Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Migrating to Active Directory - wondering about group policies after the migration

Posted on 2004-08-05
1
Medium Priority
?
267 Views
Last Modified: 2010-03-18
Hi all,

I am migrating my domain from Windows NT 4.0 Server to Window 2000 Server.  The workstations are Windows 2000.  We have group policies running under Windows NT, what i was wondering, what will happen after the upgrade.  I'm not worried if no group policy is applied while i sort out my OU's and new group policies.  I just don't want to get errors on every workstation once we move to AD that will stop the user login on etc.  Does anyone know of any gotchas

cheers

Chris  
0
Comment
Question by:tallemu
1 Comment
 
LVL 86

Accepted Solution

by:
oBdA earned 1200 total points
ID: 11733784
There are no real "gotchas". As soon as your W2k machines logon for the first time to your new AD domain, they will start to process group policies instead of the NT4 system policies.
If you want to prevent that, then before upgrading, set the "NT4Emulator" entry in the registry of the PDC. As long as the new DC runs in this mode, it won't identify itself as a "real" AD DC, and your W2k/XP clients will still logon NT4 style. This includes that they will continue to process the old system policy.
To test the new AD group policies before switching your domain over to "full" AD (by removing the "NT4Emulator" entry), and to set up an administrative workstation, you can use the "NeutralizeN4Emulator" entry on the test machines to force them into AD.
Warning: You can not switch your domain "back and forth" by removing or readding the key on your DC! Once you've removed the entries and your W2k/XP domain members have discovered they're in a "real" AD domain, and you add the key again, your machines won't logon any more until you rejoin them.

How to Prevent Overloading on the First Domain Controller During Domain Upgrade
http://support.microsoft.com/?kbid=298713

Windows Server Members Still Authenticate with BDCs After PDC Is Upgraded
http://support.microsoft.com/?kbid=309273

Windows 2000-Based Clients Connect Only to the Domain Controller That Was Upgraded First in a Mixed-Mode Domain
http://support.microsoft.com/?kbid=284937
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Greetings, Experts! First let me state that this website is top notch. I thoroughly enjoy the community that is shared here; those seeking help and those willing to sacrifice their time to help. It is fantastic. I am writing this article at th…
This article is in response to a question (http://www.experts-exchange.com/Networking/Network_Management/Network_Analysis/Q_28230497.html) here at Experts Exchange. The Original Poster (OP) requires a utility that will accept a list of IP addresses …
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Whether it be Exchange Server Crash Issues, Dirty Shutdown Errors or Failed to mount error, Stellar Phoenix Mailbox Exchange Recovery has always got your back. With the help of its easy to understand user interface and 3 simple steps recovery proced…

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question