?
Solved

Migrating to Active Directory - wondering about group policies after the migration

Posted on 2004-08-05
1
Medium Priority
?
263 Views
Last Modified: 2010-03-18
Hi all,

I am migrating my domain from Windows NT 4.0 Server to Window 2000 Server.  The workstations are Windows 2000.  We have group policies running under Windows NT, what i was wondering, what will happen after the upgrade.  I'm not worried if no group policy is applied while i sort out my OU's and new group policies.  I just don't want to get errors on every workstation once we move to AD that will stop the user login on etc.  Does anyone know of any gotchas

cheers

Chris  
0
Comment
Question by:tallemu
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 85

Accepted Solution

by:
oBdA earned 1200 total points
ID: 11733784
There are no real "gotchas". As soon as your W2k machines logon for the first time to your new AD domain, they will start to process group policies instead of the NT4 system policies.
If you want to prevent that, then before upgrading, set the "NT4Emulator" entry in the registry of the PDC. As long as the new DC runs in this mode, it won't identify itself as a "real" AD DC, and your W2k/XP clients will still logon NT4 style. This includes that they will continue to process the old system policy.
To test the new AD group policies before switching your domain over to "full" AD (by removing the "NT4Emulator" entry), and to set up an administrative workstation, you can use the "NeutralizeN4Emulator" entry on the test machines to force them into AD.
Warning: You can not switch your domain "back and forth" by removing or readding the key on your DC! Once you've removed the entries and your W2k/XP domain members have discovered they're in a "real" AD domain, and you add the key again, your machines won't logon any more until you rejoin them.

How to Prevent Overloading on the First Domain Controller During Domain Upgrade
http://support.microsoft.com/?kbid=298713

Windows Server Members Still Authenticate with BDCs After PDC Is Upgraded
http://support.microsoft.com/?kbid=309273

Windows 2000-Based Clients Connect Only to the Domain Controller That Was Upgraded First in a Mixed-Mode Domain
http://support.microsoft.com/?kbid=284937
0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Enterprise networks where VoIP phones have been deployed frequently use port configurations that allow both a computer and an IP phone to be plugged into the same switch port but use different VLANs. On Cisco equipment I'm referring to the "native V…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

801 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question