Upgrade route of NT to Windows 2003 domain - Need advice

Posted on 2005-03-03
Medium Priority
Last Modified: 2010-04-19

Our current NT domain

10 odd servers
PDC – Which runs DHCP / WINS / DNS
1 Server – Exchange 5.5
Domain name  - AB_CDEFGH   (note has an underscore)
Clients – Mixture of Windows 98 / 2000 / XP – 80 odd

I’ve recently purchased 2 new servers that will run Windows 2003, what route would you advice would be the simplest to upgrade the network from NT to Windows 2003, considering the following factors that I would like to  implement?

1)      I would like to rename the old NT domain from AB_CDEFGH to mycity.mycompany.com

2)      I need to keep some of the old NT boxes for file storage and retrieval (Users have different access, share rights)

3)      A majority of my users have laptops running windows 98 and I won’t have physical access to their machines (they are in a different county, they still need to  log on after upgrade)

4)      After the upgrade of the domain, Exchange will also be upgraded after a month or so to 2003

I’m working as a one man team and would like to keep disruption to users at a minimal and reduce admin overhead where possible.

Thanks for your time & advice

Question by:BHEIRE
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4

Expert Comment

ID: 13485247
(1) Build a new Windows 2003 domain mycity.mycompany.com (DNS also)
(2) Intergrate the existing WINS to the new DNS
(3) Change the DHCP scope so that all clients point to the new DNS
(4) Setup a two way trust between the two domains
(5) Migarte the users ,SID , passwords, computers using ADMT
(6)After all the users are complete migarte the servers
(7) While migartion thru ADMT u need not be physically present , however the client machines need to be connected to the network.

Pls let me know if the above suggestion helps.

Author Comment

ID: 13485795
Thanks for the info, could you just confirm

 1) After migration how will remote users on the old domain logon to the new domain? I can't get physicall access to these machines (Micture of XP, 2000 and 98).

2) Migrate servers  - Is this ok for the NT 4 Exchange 5.5 box? Will this still work?


Expert Comment

ID: 13487896
Hi!! Ok by remote i assumed that were at a remote location but connected to your network. but by your doubt i understand that they are connected to your network via broadband or dialup or something like that. If your clients are at a remote location BUT connected to your network then ADMT will install the agent for you & change the domain , do the security translation etc. You needt to visit the ADMT website for more info.

You can change the domain of the Exchange Server (of course u need to migarte the service account first). Also you will have to take care while implemenation of your group polcies & the exchange to NT account mapping will have to be changed manually.You can then upgarde exchange to the newer verison whenever required.

Pls let me know if this info was of any help.

Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.


Author Comment

ID: 13494632

Thanks for the quick and detailed response, could you just confirm your statement above, my remote users either dial-in or use VPN to connect to the network when required (times vary). How could I ensure they can still log on?


Expert Comment

ID: 13494789
Hi !! I had faced the same problem during my migartion. I would not recommend you to do the domain change for the laptops remotely i.e. thru broadband etc. what i can suggest it schedule your migration & send out he schedule to your remote users so they are aware in advance & can come to office & connect to teh network.
There is also one more way which I havent done but read a lot about i.e.
(1) install NT 4.0 as a BDC on the new server.
(2) Remove the PDC of the network.
(3) Promote the newly created BDC (new server) to PDC
(4) Do a inplace upgrade to Windows 2003 on the server
(5) Change the domain name


But u will also have to consider you DNS structure also.
Also if u r doign a inplace upgrade then u really cant streamline your domain what i mean is the migartion can be a ideal time to clean your domain (eg. used ids, etc etc.)

Let me knwo what you have decided finally & if this input was of any help to u.

Author Comment

ID: 13494871

Thanks again for a fast response!

Problem i've got is that the remote users are all over the place and they hardly come to the office (some are in a different country).

What if I left the old domain running as a trusted domain with the new one until everyone has moved over (after doing migration using ADMT)? Do you see any problems with this? If I did this, could the users still access email if it's been moved over to the new domain?

Thanks again for all your input, much appreciated.


Accepted Solution

SunshineVK earned 2000 total points
ID: 13494928
That should be OK . The last part of the migartion that  is the domain decommission (Bye Bye to NT 4 domain) can be left till all the user, computers, svrs are a part of the new AD.
That will just be a little overhead as you will have administer both the W2K3 & NT4 domains but that will not be a problem.
My current setup is exactly the same scnerio bcos we have finished most of the user , computer & svr migartion but are awating the migartion of a few untarceable users , svrs etc. But there is a trust between the Domains due to which everythign is working fine. Since you are not goign to decommission your old domain ( i guess thats where your exchange is), ppl will b able to acess their emails.
Just ensure that while setting some group policies you take care of a few specific ones & also while migarting File Servers etc just remeber that the for inbuilt groups e.g. Doamin Users & Domain Admins you may have to use subinacl to ensure that file secuirty permissions are workign fine.

You can also look at some tools e.g. Ideal Migartion, Windows Group Amin.
Let me know if my suggestion was of any help.

Author Comment

ID: 13495511
OK hopefully it should be a smooth ride here onwards, you've answered all the questions and it sounds logical! Thanks again for your time and effort!


Expert Comment

ID: 13495533
Always welcome. Let me know if u get stuck up somewhere bcos looking at your scnerio it looks like exactly the same which I have gone through. Will always be glad to be of help.
Best Of Luck!!

Featured Post

On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

by Batuhan Cetin In this article I will be guiding through the process of removing a failed DC metadata from Active Directory (hereafter, AD) using the ntdsutil tool in a Windows Server 2003 environment. These steps are not necessary in a Win…
I've always wanted to allow a user to have a printer no matter where they login. The steps below will show you how to achieve just that. In this Article I'll show how to deploy printers automatically with group policy and then using security fil…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…
Suggested Courses

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question