migrating from NT 4 to Server 2003


I've been trawling through the reams of information on the web about migrating from NT4 to server 2003 and none of it has been able to answer one of my concerns.
We're a smallish company with about 75 employees, but we have 5 branches scattered about the state.  At the moment we have one PDC in the head office along with 3 BDC's, and a BDC at each of the branch offices.
Because of the scattered nature of the offices, I can't upgrade all the servers at the same time and need to be able to stagger the upgrading of the servers starting with the head office.
My plan is to upgrade the PDC first, but I'm concerned that once the PDC is running Server 2003 and Active Directory, I won't be able to make it talk to the other servers.  This would be a major problem because the PDC is currently running DHCP and DNS and is, well, the PDC, it not talking to the rest of the network would be bad.
Is there any way to run a combination Server 2003/NT4 network, or should I approach this in a different way?

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

No, in general terms you're OK.

Upgrading an NT4.0 PDC to Server 2003 is fine, it will take the PDC Emulator role, allowing the remaining NT4 BDC's to function as normal. You will not be able to promote them to PDC, though as the role will be taken permanently off the NT4 servers.

Once you have more than one 2003 DC (Note there are no actual PDC or BDC in Active Directory - just a single "PDC Emulator" for compatability) you can transfer the PDC emulator role as need be.

You would also need to assign the Global Catalog roles to the remote servers once upgraded to ensure logon requests are processed locally.

One thing you might consider is this: Install a new BDC, promote to PDC, Upgrade to 2003. REBUILD each BDC as needed as a new 2003 DC, then when all nt4.0 machines are switched off, you can demote the upgraded machine, then remove it from the domain. Happy to give more info, but we'll leave it at concept stage for now...

There are some great links in this transcript: http://www.microsoft.com/technet/community/chats/trans/windowsnet/wnet0414.mspx

Lee W, MVPTechnology and Business Process AdvisorCommented:
I generally agree with harleyjd, but to give another version of his explanation and add a little:

The correct procedure for upgrading a domain is to upgrade the PDC first.  It is also HIGHLY recommended that you, immediately prior to upgrading, pull the plug on ONE BDC and keep it in reserve JUST IN CASE.  I've never seen a need to, but IF you had to restore the domain, you could then use this BDC (Promoting it to PDC).

Harley referenced the PDC Emulator - there are also 4 other Operations Master roles you should familiarize yourself with.  (Here's an MS article on viewing and transferring them, with a little description of each: http://support.microsoft.com/default.aspx?kbid=324801&product=winsvr2003)

As Harley states, strictly speaking there is no BDC or PDC roles - everything is a DC and will replicate their directory information to one another.  Honestly, I'm not sure if it's better to split these roles among several servers or have one that acts as THE FSMO roles.

I agree with the concept of rebuilding the DCs if you can.

In addition, note that you will be running in "MIXED MODE" - which means the Active Directory DCs will replicate changes to the NT4 BDCs.  In addition a few Active Directory features won't be available, such as Universal Groups.  When you upgrade to NATIVE mode, Universal groups will become available, but NT4 BDCs will no longer get directory information.  Also - the move from MIXED MODE to NATIVE MODE (2000 or 2003) are one way moves.  Once you move to NATIVE, you CANNOT go back.

Lastly, DNS is your BEST friend and WORST enemy.  Name resolution issues, authentication issues, etc., are probably 90% of the time related to DNS problems.  I would ALMOST suggest the most important aspect of Active Directory to study is how Active Directory uses DNS.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.