Migrating NT4 domain to 2000 w/AD... have a couple questions.
Posted on 2003-11-21
First let me start by explaining our current setup. We have 8 of which are very old, 3 of which are cheapo workstation class machines. (before my time, dont ask :P ) Two machines are setup as DCs on an NT4 domain one as a PDC (obviously) and the other as the BDC, we also have one other machine off site on the other end of an ATM circuit that acts as a BDC. The PDC is on one of the workstation class machines, as is the BDC, I dont know why, like I said it was before my time. We have a newer Dell server with windows 2000, 1gb ram, raid 5 dual P3s, the hole bit, that acts as a file server. One Win 2000 machine that has exchange 5.5 installed, which was actually ogirionally a 2U rackmount web server. As such it is not very well suited as an email server. One Windows 2000 machine that has SQL server 2000 installed, and also acts as the DHCP server, which about equivelent to the file server machine feature-wise just a little slower. One other workstation class machine running win2k that is a print server. Also a NT4 machine setup as a remote access server. I think I got them all.
Anyhow, moving on. We are currently using a public class C IP block, which I think is a little rediculus. Our control over the network ends at a Cisco 6000 router down in the basement, which acts as our gateway. Those that control our network outside of that run their own DNS servers and what not which we also have no control over.
I know common practice is to create a NT4 BDC from scratch, sync it a couple times, promote it to pdc, sync it a couple times, then upgrade that to windows 2000. However, we have some entirely new machines that I would rather just install 2000 from scratch on. I was informed of some tools from netiq and something called fastlane, I looked at them breifley to help migrate the user base over from an NT4 controller to AD. Anybody use this and have any comments on them?
Thing thing is we are thinking about changing our domain name because right now its just an abigouos GOV which is obviously a top level domain. I know that can be worked around but I would rather have a FQDN for our domain name. If we change our domain name to an FQDN, do I have to have the domain name resolve to the new AD Domain Master? I know we will have to re-join all the machines on the network to the new domain name, but I can script that so its not that big of deal.
We plan on implementing NAT, right now Im not sure wether I want to create a DMZ type setup, or just put eventhing behind a firewall and route ports to their respective hosts. Either way we will not be on a public block any more.
I have heard on numerous occasions that Exchange 5.5 will not function in an AD environment. Is this 100% true? The exchange server is on 2k right now, but as the domain is NT its obviously just a member server as I know 2k cannot join an NT4 domain as a DC. If we were to leave the echange 5.5 server as a member server with 2k would it still function? I know echange 2000/3 integrates with AD but we may not be able to afford that just yet. Will we have to retain our NT4 domain and just create trusts between the old NT4 domain and the new 2K domain?
We plan to implement this next month, so right now we are just in the planning stages. Any and all input, or experiences anybody can provide would be more than appreciated.