[VERY URGENT] Domain Rename Question

We have an NT PDC.

Can I rename the domain on that from <companydomain> to <tempcompanydomain>.

I will then create a new domain on thw Windows 2003 machine called <companydomain> and use the ADMTv2 migration tool to move the user accounts accross.

ADMTv2 requires different domains for the migration. Also our 2003 server is running in 2000 native mode.

I need 2 or 3 expert opinions on this urgently! =) thanks


----
If I manage to get this setup correctly and working, I will send you £5 via paypal for a couple pints on me. ;-)
LVL 5
georgecooldudeAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Chris DentPowerShell DeveloperCommented:

It's a fun little process, but I've never done it personally so I can't confirm that it works:

http://www.burgettsys.com/stories/56485/

That contains a copy of an old MS Article.
0
georgecooldudeAuthor Commented:
But you think it is possible?

It is vital that the older client machines dont need a domain change now. I've been told we cannot visit each machine.

I dont know why i didnt think of migrating this way before ... :(



0
georgecooldudeAuthor Commented:
also is it just a case of changing the domain or am i going to have to play with the registry and stuff. I've really got to get this sorted today! eek!
0
Cloud Class® Course: Microsoft Exchange Server

The MCTS: Microsoft Exchange Server 2010 certification validates your skills in supporting the maintenance and administration of the Exchange servers in an enterprise environment. Learn everything you need to know with this course.

Chris DentPowerShell DeveloperCommented:

The method above basically requires that you visit each machine on the domain to change the domain name. And that each machine is switched off for the duration of the name change.

To be honest, the requirement that clients can't be visited is likely to cause far more problems than anything else. I can appreciate the need for as little disruption as possible, but really it looks to be creating far more problems than is possible to solve.
0
georgecooldudeAuthor Commented:
yes, i would prefer to visit clients but i've been told this is not possible...

I have changed the domain on the NT to <companyname2>

I am creating a new domain on the new server called <companyname>

I will now create a trust and use the ADMTv2 tool to move everything.


Then hopefully we can switch the servers over with little disruption. I dunno how well this will work but it will prove a point if the domain is the same and the computername is the same and if nothing works then we do need to take a visit to each machine. I really hope this works...

I'll update soon
0
georgecooldudeAuthor Commented:
ah crud.

I uninstalled my AD and DNS and did a reboot. Stupid thing loads up to the windows 2003 boot screen bit and then the screen goes black...

Any quick ideas or is it format time again? Do'h!
0
Chris DentPowerShell DeveloperCommented:

Safe mode or last known good?
0
georgecooldudeAuthor Commented:
phewww! Found the problem to that one. Had my USB stick connected to it and it was stopping it boot. I know that for the future. I was really panicking! lol
0
georgecooldudeAuthor Commented:
Any ideas what "access denied eror code 5" means.

I get this when i try and run the trust migration tool on the windows 2003 machine.

I've forgot if i need to adjust the nt settings aswell
0
georgecooldudeAuthor Commented:
ok ok, ive fixed that. did a trust via the command line using the following. (just leaving here for future users)

netdom trust nt4dom /D:win2kdom.com /UserO:ntAdmin /PasswordO:ntpassword /UserD:win2kadmin /PasswordD:win2kpassword /Add /Twoway

Type NETDOM help trust or just NETDOM /? for more info.


----

Right O!.

I'm going to try migrate stuff now, just got prblems with the dam passwords
0
georgecooldudeAuthor Commented:
Chris,

Will my 95, 98, ME and NT machines still be able to connect to a windows 2000 native mode?

They are all clients. None are servers
0
Chris DentPowerShell DeveloperCommented:

Yes, the switch to Native Mode only removes the ability of NT4 servers to authenticate users (aka NT4 BDCs).
0
georgecooldudeAuthor Commented:
ok, I am trying to migrate and I am unable to move my SIDs.

It is saying "Could no verify auditing and TcpipClientSupport on domains. Will not be able to migrate SID's. Access is denied."

Any ideas on the above? I had to create the TcpipClientSupport registry key on my NT domain but it didnt say I had to on the 2003 one... I've created the key on the 2003 server but still no luck. Perhaps you know?
0
Chris DentPowerShell DeveloperCommented:

Sorry, I haven't seen that one before so I can't help with it.
0
Chris DentPowerShell DeveloperCommented:
0
georgecooldudeAuthor Commented:
It could be to do with my trust I setup. I had problems with it. I will have to investiage. Thanks for the link i will work through the problems
0
georgecooldudeAuthor Commented:
I think i may have to disable the SID filtering.


As my trust isnt fully setup i suspect it doesnt let me move the sids as its a secutiry risk. If I disable that and then re-enable at a later date everything should be fine.
For furture referrence i am using this command:
-----------------
The related command to disable SID filtering is:

    netdom trust RESDOM /D:ACCDOM /UD:ACCDOM\Administrator /PD:adminpwd /UO:RESDOM\Administrator /PO:"" /filtersids:no

To verify the SID filtering settings on a domain, use this command:

    netdom trust RESDOM /D:ACCDOM /UD:ACCDOM\Administrator /PD: adminpwd /UO:RESDOM\Administrator /PO:"" /filtersids

-----------------

I'll update in a few moments
0
georgecooldudeAuthor Commented:
well that command I posted i aload of rubbish. It just gives me synatx error :'(

Do you know the correct command format?
0
Chris DentPowerShell DeveloperCommented:

Those RESDOM and ACCDOM entries are the domain names you're dealing with.

In this instance I think RESDOM is the NT 4 domain, and ACCDOM is the 2000 Domain.

Can't say I know if that command will help you though ;)
0
georgecooldudeAuthor Commented:
oops. no RESDOM and ACCDOM were what were filled in from the article i copy and pasted from.

in this article.
http://www.jsiinc.com/SUBI/tip4400/rh4432.htm


Maybe I am stupid but could you translate it for me?

NET DOM <ntdomain> /... <2k3domain> <2k3pass> <2k3admin> etc. I seem to be following those instructions wrong. =(
0
Chris DentPowerShell DeveloperCommented:

This article is more complete:

http://support.microsoft.com/kb/q289243/

And it looks like the command should be:

netdom trust <NT4 Domain> /D:<2003 Domain> /UD:<2003 Domain>\Administrator /PD:adminpwd /UO:<NT4 Domain>\Administrator /PO:adminpwd /filtersids:no

But then the article only applies to Windows 2000 Server, so it might not be what's causing the problem.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.