Solved

Add 2000 server to NT Domain

Posted on 2002-04-04
10
204 Views
Last Modified: 2012-05-04
I have a network with about 10 win98 workstations and one NT PDC.
Just as a test I created a new win2k server (I built it at another location on another network) made it the DC and used the same domain name.
When I plug it into my network it steals the authentication authority and my win98 machines want to authenticate with it. It does not have the users yet so that is a problem.

Is their a way I can run dcpromo again and tell it take over from my existing pdc and demote it to a bdc and import the usernames from the old server?

0
Comment
Question by:davidpm
  • 6
  • 4
10 Comments
 
LVL 25

Expert Comment

by:dew_associates
ID: 6920255
Before connecting the new server, you should have enabled the Windows NT 4.0 domain controller emulation to prevent overwhelming of the new domain controller when the Windows NT 4.0 account domain provides authentication predominantly to:

·Computers running Windows 98/ME/2000 Professional

Note: Windows NT 4.0 domain controller emulation is only supported on Windows 2000 servers running service pack 2.

Any computers running Windows 98/ME/2000 will detect the new Windows 2000 domain controller and only authenticate by using the new domain controller, ignoring any existing Windows NT 4.0 BDCs.

By enabling Windows NT 4.0 domain controller emulation, you force the new domain controller to advertise as a Windows NT 4.0 domain controller. The Windows 98/ME/2000 workstations and member servers will then use all domain controllers for authentication.

To enable Windows NT 4.0 domain controller emulation on the first regional domain controller in your environment
To enable Windows NT 4.0 domain controller emulation:
1. Configure domain_controller (were domain_controller is the name of the domain controller) to emulate a Windows NT 4.0 domain controller by making the following registry entry:

HKLM/System/CCS/Services/Netlogon/Parameters/NT4Emulator = 0x1 (REG_DWORD)

Leave Windows NT 4.0 emulation enabled on all Windows 2000 domain controllers until all authentication traffic has occurred, then disable the Windows NT 4.0 emulation.

2. If you intend to use a Windows 2000 Professional machine to administer the 2000 server, then configure the win2kp_desktop (were win2kp_desktop is the name of a computer running Windows 2000 Professional) that administers the Windows 2000 domain controller to bypass Windows NT 4.0 emulation by making the following registry entry:

HKLM/System/CCS/Services/Netlogon/Parameters/NeutralizeNT4Emulator = 0x1 (REG_DWORD)

Note: There is no need to configure this registry key value on the Windows 2000 domain controller because the domain controllers always behave as if they are configured with this key.

Now migrate your users as necessary.
0
 
LVL 25

Accepted Solution

by:
dew_associates earned 100 total points
ID: 6920256
Before connecting the new server, you should have enabled the Windows NT 4.0 domain controller emulation to prevent overwhelming of the new domain controller when the Windows NT 4.0 account domain provides authentication predominantly to:

·Computers running Windows 98/ME/2000 Professional

Note: Windows NT 4.0 domain controller emulation is only supported on Windows 2000 servers running service pack 2.

Any computers running Windows 98/ME/2000 will detect the new Windows 2000 domain controller and only authenticate by using the new domain controller, ignoring any existing Windows NT 4.0 BDCs.

By enabling Windows NT 4.0 domain controller emulation, you force the new domain controller to advertise as a Windows NT 4.0 domain controller. The Windows 98/ME/2000 workstations and member servers will then use all domain controllers for authentication.

To enable Windows NT 4.0 domain controller emulation on the first regional domain controller in your environment
To enable Windows NT 4.0 domain controller emulation:
1. Configure domain_controller (were domain_controller is the name of the domain controller) to emulate a Windows NT 4.0 domain controller by making the following registry entry:

HKLM/System/CCS/Services/Netlogon/Parameters/NT4Emulator = 0x1 (REG_DWORD)

Leave Windows NT 4.0 emulation enabled on all Windows 2000 domain controllers until all authentication traffic has occurred, then disable the Windows NT 4.0 emulation.

