[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

Add 2000 server to NT Domain

Posted on 2002-04-04
10
Medium Priority
?
218 Views
Last Modified: 2012-05-04
I have a network with about 10 win98 workstations and one NT PDC.
Just as a test I created a new win2k server (I built it at another location on another network) made it the DC and used the same domain name.
When I plug it into my network it steals the authentication authority and my win98 machines want to authenticate with it. It does not have the users yet so that is a problem.

Is their a way I can run dcpromo again and tell it take over from my existing pdc and demote it to a bdc and import the usernames from the old server?

0
Comment
Question by:davidpm
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 4
10 Comments
 
LVL 25

Expert Comment

by:dew_associates
ID: 6920255
Before connecting the new server, you should have enabled the Windows NT 4.0 domain controller emulation to prevent overwhelming of the new domain controller when the Windows NT 4.0 account domain provides authentication predominantly to:

·Computers running Windows 98/ME/2000 Professional

Note: Windows NT 4.0 domain controller emulation is only supported on Windows 2000 servers running service pack 2.

Any computers running Windows 98/ME/2000 will detect the new Windows 2000 domain controller and only authenticate by using the new domain controller, ignoring any existing Windows NT 4.0 BDCs.

By enabling Windows NT 4.0 domain controller emulation, you force the new domain controller to advertise as a Windows NT 4.0 domain controller. The Windows 98/ME/2000 workstations and member servers will then use all domain controllers for authentication.

To enable Windows NT 4.0 domain controller emulation on the first regional domain controller in your environment
To enable Windows NT 4.0 domain controller emulation:
1. Configure domain_controller (were domain_controller is the name of the domain controller) to emulate a Windows NT 4.0 domain controller by making the following registry entry:

HKLM/System/CCS/Services/Netlogon/Parameters/NT4Emulator = 0x1 (REG_DWORD)

Leave Windows NT 4.0 emulation enabled on all Windows 2000 domain controllers until all authentication traffic has occurred, then disable the Windows NT 4.0 emulation.

2. If you intend to use a Windows 2000 Professional machine to administer the 2000 server, then configure the win2kp_desktop (were win2kp_desktop is the name of a computer running Windows 2000 Professional) that administers the Windows 2000 domain controller to bypass Windows NT 4.0 emulation by making the following registry entry:

HKLM/System/CCS/Services/Netlogon/Parameters/NeutralizeNT4Emulator = 0x1 (REG_DWORD)

Note: There is no need to configure this registry key value on the Windows 2000 domain controller because the domain controllers always behave as if they are configured with this key.

Now migrate your users as necessary.
0
 
LVL 25

Accepted Solution

by:
dew_associates earned 400 total points
ID: 6920256
Before connecting the new server, you should have enabled the Windows NT 4.0 domain controller emulation to prevent overwhelming of the new domain controller when the Windows NT 4.0 account domain provides authentication predominantly to:

·Computers running Windows 98/ME/2000 Professional

Note: Windows NT 4.0 domain controller emulation is only supported on Windows 2000 servers running service pack 2.

Any computers running Windows 98/ME/2000 will detect the new Windows 2000 domain controller and only authenticate by using the new domain controller, ignoring any existing Windows NT 4.0 BDCs.

By enabling Windows NT 4.0 domain controller emulation, you force the new domain controller to advertise as a Windows NT 4.0 domain controller. The Windows 98/ME/2000 workstations and member servers will then use all domain controllers for authentication.

To enable Windows NT 4.0 domain controller emulation on the first regional domain controller in your environment
To enable Windows NT 4.0 domain controller emulation:
1. Configure domain_controller (were domain_controller is the name of the domain controller) to emulate a Windows NT 4.0 domain controller by making the following registry entry:

HKLM/System/CCS/Services/Netlogon/Parameters/NT4Emulator = 0x1 (REG_DWORD)

Leave Windows NT 4.0 emulation enabled on all Windows 2000 domain controllers until all authentication traffic has occurred, then disable the Windows NT 4.0 emulation.

