Go Premium for a chance to win a PS4. Enter to Win


Migration to Windows Server 2003

Posted on 2004-09-21
Medium Priority
Last Modified: 2012-05-05
We are a small organization and our current Network Scenario is as follows:

- Currently, our Primary Domain Controller has Windows NT
- Currently, our Backup Domain Controller has Windows NT
- All other Servers (File Server, Print Server, Web Servers) have Windows 2000
- We have purchased New Windows 2003 Servers (enterprise edition) which would act as our new domain controllers.
- All workstations use only static IP addresses. We do not have a DHCP server

We are planning to migrate everything to Windows Server 2003. My questions are these:

1. How should we proceed on doing this?
2. What is preferable: Using ADMT (Active Directory Migration Tool) or doing an in-place upgrade?
3. What are the potential problems that we could face?

I appreciate your response.
Question by:mauneel
  • 5
  • 4
LVL 85

Accepted Solution

oBdA earned 2000 total points
ID: 12116789
If your domain is working OK, and you have new hardware anyway, you're probably best of with an upgrade. (Just did this, and it went as smooth as can be.)
Install NT4 as BDC in your current domain on one of your new machines (install a DNS server during setup as well. You might want to add a WINS server as well; it's officially not necessary, but it helps, and if you plan to introduce Exchange, you'll need it anyway). Apply SP6a. In the TCP/IP properties of the new machine, let it only point to itself (the IP address, not!) as DNS server, and enter your new AD domain name (yourcompanyname.local, for example) in the DNS tab of the network settings. In DNS server management, create a new primary DNS zone with the name of your new AD domain. Make a full replication of your DCs. Promote your new BDC to PDC, then shutdown your old PDC (now BDC) as a backup. You might want to set the "NT4Emulator" registry entry (as desribed below) *before* you run the upgrade; not (only) to prevent the overloading, but also to prevent your W2k/XP machines to recognize the domain as AD domain and change their logon behaviour (just in case you want to go back to NT4).
Upgrade your new PDC to W2k3; during the upgrade, you will be asked for the new AD domain name; choose the same one you created in your DNS. Your NetBIOS domain name will be kept.
Before you do this for real, and since you have new hardware anyway, I'd suggest you setup a fresh NT4 PDC for a test domain, then upgrade this machine to test if everything runs fine. Rund dcdiag and netdiag (from the Support Tools on your W2k3 CD) to check if your AD setup is correct. Once you're pretty sure you've got it working okay, erase the test machine and make it your real BDC.
If everything is okay, and you want to stay with your new AD domain, remove the "NT4Emulator" entry. Note that from then on, your W2k/XP clients will only be able to logon to a W2k(3) DC, and that they will not process NTConfig.pol anymore; they'll now only react to group policies.

Background Information for Upgrading to Windows Server 2003 Active Directory

How to Prevent Overloading on the First Domain Controller During Domain Upgrade

And here's some reading stuff about the DNS basics, to avoid problems with that from the outset:

Frequently Asked Questions About Windows 2000 DNS and Windows Server 2003 DNS

Best practices for DNS client settings in Windows 2000 Server and in Windows Server 2003

How to Verify the Creation of SRV Records for a Domain Controller

How Domain Controllers Are Located in Windows

How Domain Controllers Are Located in Windows XP

HOW TO: Use the Network Diagnostics Tool (Netdiag.exe) in Windows 2000

DCDiag and NetDiag in Windows 2000 Facilitate Domain Join and DC Creation

HOW TO: Set Up the Domain Name System for Active Directory in Windows Server 2003

HOW TO: Troubleshoot DNS Name Resolution on the Internet in Windows Server 2003

This doesn't really apply to your situation, as you will have your DNS already installed, but maybe it's of interest:
HOW TO: Configure DNS for Internet Access in Windows Server 2003
LVL 85

Expert Comment

ID: 12117126
Maybe of interest, too:
Migrating Windows NT Server 4.0 Domains to Windows Server 2003 Active Directory

Author Comment

ID: 12118839
Amazing answer buddy. Thanks much. I really appreciate it. But, I have some questions:

You are asking me to install NT4 on the new domain controller that we bought. It's a Dell PowerEdge 2650. I have my doubts regarding this. I am not sure if it will even take in NT 4. It already has Windows 2003 Enterprise on it. I am skeptical about driver compatibility.

Also, if I accept your answer (which I obviously want to do), will I still be able to post my questions to you?

Thanks again.

Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.


Author Comment

ID: 12118846
Also, I have a Dell 170l Optiplex with no OS on it. Should I install NT4 on it and use it as a test domain controller just like you suggsted?


Author Comment

ID: 12119759
Hey buddy, I have already awarded you the points. Please do respond to m questions though. If you want, I can open-up another question addressed to you.

LVL 85

Expert Comment

ID: 12120554
For a test machine, you can basically use whatever machine fits the needs of Server 2003.
As for the drivers, Dell has a pretty well sorted driver site. If your NT4 DC's hardware supports W2k3, you can of course (if necessary promote and) upgrade one of those as well, then join your Dell to the domain and dcpromo it. You could then transfer the FSMO roles to your new machine and depromote the former NT4 machine. (Never ever just remove a DC in an AD domain; always demote it first!) Depending on your experience with AD, you might want to try all of this in a test setup before running it for real.
If you don't have hardware that supports NT4 as well as W2k3, you'll need to use the ADMT.

How To View and Transfer FSMO Roles in Windows Server 2003

How To Use the Dcpromo.exe Tool to Remove Active Directory in Windows Server 2003

Author Comment

ID: 12126560
I just came to know that one of our colleagues has just misplaced/lost the only Windows NT 4 CD that we had. Is there a way we can buy an NT 4 CD from somewhere? Since MS has stopped supporting NT, I was wondering whether anyone would be selling NT 4 anymore :(
LVL 85

Expert Comment

ID: 12145837
If you're subscribed to the MSDN, you're still able to download an ISO image from Microsoft. Otherwise, the easiest possibility is probably to look at ebay or wherever.

Author Comment

ID: 12147848
Thanks for your help. I have another question. But, I am going to post it as a new question. So, please try responding to that. By the way, we did find the CD.


Featured Post

Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
This course is ideal for IT System Administrators working with VMware vSphere and its associated products in their company infrastructure. This course teaches you how to install and maintain this virtualization technology to store data, prevent vuln…
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…

885 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question