Migrating NT 4.0 to Windows 2003 Active Dir

Posted on 2004-10-06
Last Modified: 2010-04-19
I have 3 bdcs and 1 pdc on nt 4.0 domain with separate nt 4.0 and exchange 5.5 server.
What i am wondering is what people usually do in this case.
We are 500 users company with single domain.
I would like to migrate to a fresh domain rather than doing upgrade to AD.
My concern is that current comain is called domainNT and i would like to change it to match our dns name.
How will that impact each machine.  I know how to export usres from nt4.0 and import them to ad, but what can be done with computers.
Will each pc in the corp have to be rejoined to the new domain and each users profile on local machine will have to be redone.
How do other peple deal with this issue. Also, how is exchange handeled.  Do you upgrade os first to win2k and than exchange since exch 5.5 does not run on win2ks what are my options.  Exchange server is not domain controller.  Do i just build another temp box migrade 5.5 users and than rebuild the old 5.5 box with new os and exchg 2k3 and migrade users back from temp box?


Question by:dhasic
LVL 23

Expert Comment

ID: 12242088

We did a migration just a year ago (also approx 500 users and NT with 5.5 Exchange) and decided to copletely start over. This was because our old domain (the NT) was one big mess. It was faster for us to completel start over again. I know it takes a lot of time (specially createing 500 users), but i thought it was worth the time, cause we cleaned the mess.

We did the same with Exchange 5.5. We used Exerge to export the mailboxes and import them into Exchange 2003 (Exchange migration done within one day).

If you knwo how to change the users, then you could try installing the new AD and add the Exchange 5.5 to the domain using the ADC (Active Directory Connector). Then, install an Exchange 2003 server on servers 2003 and ad it to the 5.5 Exchange domain. Then, you can do move mailbox migration.

But if you have the time, resources and employees to pull it off, i would start over again. You can allready create the new AD before even bothering any user..

Author Comment

ID: 12242161
How did you guys deal with local profiles on pc's?  Did you move them manually, since when you create new account in new ad and join the pc to the domain new profile gets created?
LVL 23

Accepted Solution

rhandels earned 125 total points
ID: 12242265

We had roaming profiles (take notice of the had). We recreated all users and recreated all roaming profiles. We told the users it was because of cleaning up and they didn't agrue with us that much ;)..  We created an instruction on how to set the most importantr things (specially the Exchange settings and printers..) the rest will be recreated within a few days. Only problem you would have is th favourites. There are 3rd party tools to do this perfectly, but then you should consider if you would like to spend up to $5000...

Indeed, you will need to add the computers to the new domain, but we did 100 pc's within half an hour with 3 people, so this shoudn't be the biggest problem.

You could try using the ADMT tool, i know it helps copying the profile to the new domain (just copying it doesn't work, because the users get a new SID and permissions wouldn't be correct...

Expert Comment

ID: 12245151
Migrate the mailboxes using Exmerge 2 step
export them all to PST files.(maybe on separate drive or server
Upgrade to Exchange 2000 or 2003
Once built and mailboxes created, import from pst's to mailboxes (again using exmerge)
Yes you are going to have to join them all to the new domain
Any XP workstations can do it for you, simply use the copy settings wizard.
For non-XP Why not copy them to a temp share on the new server.
Create your users using ADMT. (which you'll need for exchange mailboxes anyways)
Set their profile path to \\server\%username%$
Log them in, and let it create their new profile, then log them off.
then copy their favourites, my docs etc over the top of the new ones , only thing you dont want to copy is the ntuser.dat
this will "migrate" their favourites, my docs, desktop, and shortcuts. etc
LVL 13

Assisted Solution

seb_acker earned 125 total points
ID: 12250035
It's difficulet ot give the best advice in your case, but i can confirm something

If you choose to migrate your domain to another, you can use ADMT tool to migrate uses, profiles, computers, and each other security ressource, if you Have your AD domain in native mode, because you can choose to keep the SID History of the objects. SO you yon't have any access problem, and you won't have to recreate all access rights on each objects.

So no problem , you won't loose your local profiles.

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

This may not be a text book method to resolve VSS backup issues but it seemed to have worked on few of the Windows 2003 servers we had issues while performing a Volume Shadow Copy backup. If you have issues while performing a shadow copy backup usin…
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
This video discusses moving either the default database or any database to a new volume.
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now