2. If you intend to use a Windows 2000 Professional machine to administer the 2000 server, then configure the win2kp_desktop (were win2kp_desktop is the name of a computer running Windows 2000 Professional) that administers the Windows 2000 domain controller to bypass Windows NT 4.0 emulation by making the following registry entry:

HKLM/System/CCS/Services/Netlogon/Parameters/NeutralizeNT4Emulator = 0x1 (REG_DWORD)

Note: There is no need to configure this registry key value on the Windows 2000 domain controller because the domain controllers always behave as if they are configured with this key.

Now migrate your users as necessary.
0
 
LVL 25

Expert Comment

by:dew_associates
ID: 6920258
Sorry for the double post. Either the server gives me a -10 error and everything I post is lost, or it posts it twice. Sometimes you just can't win.
0
Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 

Author Comment

by:davidpm
ID: 6922823
Thanks for the reg key clue. I am still not sure of what to do first however. My nt machine is a PDC. My 2000 computer is a DC. The way I understand it is that the current NT PDC has to be demoted to BDC before I can introduce the 2000 box.

So how do I introduce the 2000 box.

Your comment
Note: there is no need to cinfigure this reistry key balue on the 200 dc because the domain controllers always behave as if they are configured with this key."

Leads me to believe that this key is not what I'm looking for becase my 2000 box is a DC

How do I introduce a new 2000 DC to a NT network serviced with one PDC?
What am I missing?
0
 
LVL 25

Expert Comment

by:dew_associates
ID: 6922919
If you bring the 2000 box into the domain, the NT box should automatically demote to a BDC. Now, if there is a problem because of a configuration during setup, with the 2000 box on line, run dcpromo on the NT box and demote manually.
0
 

Author Comment

by:davidpm
ID: 6923226
Thanks. I'm asking so many questions because I do not want to mess it up.

If my 2000 box was installed while it was disconnected to the nt domain but the domain name chosen was the same, what happens when I plug it into the NT domain. How do I get it to snag all the NT user accounts?

If I setup the 2000 box as a member server and plug it into the NT domain and then run dcpromo and make it a dc will it grab my user account info from the NT PDC and demote the PDC to a bdc?

You said to run dcpromo on the NT box. I thought that dcpromo was a 2000 utility. Can I run the dcpromo I find on the 2000 box on the NT box?
0
 
LVL 25

Expert Comment

by:dew_associates
ID: 6923474
Before you go too much further, read Q238369 in the MSKB as well as this:

http://www.microsoft.com/ntserver/nts/deployment/migration/nt4tont5/1_Introduction.asp
0
 

Author Comment

by:davidpm
ID: 6923879
the nt4to5 doc was not available. I'll try later.
I read q238369

I guess I've got most of the pieces except how to get the win2k box to grab the sam from the nt box so I do not have to redo the usernames etc. I know the 2000 box can not be a bdc which if it could would solve the problem.
I also know that you can not have a nt pdc and a 2000 dc on the same domain.
So that is where I'm stuck.
The docs all talk about upgrading the nt box.
I want plug in the 2000 box grab the useraccounts.
then I can copy over the data and retire the nt box.
Dosn't sound like it should be hard but so far I have not seen any info on this senario.

0
 

Author Comment

by:davidpm
ID: 6923914
I appreciate your efforts. I did the research as you sugested and found the following two articles:
http://www.experts-exchange.com/questions/Q.20155901.html
http://www.experts-exchange.com/questions/Q.20149209.html

The short answer that that what I want to do (import the sam from a NT box to a 2000 box) is not possible.
I could introduce a third box.

Take box 3 start it as an NT bdc
Take it off line and promote to PDC
Upgrade it to win2k
Connect my real new 2000 server and run dcpromo
take box three home
retire orginal NT Box
Start using New win2k box

I know I left out a couple of details like what has to be turned on and what has to be turned off at what time so there will be not conflicts.

Thanks for your help.














0
 
LVL 25

Expert Comment

by:dew_associates
ID: 6924355
You're quite welcome Dave!
0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
What monsters are hiding in your child's room? In this article I will share with you a tech horror story that could happen to anyone, along with some tips on how you can prevent it from happening to you.
This course is ideal for IT System Administrators working with VMware vSphere and its associated products in their company infrastructure. This course teaches you how to install and maintain this virtualization technology to store data, prevent vuln…
This lesson discusses how to use a Mainform + Subforms in Microsoft Access to find and enter data for payments on orders. The sample data comes from a custom shop that builds and sells movable storage structures that are delivered to your property. …

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question