2. If you intend to use a Windows 2000 Professional machine to administer the 2000 server, then configure the win2kp_desktop (were win2kp_desktop is the name of a computer running Windows 2000 Professional) that administers the Windows 2000 domain controller to bypass Windows NT 4.0 emulation by making the following registry entry:

HKLM/System/CCS/Services/Netlogon/Parameters/NeutralizeNT4Emulator = 0x1 (REG_DWORD)

Note: There is no need to configure this registry key value on the Windows 2000 domain controller because the domain controllers always behave as if they are configured with this key.

Now migrate your users as necessary.
0
 
LVL 25

Expert Comment

by:dew_associates
ID: 6920258
Sorry for the double post. Either the server gives me a -10 error and everything I post is lost, or it posts it twice. Sometimes you just can't win.
0
 

Author Comment

by:davidpm
ID: 6922823
Thanks for the reg key clue. I am still not sure of what to do first however. My nt machine is a PDC. My 2000 computer is a DC. The way I understand it is that the current NT PDC has to be demoted to BDC before I can introduce the 2000 box.

So how do I introduce the 2000 box.

Your comment
Note: there is no need to cinfigure this reistry key balue on the 200 dc because the domain controllers always behave as if they are configured with this key."

Leads me to believe that this key is not what I'm looking for becase my 2000 box is a DC

How do I introduce a new 2000 DC to a NT network serviced with one PDC?
What am I missing?
0
 
LVL 25

Expert Comment

by:dew_associates
ID: 6922919
If you bring the 2000 box into the domain, the NT box should automatically demote to a BDC. Now, if there is a problem because of a configuration during setup, with the 2000 box on line, run dcpromo on the NT box and demote manually.
0
Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

 

Author Comment

by:davidpm
ID: 6923226
Thanks. I'm asking so many questions because I do not want to mess it up.

If my 2000 box was installed while it was disconnected to the nt domain but the domain name chosen was the same, what happens when I plug it into the NT domain. How do I get it to snag all the NT user accounts?

If I setup the 2000 box as a member server and plug it into the NT domain and then run dcpromo and make it a dc will it grab my user account info from the NT PDC and demote the PDC to a bdc?

You said to run dcpromo on the NT box. I thought that dcpromo was a 2000 utility. Can I run the dcpromo I find on the 2000 box on the NT box?
0
 
LVL 25

Expert Comment

by:dew_associates
ID: 6923474
Before you go too much further, read Q238369 in the MSKB as well as this:

http://www.microsoft.com/ntserver/nts/deployment/migration/nt4tont5/1_Introduction.asp
0
 

Author Comment

by:davidpm
ID: 6923879
the nt4to5 doc was not available. I'll try later.
I read q238369

I guess I've got most of the pieces except how to get the win2k box to grab the sam from the nt box so I do not have to redo the usernames etc. I know the 2000 box can not be a bdc which if it could would solve the problem.
I also know that you can not have a nt pdc and a 2000 dc on the same domain.
So that is where I'm stuck.
The docs all talk about upgrading the nt box.
I want plug in the 2000 box grab the useraccounts.
then I can copy over the data and retire the nt box.
Dosn't sound like it should be hard but so far I have not seen any info on this senario.

0
 

Author Comment

by:davidpm
ID: 6923914
I appreciate your efforts. I did the research as you sugested and found the following two articles:
http://www.experts-exchange.com/questions/Q.20155901.html
http://www.experts-exchange.com/questions/Q.20149209.html

The short answer that that what I want to do (import the sam from a NT box to a 2000 box) is not possible.
I could introduce a third box.

Take box 3 start it as an NT bdc
Take it off line and promote to PDC
Upgrade it to win2k
Connect my real new 2000 server and run dcpromo
take box three home
retire orginal NT Box
Start using New win2k box

I know I left out a couple of details like what has to be turned on and what has to be turned off at what time so there will be not conflicts.

Thanks for your help.














0
 
LVL 25

Expert Comment

by:dew_associates
ID: 6924355
You're quite welcome Dave!
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Suggested Solutions

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
This article will show you how to create an ISO CD-ROM/DVD-ROM image (*.iso), and MD5 checksum signature, for use with VMware vSphere Hypervisor 6.5 (ESXi 6.5). It's a good idea to compare checksums, because many installations fail because of a corr…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now