Solved

Migrating NT4 domain to 2000 w/AD... have a couple questions.

Posted on 2003-11-21
8
292 Views
Last Modified: 2010-03-19
First let me start by explaining our current setup. We have 8 of which are very old, 3 of which are cheapo workstation class machines. (before my time, dont ask :P ) Two machines are setup as DCs on an NT4 domain one as a PDC (obviously) and the other as the BDC, we also have one other machine off site on the other end of an ATM circuit that acts as a BDC. The PDC is on one of the workstation class machines, as is the BDC, I dont know why, like I said it was before my time. We have a newer Dell server with windows 2000, 1gb ram, raid 5 dual P3s, the hole bit, that acts as a file server. One Win 2000 machine that has exchange 5.5 installed, which was actually ogirionally a 2U rackmount web server. As such it is not very well suited as an email server. One Windows 2000 machine that has SQL server 2000 installed, and also acts as the DHCP server, which about equivelent to the file server machine feature-wise just a little slower. One other workstation class machine running win2k that is a print server. Also a NT4 machine setup as a remote access server. I think I got them all.

Anyhow, moving on. We are currently using a public class C IP block, which I think is a little rediculus. Our control over the network ends at a Cisco 6000 router down in the basement, which acts as our gateway. Those that control our network outside of that run their own DNS servers and what not which we also have no control over.

I know common practice is to create a NT4 BDC from scratch, sync it a couple times, promote it to pdc, sync it a couple times, then upgrade that to windows 2000. However, we have some entirely new machines that I would rather just install 2000 from scratch on. I was informed of some tools from netiq and something called fastlane, I looked at them breifley to help migrate the user base over from an NT4 controller to AD. Anybody use this and have any comments on them?

Thing thing is we are thinking about changing our domain name because right now its just an abigouos GOV which is obviously a top level domain. I know that can be worked around but I would rather have a FQDN for our domain name. If we change our domain name to an  FQDN, do I have to have  the domain name resolve to the new AD Domain Master? I know we will have to re-join all the machines on the network to the new domain name, but I can script that so its not that big of deal.

We plan on implementing NAT, right now Im not sure wether I want to create a DMZ type setup, or just put eventhing behind a firewall and route ports to their respective hosts. Either way we will not be on a public block any more.

I have heard on numerous occasions that Exchange 5.5 will not function in an AD environment. Is this 100% true? The exchange server is on 2k right now, but as the domain is NT its obviously just a member server as I know 2k cannot join an NT4 domain as a DC. If we were to leave the echange 5.5 server as a member server with 2k would it still function? I know echange 2000/3 integrates with AD but we may not be able to afford that just yet. Will we have to retain our NT4 domain and just create trusts between the old NT4 domain and the new 2K domain?

We plan to implement this next month, so right now we are just in the planning stages. Any and all input, or experiences anybody can provide would be more than appreciated.
0
Comment
Question by:Halonix
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
8 Comments
 
LVL 2

Accepted Solution

by:
dominion4thade earned 250 total points
ID: 9805025
I have not used the netiq tool but have used the user migration tool from microsoft.  To use the microsoft tool you need to have trusts between the domains.  Install AD on your new 2000  box with your new FQDN with DNS on that machine (AD does not work with NT DNS), then establish a relationship between the domains.  Install the microsoft tool on your NT machine and pipe the user accounts w/the SID over to the new AD domain.

Exchagne 5.5 uses it's own directory structure while 2000 intergrates with AD.  5.5 can exist in a 2000 AD network very easily.  You must install an Active Directory Connector to sync the AD directory with the 5.5 directory.  Once installed you can config the replication to occur on what ever schedule you would like.

If you are in the planning stages I would recommend reading up on the technet site as well as any 70-217 book for AD Infrastructure.  Mark Manasi did a Mastering series on 2000 and Active Direcoty, this series is an awesome read.
0
 

Author Comment

by:Halonix
ID: 9812021
One additional question I wouldnt mind getting answered;

If we retain the exchange 5.5 server and decide to rename the domain, what all will be involved in getting the exchange server working on a different domain?
0
 
LVL 2

Expert Comment

by:dominion4thade
ID: 9813059
Your site name for 5.5 will have to remain the same but won't cause problems with the domain name change.  You will have to make sure that the individual mailboxes point to the correct user account in the new domain.  If you use a user migration tool and the SID's are retained on each user account I think this would be transparent.  Next thing that you will need to do is change your mail policy so the email address reflects the correct domain name.  You can keep both active and set the new domain name as the primary for replies and such so you don't miss any mail going to the old address.  
0
Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

 

Author Comment

by:Halonix
ID: 9813715
If we need to keep the exiting domain name for mail all we need to do is keep the MX record for the domain name used for email. Right?
0
 

Author Comment

by:Halonix
ID: 9814309
One more questions... after the new domain has been created and all the NT4 objects copied over are we going to have to go to every machine and re add them to the domain? The only alternative I see is using the WMI script located here http://www.microsoft.com/technet/scriptcenter/compmgmt/scrcm31.asp?frame=true . Some of the machines are windows xp but most are 2000 and we are not (thus far) planning on installing 2003 due to cost restraints.
0
 
LVL 2

Expert Comment

by:dominion4thade
ID: 9814423
Yes, you would keep the MX record and the old email address.

Each computer would need to change domain memberships, scripting as your link shows would speed this up.  Windows 2000 supports WMI scripting, although your link was for XP/2003, I would check around and do some testing for the 2000 machines.  You should find a solution for the 2000 machines.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

FIPS stands for the Federal Information Processing Standardisation and FIPS 140-2 is a collection of standards that are generically associated with hardware and software cryptography. In most cases, people can refer to this as the method of encrypti…
I'm a big fan of Windows' offline folder caching and have used it on my laptops for over a decade.  One thing I don't like about it, however, is how difficult Microsoft has made it for the cache to be moved out of the Windows folder.  Here's how to …
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Suggested Courses

615 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question