Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

Migrating NT4 domain to 2000 w/AD... have a couple questions.

Posted on 2003-11-21
Last Modified: 2010-03-19
First let me start by explaining our current setup. We have 8 of which are very old, 3 of which are cheapo workstation class machines. (before my time, dont ask :P ) Two machines are setup as DCs on an NT4 domain one as a PDC (obviously) and the other as the BDC, we also have one other machine off site on the other end of an ATM circuit that acts as a BDC. The PDC is on one of the workstation class machines, as is the BDC, I dont know why, like I said it was before my time. We have a newer Dell server with windows 2000, 1gb ram, raid 5 dual P3s, the hole bit, that acts as a file server. One Win 2000 machine that has exchange 5.5 installed, which was actually ogirionally a 2U rackmount web server. As such it is not very well suited as an email server. One Windows 2000 machine that has SQL server 2000 installed, and also acts as the DHCP server, which about equivelent to the file server machine feature-wise just a little slower. One other workstation class machine running win2k that is a print server. Also a NT4 machine setup as a remote access server. I think I got them all.

Anyhow, moving on. We are currently using a public class C IP block, which I think is a little rediculus. Our control over the network ends at a Cisco 6000 router down in the basement, which acts as our gateway. Those that control our network outside of that run their own DNS servers and what not which we also have no control over.

I know common practice is to create a NT4 BDC from scratch, sync it a couple times, promote it to pdc, sync it a couple times, then upgrade that to windows 2000. However, we have some entirely new machines that I would rather just install 2000 from scratch on. I was informed of some tools from netiq and something called fastlane, I looked at them breifley to help migrate the user base over from an NT4 controller to AD. Anybody use this and have any comments on them?

Thing thing is we are thinking about changing our domain name because right now its just an abigouos GOV which is obviously a top level domain. I know that can be worked around but I would rather have a FQDN for our domain name. If we change our domain name to an  FQDN, do I have to have  the domain name resolve to the new AD Domain Master? I know we will have to re-join all the machines on the network to the new domain name, but I can script that so its not that big of deal.

We plan on implementing NAT, right now Im not sure wether I want to create a DMZ type setup, or just put eventhing behind a firewall and route ports to their respective hosts. Either way we will not be on a public block any more.

I have heard on numerous occasions that Exchange 5.5 will not function in an AD environment. Is this 100% true? The exchange server is on 2k right now, but as the domain is NT its obviously just a member server as I know 2k cannot join an NT4 domain as a DC. If we were to leave the echange 5.5 server as a member server with 2k would it still function? I know echange 2000/3 integrates with AD but we may not be able to afford that just yet. Will we have to retain our NT4 domain and just create trusts between the old NT4 domain and the new 2K domain?

We plan to implement this next month, so right now we are just in the planning stages. Any and all input, or experiences anybody can provide would be more than appreciated.
Question by:Halonix
  • 3
  • 3

Accepted Solution

dominion4thade earned 250 total points
ID: 9805025
I have not used the netiq tool but have used the user migration tool from microsoft.  To use the microsoft tool you need to have trusts between the domains.  Install AD on your new 2000  box with your new FQDN with DNS on that machine (AD does not work with NT DNS), then establish a relationship between the domains.  Install the microsoft tool on your NT machine and pipe the user accounts w/the SID over to the new AD domain.

Exchagne 5.5 uses it's own directory structure while 2000 intergrates with AD.  5.5 can exist in a 2000 AD network very easily.  You must install an Active Directory Connector to sync the AD directory with the 5.5 directory.  Once installed you can config the replication to occur on what ever schedule you would like.

If you are in the planning stages I would recommend reading up on the technet site as well as any 70-217 book for AD Infrastructure.  Mark Manasi did a Mastering series on 2000 and Active Direcoty, this series is an awesome read.

Author Comment

ID: 9812021
One additional question I wouldnt mind getting answered;

If we retain the exchange 5.5 server and decide to rename the domain, what all will be involved in getting the exchange server working on a different domain?

Expert Comment

ID: 9813059
Your site name for 5.5 will have to remain the same but won't cause problems with the domain name change.  You will have to make sure that the individual mailboxes point to the correct user account in the new domain.  If you use a user migration tool and the SID's are retained on each user account I think this would be transparent.  Next thing that you will need to do is change your mail policy so the email address reflects the correct domain name.  You can keep both active and set the new domain name as the primary for replies and such so you don't miss any mail going to the old address.  
Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.


Author Comment

ID: 9813715
If we need to keep the exiting domain name for mail all we need to do is keep the MX record for the domain name used for email. Right?

Author Comment

ID: 9814309
One more questions... after the new domain has been created and all the NT4 objects copied over are we going to have to go to every machine and re add them to the domain? The only alternative I see is using the WMI script located here http://www.microsoft.com/technet/scriptcenter/compmgmt/scrcm31.asp?frame=true . Some of the machines are windows xp but most are 2000 and we are not (thus far) planning on installing 2003 due to cost restraints.

Expert Comment

ID: 9814423
Yes, you would keep the MX record and the old email address.

Each computer would need to change domain memberships, scripting as your link shows would speed this up.  Windows 2000 supports WMI scripting, although your link was for XP/2003, I would check around and do some testing for the 2000 machines.  You should find a solution for the 2000 machines.

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Downtime reduced, data recovered by utilizing an Experts Exchange Business Account Challenge The United States Marine Corps employs more than 200,000 active-duty Marines with operations in four continents, all requiring complex networking system…
The Need In an Active Directory enviroment, the PDC emulator provide time synchronization for the domain. This is important since Active Directory uses Kerberos for authentication.  By default, if the time difference between systems is off by more …

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question