Go Premium for a chance to win a PS4. Enter to Win


Migration from NT to 2000 domain

Posted on 2003-11-07
Medium Priority
Last Modified: 2010-04-14
The environment is one NT server which will be replaced by a new Win 2000 Server.

I'll need both online to access the data from both. Do I NEED to create a new domain?, although I will re-create all of the users (15), shares, etc on the Win2K system, I like the domain's name as it is. I've setup many NT servers (going back to NT 3.1) and several 2000 Servers, but never migrating a an existing environment.  I've searched through the db here but didn't find an exact match.

When setting up the new Win2K server (via the AD wizard), what steps would you recommend:

1. new DC
2. add DC to exsiting domain

and so forth....

Question by:msyracuse
  • 4
  • 3
  • 3
  • +1
LVL 24

Expert Comment

ID: 9704456

Expert Comment

ID: 9705505
What you need to do is failry simple.  I dont know what you currently have, but this is the best bet.  Build a temporary BDC and synchronize it.  Take it offline.  Set it aside.  Take an existing BDC and do an in place upgrade to Windows 2000.  After the install the AD Wizard will start.  When it is complete you will be on Windows 2000 with a 2000 AD domain.  Then build a server from scratch and join it to the domain.  Run dcpromo to make it a domain controller and transfer all the roles to it.  Thats it.  The BDC you took offline earlier was just there in case it all went south and you had to put it all back together again.
Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.


Expert Comment

ID: 9706003
Let me be more detailed.  I also forgot to mention a key piece.  I was distracted during my answer
Step 1.  Build a BDC
Step 2.  Synch domain
Step 3.  Pull BDC offline, if you dont have another BDC just use this one
Step 4.  Promote to PDC
Step 5.  Verify everything is still working
Step 6.  Install Windows 2000 over the top, choose upgrade.  When it rebbots it will start the Active Directory Wizard.  It will prompt you to instal DNS or use a differnt DNS server.  Just load DNS on this machine.  It will ask you to name your domain.  I gernally take the companys web name and use .loc instead of .com ie. mycompany.loc  The Netbios name of your domain will stay the same.
Step 7.  Depending on how long this machine needs to be in place, install current service packs and critical updates.  If the machine is only going to exist for a day or so, just get it up to SP3 and skip the critical updates.
Step 8.  Build a clean Windows 2000 machine from scratch with all the current patches and Service Packs
Step 9.  Point the DNS to the server you just built and promote this machine to a domain controller
Step 10.  Transfer all of the FSMO roles to this server or if you are going to build more DC's then you can spread it around as you see fit
Step 11.  Demote the temporary server and either decomission it or rebuild it clean and make it into another DC or whatever else
Step 12.  Enjoy your new AD server

Expert Comment

ID: 9708560
Snowsurfer has it down. I've answered this at least 5 times and I know others have also.
NOTE: use ntdsutil to transfer the FSMO roles do not seize them.
Try this: http://www.microsoft.com/technet/prodtechnol/ad/windows2000/maintain/opsguide/part1/adogd04.asp

Author Comment

ID: 9726466
Thank You all for your contributions! I wish I could take your advice, but not in this case.

Currently : 1 NT server
Interim: 1 NT server, Win2K server
Final: 1 Win2k server

Upgrading the existing NT server to Win2000 is not an option due to the following.
1. There is insufficient space
2. CPU is underpowered
3. There is OS corruption, such as WINS, an possibly User Mgr objects

The Win2K server sees the NT server and can attach to shares. None of the Win2k Pro desktops attach to the Win2k server shares. They can see the server, but the shares are invisible.  Do the machines have to be added as in NT's server manager?

During the AD wizard, when asked for the user/pass/domain, I get the error message:

'The domain "mydomain" is not an Active Directory domain, or an Active Directory domain controller for the domain could not be contacted"

I'd prefer to recreate the domain and users. Can I use the same domain name? Can I make a quick cut-over and have the Win2k be the AD DC which attaches the clients to the old NT box during the interim?

What options do I have?

Expert Comment

ID: 9726542
I'd build the box that will be your WIN2K server to NT4 with SP6a as a BDC to your existing domain. Down the current NT PDC then promote this new box. Upgrade it to WIN2K server and configure AD etc. There is no way to build the WIN2K server with the same domain name while the NT4domain is up and running without having to re-create all of the users and groups from scratch. At least not that I know of. If you have another machine with WIN2K Pro there may be a way to export from NT4 using ADMT, but I don't have any idea how that would work or if it is even possible.

