Solved

Migrating to Active Directory - wondering about group policies after the migration

Posted on 2004-08-05
1
260 Views
Last Modified: 2010-03-18
Hi all,

I am migrating my domain from Windows NT 4.0 Server to Window 2000 Server.  The workstations are Windows 2000.  We have group policies running under Windows NT, what i was wondering, what will happen after the upgrade.  I'm not worried if no group policy is applied while i sort out my OU's and new group policies.  I just don't want to get errors on every workstation once we move to AD that will stop the user login on etc.  Does anyone know of any gotchas

cheers

Chris  
0
Comment
Question by:tallemu
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 85

Accepted Solution

by:
oBdA earned 300 total points
ID: 11733784
There are no real "gotchas". As soon as your W2k machines logon for the first time to your new AD domain, they will start to process group policies instead of the NT4 system policies.
If you want to prevent that, then before upgrading, set the "NT4Emulator" entry in the registry of the PDC. As long as the new DC runs in this mode, it won't identify itself as a "real" AD DC, and your W2k/XP clients will still logon NT4 style. This includes that they will continue to process the old system policy.
To test the new AD group policies before switching your domain over to "full" AD (by removing the "NT4Emulator" entry), and to set up an administrative workstation, you can use the "NeutralizeN4Emulator" entry on the test machines to force them into AD.
Warning: You can not switch your domain "back and forth" by removing or readding the key on your DC! Once you've removed the entries and your W2k/XP domain members have discovered they're in a "real" AD domain, and you add the key again, your machines won't logon any more until you rejoin them.

How to Prevent Overloading on the First Domain Controller During Domain Upgrade
http://support.microsoft.com/?kbid=298713

Windows Server Members Still Authenticate with BDCs After PDC Is Upgraded
http://support.microsoft.com/?kbid=309273

Windows 2000-Based Clients Connect Only to the Domain Controller That Was Upgraded First in a Mixed-Mode Domain
http://support.microsoft.com/?kbid=284937
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Ready to improve network connectivity? Watch this webinar to learn how SD-WANs and a one-click instant connect tool can boost provisions, deployment, and management of your cloud connection.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

We recently endured a series of broadcast storms that caused our ISP to shut us down for brief periods of time. After going through a multitude of tests, we determined that the issue was related to Intel NIC drivers on some new HP desktop computers …
Resolve DNS query failed errors for Exchange
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question