Solved

Migrating to Active Directory - wondering about group policies after the migration

Posted on 2004-08-05
1
255 Views
Last Modified: 2010-03-18
Hi all,

I am migrating my domain from Windows NT 4.0 Server to Window 2000 Server.  The workstations are Windows 2000.  We have group policies running under Windows NT, what i was wondering, what will happen after the upgrade.  I'm not worried if no group policy is applied while i sort out my OU's and new group policies.  I just don't want to get errors on every workstation once we move to AD that will stop the user login on etc.  Does anyone know of any gotchas

cheers

Chris  
0
Comment
Question by:tallemu
1 Comment
 
LVL 83

Accepted Solution

by:
oBdA earned 300 total points
ID: 11733784
There are no real "gotchas". As soon as your W2k machines logon for the first time to your new AD domain, they will start to process group policies instead of the NT4 system policies.
If you want to prevent that, then before upgrading, set the "NT4Emulator" entry in the registry of the PDC. As long as the new DC runs in this mode, it won't identify itself as a "real" AD DC, and your W2k/XP clients will still logon NT4 style. This includes that they will continue to process the old system policy.
To test the new AD group policies before switching your domain over to "full" AD (by removing the "NT4Emulator" entry), and to set up an administrative workstation, you can use the "NeutralizeN4Emulator" entry on the test machines to force them into AD.
Warning: You can not switch your domain "back and forth" by removing or readding the key on your DC! Once you've removed the entries and your W2k/XP domain members have discovered they're in a "real" AD domain, and you add the key again, your machines won't logon any more until you rejoin them.

How to Prevent Overloading on the First Domain Controller During Domain Upgrade
http://support.microsoft.com/?kbid=298713

Windows Server Members Still Authenticate with BDCs After PDC Is Upgraded
http://support.microsoft.com/?kbid=309273

Windows 2000-Based Clients Connect Only to the Domain Controller That Was Upgraded First in a Mixed-Mode Domain
http://support.microsoft.com/?kbid=284937
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

FIPS stands for the Federal Information Processing Standardisation and FIPS 140-2 is a collection of standards that are generically associated with hardware and software cryptography. In most cases, people can refer to this as the method of encrypti…
Resolve DNS query failed errors for Exchange
Delivering innovative fully-managed cloud services for mission-critical applications requires expertise in multiple areas plus vision and commitment. Meet a few of the people behind the quality services of Concerto.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

914 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now