Accepted Solution

snowsurfer earned 1800 total points
ID: 9726622
You dont have to use ntdutil to tranfer roles, you can do it within AD Users and Computers, Sites and Services, etc...

You can use ADMT but it is ugly, I just did it last week, and it added 14 hours to a project that didnt need to happen.  Lazerstl has it.  

Here is what I would do in your situation
Rebuild the Windows 2000 server as NT4 BDC, install SP6a promote it to
PDC.  Upgrade it Windows 2000 Server.  this will install AD, install DNS on it
Then take a desktop and put windows 2000 server on it.  Make it a DC, transfer the roles to it.
Make sure synch has happened between AD computers
Demote the server you rebuilt to remove it from AD
Remember yiour NT server and shares are still online at this point.  Users dont even know what happened
Rebuild the server with a FRESH install of Windows 2000 and promote it to a DC
Demote the desktop and rebuild it as whatever desktop OS you want
Move all the DATA/SHARES and printers etc from NT4 box to WIndows 2000, then you are all done

It sounds like you are looking for a quick fix and a quick fix is going to suck long term.  You should be able to do this all in one day

Author Comment

ID: 9727447
I just can't bear the thought up UPGRADING a server machine's OS..I never even do that with a desktop.  I've always performed a fresh install. Upgrades always end up with a 'Gotcha' somewhere along the line.  I realize that an in-place upgrade is only solution that Microsoft has provided.

Does AD allow you to rename the forest , etc.?  Remember, I dont' mind re-creating the users, it's a small list. It's the domain name that I would like to keep beacuse it's the company name and simplicity sake.

I hear what all of you are saying, but is the in-place upgrade the ONLY way to go to preserve the name of the domain?

Expert Comment

ID: 9727934
You REALLY need to consider a "swing server". Even if it only barely meets the minimum sys requirements for WIN2K server. It won't really be in your production environment for more than a few hours while you build your NEW WIN2K server from scratch, synch up and tranfer FSMO roles. I don't disagree with you one bit about upgraded production servers or workstations. Third temporary machine is really the way to go. I've done a few and I've only heard nightmares about doing it any other way. Snowsurfer seems to agree, but others may have other insights or experiences. In any case, which ever way you go. Good Luck!!

Author Comment

ID: 9728214
I'll follow snowsurfer's suggestion. After CAREFULLY reading his plan, it seems to make good sense (in a convoluted way).  
I need to clarify a few issues before proceeding.....

When the new W2K server (fresh install) is promoted to DC (and the NT server is still online), users will be logging in on the new server?

if so, my logon script needs to point to the NT server temporarily to access the data.
if not, at the point the NT server goes off-line, then the Win2K server becomes the only point of logon?  I will likely keep the NT server running for a few days to confirm that all data/shares are working properly.

It seems that the NT server doesn't have to be demoted, it just gets a forced demotion...correct?

I'm upping the points once again ....Thanks guys.  :)

Expert Comment

ID: 9728444
Yeah the users will be logging on to the new server.  The login should get moved from the NT server to the Windows 2000 server.  Then when you bring up the new fresh 2000 server it should copy from the temp 2000 server to the new one.  Once all the data is copied to the new server ( I would use robocopy) edit your login scripts to point to the new server.  At that point unlplug the NT machine from the network and keep an eye on things to make sure you got everything.  Then you can just power it off and do whatever you want with it

The NT server does not have to be demoted.  You can delete it from AD when it is gone for sure.  

For the record I am totally against upgrades, since this machine is only going to be temporay then its ok.  I have done this at least 15 times.  I am a field engineer, our company has over 500 clients and many of them are just now getting around to getting upgraded.  Its the safest and cleanest way to do it.

You know where to find us if things go wrong.

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Microsoft Access has a limit of 255 columns in a single table; SQL Server allows tables with over 255 columns, but reading that data is not necessarily simple.  The final solution for this task involved creating a custom text parser and then reading…
Loops Section Overview
Despite its rising prevalence in the business world, "the cloud" is still misunderstood. Some companies still believe common misconceptions about lack of security in cloud solutions and many misuses of cloud storage options still occur every day. …
Suggested Courses

926 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question