[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

Migrating to Active Directory - wondering about group policies after the migration

Posted on 2004-08-05
1
Medium Priority
?
264 Views
Last Modified: 2010-03-18
Hi all,

I am migrating my domain from Windows NT 4.0 Server to Window 2000 Server.  The workstations are Windows 2000.  We have group policies running under Windows NT, what i was wondering, what will happen after the upgrade.  I'm not worried if no group policy is applied while i sort out my OU's and new group policies.  I just don't want to get errors on every workstation once we move to AD that will stop the user login on etc.  Does anyone know of any gotchas

cheers

Chris  
0
Comment
Question by:tallemu
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 85

Accepted Solution

by:
oBdA earned 1200 total points
ID: 11733784
There are no real "gotchas". As soon as your W2k machines logon for the first time to your new AD domain, they will start to process group policies instead of the NT4 system policies.
If you want to prevent that, then before upgrading, set the "NT4Emulator" entry in the registry of the PDC. As long as the new DC runs in this mode, it won't identify itself as a "real" AD DC, and your W2k/XP clients will still logon NT4 style. This includes that they will continue to process the old system policy.
To test the new AD group policies before switching your domain over to "full" AD (by removing the "NT4Emulator" entry), and to set up an administrative workstation, you can use the "NeutralizeN4Emulator" entry on the test machines to force them into AD.
Warning: You can not switch your domain "back and forth" by removing or readding the key on your DC! Once you've removed the entries and your W2k/XP domain members have discovered they're in a "real" AD domain, and you add the key again, your machines won't logon any more until you rejoin them.

How to Prevent Overloading on the First Domain Controller During Domain Upgrade
http://support.microsoft.com/?kbid=298713

Windows Server Members Still Authenticate with BDCs After PDC Is Upgraded
http://support.microsoft.com/?kbid=309273

Windows 2000-Based Clients Connect Only to the Domain Controller That Was Upgraded First in a Mixed-Mode Domain
http://support.microsoft.com/?kbid=284937
0

Featured Post

Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A common practice in small networks is making file sharing easy which works extremely well when intra-network security is not an issue. In essence, everyone, that is "Everyone", is given access to all of the shared files - often the entire C: drive …
We recently endured a series of broadcast storms that caused our ISP to shut us down for brief periods of time. After going through a multitude of tests, we determined that the issue was related to Intel NIC drivers on some new HP desktop computers …
This course is ideal for IT System Administrators working with VMware vSphere and its associated products in their company infrastructure. This course teaches you how to install and maintain this virtualization technology to store data, prevent vuln…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question