sometimes you just can't win.
0
How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

 
davidpmAuthor Commented:
Thanks for the reg key clue. I am still not sure of what to do first however. My nt machine is a PDC. My 2000 computer is a DC. The way I understand it is that the current NT PDC has to be demoted to BDC before I can introduce the 2000 box.

So how do I introduce the 2000 box.

Your comment
Note: there is no need to cinfigure this reistry key balue on the 200 dc because the domain controllers always behave as if they are configured with this key."

Leads me to believe that this key is not what I'm looking for becase my 2000 box is a DC

How do I introduce a new 2000 DC to a NT network serviced with one PDC?
What am I missing?
0
 
dew_associatesCommented:
If you bring the 2000 box into the domain, the NT box should automatically demote to a BDC. Now, if there is a problem because of a configuration during setup, with the 2000 box on line, run dcpromo on the NT box and demote manually.
0
 
davidpmAuthor Commented:
Thanks. I'm asking so many questions because I do not want to mess it up.

If my 2000 box was installed while it was disconnected to the nt domain but the domain name chosen was the same, what happens when I plug it into the NT domain. How do I get it to snag all the NT user accounts?

If I setup the 2000 box as a member server and plug it into the NT domain and then run dcpromo and make it a dc will it grab my user account info from the NT PDC and demote the PDC to a bdc?

You said to run dcpromo on the NT box. I thought that dcpromo was a 2000 utility. Can I run the dcpromo I find on the 2000 box on the NT box?
0
 
dew_associatesCommented:
Before you go too much further, read Q238369 in the MSKB as well as this:

http://www.microsoft.com/ntserver/nts/deployment/migration/nt4tont5/1_Introduction.asp
0
 
davidpmAuthor Commented:
the nt4to5 doc was not available. I'll try later.
I read q238369

I guess I've got most of the pieces except how to get the win2k box to grab the sam from the nt box so I do not have to redo the usernames etc. I know the 2000 box can not be a bdc which if it could would solve the problem.
I also know that you can not have a nt pdc and a 2000 dc on the same domain.
So that is where I'm stuck.
The docs all talk about upgrading the nt box.
I want plug in the 2000 box grab the useraccounts.
then I can copy over the data and retire the nt box.
Dosn't sound like it should be hard but so far I have not seen any info on this senario.

0
 
davidpmAuthor Commented:
I appreciate your efforts. I did the research as you sugested and found the following two articles:
http://www.experts-exchange.com/questions/Q.20155901.html
http://www.experts-exchange.com/questions/Q.20149209.html

The short answer that that what I want to do (import the sam from a NT box to a 2000 box) is not possible.
I could introduce a third box.

Take box 3 start it as an NT bdc
Take it off line and promote to PDC
Upgrade it to win2k
Connect my real new 2000 server and run dcpromo
take box three home
retire orginal NT Box
Start using New win2k box

I know I left out a couple of details like what has to be turned on and what has to be turned off at what time so there will be not conflicts.

Thanks for your help.














0
 
dew_associatesCommented:
You're quite welcome Dave!
0

Featured Post

Vote for the Most Valuable Expert

It’s time to recognize experts that go above and beyond with helpful solutions and engagement on site. Choose from the top experts in the Hall of Fame or on the right rail of your favorite topic page. Look for the blue “Nominate” button on their profile to vote.

  • 6
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now